From: Ignatich <ignatich@gmail.com>
To: netfilter@lists.netfilter.org
Subject: owner based routing
Date: Tue, 11 Oct 2005 17:57:04 +0400 [thread overview]
Message-ID: <379640488.20051011175704@gmail.com> (raw)
Hello,
I have a following problem. My goal is to allow traffic originating
from specific user/group to be routed via different gateway.
Here's my setup:
eth0 - default internet interface, ip z.z.z.z
eth1 - LAN, ip y.y.y.y
In LAN I have a hardware ADSL router with ip x.x.x.x.
Since ipt_owner does not work in PREROUTING chain and fwmark is
pointless, I thought that ipt_ROUTE from p-o-m can help me.
Here's what I did:
iptables -t mangle -A OUTPUT -o eth0 -m owner --gid-owner adsl -j
ROUTE --gw x.x.x.x --oif eth1
But it did not work. I belive this happened because matched packets
still had z.z.z.z as their source address.
So i tried that:
iptables -t mangle -A OUTPUT -o eth0 -m owner --gid-owner adsl -j
ROUTE --gw x.x.x.x --oif eth1 --continue
iptables -t nat -A POSTROUTING -o eth1 -m owner --gid-owner adsl -j
SNAT --to-source y.y.y.y
But still no luck. :(
Any ideas how to solve my problem?
--
Ignatich mailto:ignatich@gmail.com
next reply other threads:[~2005-10-11 13:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-11 13:57 Ignatich [this message]
2005-10-11 14:07 ` owner based routing /dev/rob0
2005-10-12 20:57 ` Henrik Nordstrom
-- strict thread matches above, loose matches on Subject: below --
2005-10-11 22:46 Ignatich
2005-10-11 14:25 Ignatich
2005-10-11 14:46 ` /dev/rob0
2005-10-09 20:50 Ignatich
2005-10-10 5:05 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=379640488.20051011175704@gmail.com \
--to=ignatich@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.