On Fri, Oct 15, 2004 at 11:05:41AM +0000, rm@xxxxxxxxxx wrote: > Hi, > > Host A has two interfaces: eth0, tap0. > I want that all locally generated traffic from user 1004 goes through > tap0. > > This is what I did: > > iptables -A OUTPUT -t mangle -m owner --uid-owner 1004 -j MARK --set-mark 2 > echo 202 bigmac.out >> /etc/iproute2/rt_tables > ip rule add fwmark 2 table bigmac.out > ip route add default via 10.0.0.1 dev tap0 table bigmac.out why not change this to ip route add default via 10.0.0.1 dev tap0 table bigmac.out src IPADDRESSofTAP0 > ip route flush cache > > This results in these problems: > - packets from 1004 are send out via tap0 but with source ip of eth0. > (seen in tcpdump -n -i tap0) > - iptables packetfilter rules have to bet set on eth0 and not on tap0. > (if i deny everything on -o eth0 no packet is send out to -o tap0 anymore..) From my understanding the tap packets go over eth0, you still need to allow ipip packets (can check with tcpdump) > > > Ideas? > > > Ralf > rm@xxxxxxxxxx > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
Attachment:
signature.asc
Description: Digital signature
