Hello,
I wanted to have a user for monitoring routings. I am using iptables mangle for this, for example for a proxy I use it this way (tcp instead of icmp):
iptables -t mangle -N TUNMARK
iptables -t mangle -A TUNMARK -j MARK --set-mark 2
iptables -t mangle -A TUNMARK -j CONNMARK --save-mark
iptables -t mangle -N RESTOREMARK
iptables -t mangle -A RESTOREMARK -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -p icmp -m state --state NEW -m owner --uid-owner 1001 -j TUNMARK
iptables -t mangle -A OUTPUT -p icmp -m state --state ESTABLISHED,RELATED -m owner --uid-owner 1001 -j RESTOREMARK
Where 1001 is the uid of that user running the proxy (or in this case screen as non root, or logged in as non root).
The problem is, I cant use ping, mtr, traceroute and so on because they seem to need root, because of how they work (read it somewhere else already). They seem to need raw socket access or something like this, which just root can provide.
So I got the idea of using --pid-owner instead, but it seems not be supported anymore? I read about it here: http://ubuntuforums.org/archive/inde...t-1591433.html
So what do I do now? Is there any way in getting what I want to do? Is there maybe a better way and I am thinking it wrong? All I want is to use some monitoring tools like ping, traceroute, mtr, and they should be forced to go through the right gateway/vpn.
Bookmarks