problem on setting up per user ID based ADSL connection

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I have been searching around and trying for a few days but still can't
get it works. Hopefully the highhand here can give me hints!!

I have 3 adsl connections, 1 is using hardware broadband router to connect and
the other 2 are using my debian linux pc to connect. I hope to setup a
route policy
so that all users except user1 and user2 will use the broadband router
connect (eth0), and user1 will use ppp0 while user2 will use ppp1 to
connect to the internet.
Below are the network interface information and the routing infomation I used:

#ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:20:18:A1:62:E7  
          inet addr:192.168.0.103  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:356114 errors:0 dropped:0 overruns:0 frame:0
          TX packets:356002 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:104135878 (99.3 MiB)  TX bytes:73152840 (69.7 MiB)
          Interrupt:11 Base address:0xd400 

eth1      Link encap:Ethernet  HWaddr 00:50:BF:51:29:FB  
          inet addr:192.168.1.103  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1772 errors:24 dropped:0 overruns:0 frame:0
          TX packets:1321 errors:0 dropped:0 overruns:0 carrier:0
          collisions:2 txqueuelen:1000 
          RX bytes:208048 (203.1 KiB)  TX bytes:79797 (77.9 KiB)
          Interrupt:11 Base address:0xd000 

eth2      Link encap:Ethernet  HWaddr 00:20:18:A1:F5:D1  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8966 errors:2 dropped:0 overruns:0 frame:0
          TX packets:8923 errors:0 dropped:0 overruns:0 carrier:0
          collisions:191 txqueuelen:1000 
          RX bytes:1154555 (1.1 MiB)  TX bytes:1399159 (1.3 MiB)
          Interrupt:10 Base address:0xcc00 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:282686 errors:0 dropped:0 overruns:0 frame:0
          TX packets:282686 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:53033254 (50.5 MiB)  TX bytes:53033254 (50.5 MiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:218.103.195.190  P-t-P:218.102.177.254  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:8066 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:802178 (783.3 KiB)  TX bytes:1043716 (1019.2 KiB)

ppp1      Link encap:Point-to-Point Protocol  
          inet addr:218.103.255.23  P-t-P:218.102.177.254  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:5980 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5956 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:783811 (765.4 KiB)  TX bytes:1069372 (1.0 MiB)


#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
218.102.177.254 0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
218.102.177.254 0.0.0.0         255.255.255.255 UH    0      0        0 ppp1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0


#ip rule show
0:      from all lookup local 
32761:  from all fwmark 0x2 lookup MUD2 
32762:  from all fwmark 0x1 lookup MUD1 
32763:  from 218.103.255.23 lookup NET1 
32764:  from 218.103.195.190 lookup NET0 
32765:  from 10.0.0.10 lookup John 
32766:  from all lookup main 
32767:  from all lookup default 

#ip route list table local
broadcast 192.168.1.0 dev eth1  proto kernel  scope link  src 192.168.1.103 
broadcast 192.168.0.255 dev eth0  proto kernel  scope link  src 192.168.0.103 
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
local 218.103.195.190 dev ppp0  proto kernel  scope host  src 218.103.195.190 
local 192.168.1.103 dev eth1  proto kernel  scope host  src 192.168.1.103 
local 218.103.255.23 dev ppp1  proto kernel  scope host  src 218.103.255.23 
broadcast 192.168.0.0 dev eth0  proto kernel  scope link  src 192.168.0.103 
broadcast 192.168.1.255 dev eth1  proto kernel  scope link  src 192.168.1.103 
local 192.168.0.103 dev eth0  proto kernel  scope host  src 192.168.0.103 
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 


#ip route list table MUD1
default via 218.102.177.254 dev ppp0 

#ip route list table NET1
default via 218.102.177.254 dev ppp1 

#ip route list table NET0
default via 218.102.177.254 dev ppp0

#ip route list table main
218.102.177.254 dev ppp0  proto kernel  scope link  src 218.103.195.190 
218.102.177.254 dev ppp1  proto kernel  scope link  src 218.103.255.23 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.103 
default via 192.168.0.1 dev eth0 

(other tables are empty)

(and I have set the follow 2 lines for my iptables)
iptables -t mangle -A OUTPUT -m owner --uid-owner 1004 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m owner --uid-owner 1005 -j MARK --set-mark 2

(uid 1004 = mud1, uid 1005 = mud2)


After all these settings, I can ssh from outside server to the machine
with "218.103.195.190" and "218.103.255.23".

I can also use root to do following ping:
#ping www.ust.hk
 ping www.ust.hk
PING www.ust.hk (143.89.14.34) 56(84) bytes of data.
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=1 ttl=248 time=19.5 ms
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=2 ttl=248 time=31.1 ms

#ping -I ppp0 www.ust.hk
PING www.ust.hk (143.89.14.34) from 218.103.195.190 ppp0: 56(84) bytes of data.
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=1 ttl=248 time=21.1 ms
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=2 ttl=248 time=23.9 ms
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=3 ttl=248 time=26.3 ms

#ping -I ppp1 www.ust.hk
PING www.ust.hk (143.89.14.34) from 218.103.255.23 ppp1: 56(84) bytes of data.
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=1 ttl=248 time=22.5 ms
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=2 ttl=248 time=24.9 ms
64 bytes from www.ust.hk (143.89.14.34): icmp_seq=3 ttl=248 time=19.0 ms


When I change to user 'mud1', then:

mud1#ping 143.89.14.15
PING 143.89.14.15 (143.89.14.15) 56(84) bytes of data.
64 bytes from 143.89.14.15: icmp_seq=1 ttl=248 time=23.4 ms
64 bytes from 143.89.14.15: icmp_seq=2 ttl=248 time=25.5 ms

However:
mud1#ping www.ust.hk
(no response)
mud1#telnet www.ust.hk 80
(no response)
mud1#ssh -l solarkid uststu1.ust.hk
(no response)

If i unset:
-----------------------------------------------
#ip route list table MUD1
default via 218.102.177.254 dev ppp0 
-----------------------------------------------

then user "mud1" can do everything smoothly, but of course it's using
eth0 interface than ppp0 as I wish to do.


Anything I set wrong or missing???

Thanks aaaaa lot!!~~~


Andrew
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux