On Friday, 11 October 2002, at 09:34:38 +0530, Arindam Haldar wrote: > THE SCENARIO: > we are connected to 2 isp, both having their large network.. isp A has > gateway with ofc network while ispB has satellite gateway & hence there > are advantages to take specific routes thru specific isp. > I suppose this box has three network connections, one to the internal network, and one for each Internet connection. So, for the traffic coming from the internal network, this box is a router. > THE RULES DEFINED: > 10: from all lookup main > "ip rule" are checked from lower to higher numbers, so once visited "table local" (prio 0) all your traffic (from all) visits "table main". I suppose "table main" doesn't have a default route of some sort, because that would stop packet routing at that point, turning the rest of "ip rule" useless. > WHAT WE TRIED: > we tried using iptables owner based rules & marked packets( as one can > see in rules above), but it didnt help. > iptables -I OUTPUT -t mangle -m owner --uid-owner <squid> -d 202.0.0.0/8 > -j MARK --set-mark 50 > but packets were not marked as seen by >> iptables -nvL -t mangle > & hence owner based pilicy routing not working > If "iptable -t mangle -L -vn" shows no matches, it can be for two reasons: either destination address doesn't match, or uid-owner doesn't match. I have never used "--match owner" myself, but a quick try here seems to work, at least for a simple network application. Maybe squid runs as user "squid" (or whatever), but netfilter sees them as originating from another user, maybe root, maybe no user at all. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.18-586tsc) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
