Results 1 to 5 of 5

Thread: ping/mtr/traceroute as non root for monitoring usage

Hybrid View

  1. #1
    Join Date
    Oct 2013
    Beans
    10

    Question ping/mtr/traceroute as non root for monitoring usage

    Hello,

    I wanted to have a user for monitoring routings. I am using iptables mangle for this, for example for a proxy I use it this way (tcp instead of icmp):

    iptables -t mangle -N TUNMARK
    iptables -t mangle -A TUNMARK -j MARK --set-mark 2
    iptables -t mangle -A TUNMARK -j CONNMARK --save-mark
    iptables -t mangle -N RESTOREMARK
    iptables -t mangle -A RESTOREMARK -j CONNMARK --restore-mark
    iptables -t mangle -A OUTPUT -p icmp -m state --state NEW -m owner --uid-owner 1001 -j TUNMARK
    iptables -t mangle -A OUTPUT -p icmp -m state --state ESTABLISHED,RELATED -m owner --uid-owner 1001 -j RESTOREMARK

    Where 1001 is the uid of that user running the proxy (or in this case screen as non root, or logged in as non root).

    The problem is, I cant use ping, mtr, traceroute and so on because they seem to need root, because of how they work (read it somewhere else already). They seem to need raw socket access or something like this, which just root can provide.

    So I got the idea of using
    --pid-owner instead, but it seems not be supported anymore? I read about it here: http://ubuntuforums.org/archive/inde...t-1591433.html

    So what do I do now? Is there any way in getting what I want to do? Is there maybe a better way and I am thinking it wrong? All I want is to use some monitoring tools like ping, traceroute, mtr, and they should be forced to go through the right gateway/vpn.
    Last edited by zyHEpEJ; October 1st, 2013 at 09:47 PM.

  2. #2
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: ping/mtr/traceroute as non root for monitoring usage

    All users can run ping and traceroute. If you want to force ping to use a particular interface, use the -I switch like this:

    Code:
    $ ping -I eth1 10.10.10.10
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Oct 2013
    Beans
    10

    Re: ping/mtr/traceroute as non root for monitoring usage

    Quote Originally Posted by SeijiSensei View Post
    All users can run ping and traceroute.
    But just because it is running always as root. It doesnt helpt me of what I want to do, forcing the traffic of these programs through a specific mangle option.

  4. #4
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: ping/mtr/traceroute as non root for monitoring usage

    All I want is to use some monitoring tools like ping, traceroute, mtr, and they should be forced to go through the right gateway/vpn.
    My point is that have them go through the right gateway, you simply need to select the appropriate interface for ping to use. Say, for instance, you have an OpenVPN tunnel using the tun interface. Then to send traffic that way, you would use "ping -I tun0 target".
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  5. #5
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: ping/mtr/traceroute as non root for monitoring usage

    All I want is to use some monitoring tools like ping, traceroute, mtr, and they should be forced to go through the right gateway/vpn.
    My point is that have them go through the right gateway, you simply need to select the appropriate interface for ping to use. Say, for instance, you have an OpenVPN tunnel using the tun interface. Then to send traffic that way, you would use "ping -I tun0 target". Perhaps you have some other need for all that mangling, but you don't need it to ping via a specific connection.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •