Results 1 to 5 of 5

Thread: ping/mtr/traceroute as non root for monitoring usage

Threaded View

  1. #1
    Join Date
    Oct 2013
    Beans
    10

    Question ping/mtr/traceroute as non root for monitoring usage

    Hello,

    I wanted to have a user for monitoring routings. I am using iptables mangle for this, for example for a proxy I use it this way (tcp instead of icmp):

    iptables -t mangle -N TUNMARK
    iptables -t mangle -A TUNMARK -j MARK --set-mark 2
    iptables -t mangle -A TUNMARK -j CONNMARK --save-mark
    iptables -t mangle -N RESTOREMARK
    iptables -t mangle -A RESTOREMARK -j CONNMARK --restore-mark
    iptables -t mangle -A OUTPUT -p icmp -m state --state NEW -m owner --uid-owner 1001 -j TUNMARK
    iptables -t mangle -A OUTPUT -p icmp -m state --state ESTABLISHED,RELATED -m owner --uid-owner 1001 -j RESTOREMARK

    Where 1001 is the uid of that user running the proxy (or in this case screen as non root, or logged in as non root).

    The problem is, I cant use ping, mtr, traceroute and so on because they seem to need root, because of how they work (read it somewhere else already). They seem to need raw socket access or something like this, which just root can provide.

    So I got the idea of using
    --pid-owner instead, but it seems not be supported anymore? I read about it here: http://ubuntuforums.org/archive/inde...t-1591433.html

    So what do I do now? Is there any way in getting what I want to do? Is there maybe a better way and I am thinking it wrong? All I want is to use some monitoring tools like ping, traceroute, mtr, and they should be forced to go through the right gateway/vpn.
    Last edited by zyHEpEJ; October 1st, 2013 at 09:47 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •