Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is that about right? Just out of interest, why 55 and why 7?
Yes, that's correct. And the numbers 55 and 7 were chosen at random, they don't mean anything in particular.
Quote:
Originally Posted by NotAComputerGuy
I've followed this guide which gets Deluged to run at the system boot up through /etc/init.d, which works. It has a line in the script which states:
Code:
UMASK=022 # Change this to 0 if running deluged as its own user
From what I understand, this is like "chmod". I don't understand what this has to do with running Deluged as it's own user, as surely it doesn't know who it is going to be run as?
The UMASK variable determines which permission bits to remove relative to 666 (rw-) when creating files, or 777 (rwx) when creating directories.
Deluge (and any other application) will run as the user who starts the executable. If you put a command to run Deluge in an init script, it will run as root (which may not be a very good idea).
There are several ways to run a program as a different user. One is to use the su command:
Code:
su - username -c "command"
Unless you're logged in as root, su will prompt you for the password of the user.
Another way is to change the ownership of the executable (if necessary) and set the SUID bit.
Anyone can now run the program as username simply by starting it. This does not work for scripts, however.
There may be other options as well. Some distributions have a program called runuser which works in a similar way to su. The sudo command makes it possible to have a more fine-grained security policy, as you can control who is allowed to run a given executable as a certain user. Finally, the program itself may have a command line switch or configuration option that causes it to change the user it's running as.
Note that all the commands refer to the username, while the iptables rule refers to the UID. You can use the id command to find the UID of a user.
Ok, so deluged is now running as the user 'deluge' with a UID of 108.
Code:
iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 55
Code:
ip rule add fwmark 55 table 7
Code:
ip route add table 7 0.0.0.0/0 via 192.168.0.1
Thank you for your kind help so far. So I've put those commands in. Is there a way to test it? Also, how should I make these changes permanent as I understand some things reset after a reboot.
Thanks
Last edited by NotAComputerGuy; 08-03-2013 at 11:26 AM.
Reason: Tidied up tags and removed needless words
So I've put those commands in. Is there a way to test it?
You could run the traceroute command as the "deluge" user and verify that the packets are routed through the right gateway.
Code:
su deluge -c "traceroute -n 8.8.8.8"
Quote:
Originally Posted by NotAComputerGuy
Also, how should I make these changes permanent as I understand some things reset after a reboot.
Everything gets reset after a reboot, which is why settings are stored in various configuration files and applied by the init system at startup.
I don't know what would be the right file to put these settings in for your distribution, but most distributions have a file called rc.local which is supposed to be the last script to run during init (unless your distribution uses systemd, in which case all bets are off).
Strange. You don't even get a reply from the next-hop router.
What happens if you trace (using the "regular" traceroute executable) the route to one of the BBC servers that you've manually routed via the other gateway?
Strange. You don't even get a reply from the next-hop router.
What happens if you trace (using the "regular" traceroute executable) the route to one of the BBC servers that you've manually routed via the other gateway?
Code:
traceroute to 212.58.0.0 (212.58.0.0), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.904 ms 0.731 ms 0.516 ms
2 * * *
3 02770788.bb.sky.com (2.120.9.128) 17.454 ms 17.211 ms 17.073 ms
4 te0-6-0-0.er10.thlon.ov.easynet.net (89.200.134.211) 10.549 ms 14.034 ms 13.803 ms
5 * * *
6 195.50.122.138 (195.50.122.138) 10.052 ms 15.001 ms 14.706 ms
7 * * *
8 ln-col-2-uls-2-2.turktelekom.com.tr (212.156.103.9) 62.535 ms 63.641 ms 212.156.103.125.static.turktelekom.com.tr (212.156.103.125) 69.027 ms
9 81.212.221.177.static.turktelekom.com.tr (81.212.221.177) 63.203 ms 68.211 ms 70.477 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
So at the very least there should have been a response from 192.168.0.1. You should check the alternate routing table (ip route list table 7) and the associated IP rule (ip rule list).
Just so that it's clear. You don't have to create a mangle table. netfilter (or iptables, as people usually call it) defines a mangle table on each of the existing chains (input, output, prerouting, forward, postrouting).... I mean, you can name routing table 7 'mangle' if you want to, but it's not directly related to netfilter's mangling table.
As a side question, do most companies and websites have a whole range of IP addresses?
Code:
# Force iPlayer traffic through the local-network
up route add -net 212.58.0.0/16 gw 192.168.0.1
up route add -net 212.62.0.0/16 gw 192.168.0.1
Dragging up an old thread, but how would I achieve this with just a single IP address?
ddclient has the line
Code:
web=myip.dnsomatic.com
At the moment, ddclient sees my VPN address, as my traffic is routed through my VPN. I need to use something like the above to route ddclient's enquiry with myip.dnsomatic.com through my router rather than through my VPN.
Thanks
Last edited by NotAComputerGuy; 04-08-2014 at 01:21 PM.
Reason: For clarification
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.