LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page UID based routing doesn't work
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-26-2013, 10:53 PM   #1
eranga
LQ Newbie
 
Registered: Jun 2006
Posts: 1

Rep: Reputation: 0
UID based routing doesn't work

I have an Ubuntu 12.04 LTS server with two NICs. They are connected to different networks.

Code:
# ip route list table main
default via 192.168.1.254 dev eth0 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.30 
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.30
I created another table for the other network (VPN)

Code:
# ip route list table VPN
default via 192.168.2.1 dev eth1 
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.30
Then configured iptables to mark the packets from UID 108.

Code:
#iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1
#iptables-save > /etc/iptables.up.rules
#iptables-restore < /etc/iptables.up.rules
#iptables -t mangle -nvL OUTPUT
Chain OUTPUT (policy ACCEPT 18544 packets, 3026K bytes)
pkts bytes target prot opt in  out  source   destination         
17139 2734K MARK  all  --  *  *   0.0.0.0/0  0.0.0.0/0   owner UID match 108 MARK set 0x1
Finally created a rule as below.

Code:
#ip rule add fwmark 1 pri 201 table VPN
#ip rule list
0:  from all lookup local 
201:    from all fwmark 0x1 lookup VPN 
32766:  from all lookup main 
32767:  from all lookup default
But the packets from UID 108 still go through eth0! Why?

Code:
$tracepath -n google.com
1:  192.168.1.30                                          0.088ms pmtu 1500
1:  192.168.1.1                                           0.623ms 
1:  192.168.1.1                                           0.560ms 
2:  192.168.1.1                                           0.362ms pmtu 1400
Please help.
Last edited by eranga; 05-27-2013 at 04:20 AM.
 
Old 05-28-2013, 08:05 AM   #2
Ygrex
Member
 
Registered: Nov 2004
Location: Russia (St.Petersburg)
Distribution: Debian
Posts: 666

Rep: Reputation: 68
first of all it should work:
Code:
$ iptables -t mangle -A OUTPUT -m owner --uid-owner 33 -j MARK --set-mark 1
$ echo '8 www-data' >>/etc/iproute2/rt_tables
$ ip rule add fwmark 1 table www-data
$ ip route add unreachable 173.194.71.138/32 table www-data
$ sudo -u www-data ping -c1 173.194.71.138
PING 173.194.71.138 (173.194.71.138) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
$ ping -c1 173.194.71.138
PING 173.194.71.138 (173.194.71.138) 56(84) bytes of data.
64 bytes from 173.194.71.138: icmp_seq=1 ttl=52 time=5.33 ms
the second, source address is not necessarily modified to 192.168.2.30 when rerouting after mangle/OUTPUT, it is better to set source address explicitly

then, tracepath is not the best utility to trace outgoing interface; can you check it with some sniffer tool?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] 389-ds Host based authentication doesn't work. salverahul Linux - Server 8 07-14-2012 07:45 PM
routing between 2 interfaces doesn't work GSMD Linux - Networking 5 12-15-2008 07:24 PM
Tv card (saa7134 based) recognized, tvtime doesn't work. sloteel Ubuntu 14 07-30-2008 12:34 PM
Restricting access to a port based upon uid? Termina Linux - Security 2 08-20-2006 10:32 AM
uid parameter doesn't work in Samba 3.0.2 valthebald Linux - Software 0 03-21-2004 07:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:39 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration