Answer the question
In order to leave comments, you need to log in
N
N
nallion2015-10-16 02:53:36
nallion, 2015-10-16 02:53:36
Iproute2, five external IPs, LARTC, why doesn't it work?
The task is such
There is an external server, 5 external (White) IPs are connected to it. It is
necessary to raise 5 socks on it, on different ports, each socks must look through its external IP. A sort of proxy router :)
What we have:
ifconfig:
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1239 errors:0 dropped:0 overruns:0 frame:0
TX packets:1141 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:92654 (90.4 KiB) TX bytes:122191 (119.3 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:93.170.123.191 P-t-P:93.170.123.191 Bcast:93.170.123.191 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:93.170.123.201 P-t-P:93.170.123.201 Bcast:93.170.123.201 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:93.170.123.208 P-t-P:93.170.123.208 Bcast:93.170.123.208 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:3 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:93.170.123.212 P-t-P:93.170.123.212 Bcast:93.170.123.212 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
venet0:4 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:93.170.123.213 P-t-P:93.170.123.213 Bcast:93.170.123.213 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1Created 5 users in the system with UID 1000,1001,1002,1003,1004 (1,2,3,4,5)
And I'm trying to assign different gateways for them
/etc/rc.local
/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner 1000 -j MARK --set-mark 1
/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner 1001 -j MARK --set-mark 2
/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner 1002 -j MARK --set-mark 3
/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner 1003 -j MARK --set-mark 4
/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner 1004 -j MARK --set-mark 5
/bin/ip rule add fwmark 1 table P1
/bin/ip rule add fwmark 2 table P2
/bin/ip rule add fwmark 3 table P3
/bin/ip rule add fwmark 4 table P4
/bin/ip rule add fwmark 5 table P5
/bin/ip route add default via 93.170.123.191 dev venet0:0 table P1
/bin/ip route add default via 93.170.123.201 dev venet0:1 table P2
/bin/ip route add default via 93.170.123.208 dev venet0:2 table P3
/bin/ip route add default via 93.170.123.212 dev venet0:3 table P4
/bin/ip route add default via 93.170.123.213 dev venet0:4 table P5after which I do su 4
[email protected]:/root$ curl -s http://whatismijnip.nl |cut -d " " -f 5
93.170.123.191and no matter what user logged in (via su) 1-5, under all this one IP
, what's wrong with me?
Diagnostics:
[email protected]:~# iptables -L -t mangle
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere owner UID match 1 MARK set 0x1
MARK all -- anywhere anywhere owner UID match 2 MARK set 0x2
MARK all -- anywhere anywhere owner UID match 3 MARK set 0x3
MARK all -- anywhere anywhere owner UID match 4 MARK set 0x4
MARK all -- anywhere anywhere owner UID match 5 MARK set 0x5[email protected]:~# ip rule list
0: from all lookup local
32761: from all fwmark 0x5 lookup P5
32762: from all fwmark 0x4 lookup P4
32763: from all fwmark 0x3 lookup P3
32764: from all fwmark 0x2 lookup P2
32765: from all fwmark 0x1 lookup P1
32766: from all lookup main
32767: from all lookup default[email protected]:~# ip route list table P1
default via 93.170.123.191 dev venet0
[email protected]:~# ip route list table P2
default via 93.170.123.201 dev venet0
[email protected]:~# ip route list table P3
default via 93.170.123.208 dev venet0
[email protected]:~# ip route list table P4
default via 93.170.123.212 dev venet0
[email protected]:~# ip route list table P5
default via 93.170.123.213 dev venet0[email protected]:~# route add whatismijnip.nl gw 93.170.123.212
[email protected]:~# curl -s http://whatismijnip.nl |cut -d " " -f 5
93.170.123.212and so it works!
in general it is strange that when I do su on the user, I have something loaded without reverse nat'a under it!
it feels like iptables mark+iproute is not working
1 answer(s)
@martin74ua
R
Ruslan Fedoseev, 2015-10-16 @martin74ua
default via gw_ip src 93.170.123.191
write this in the tables
Similar questions
X
D
S
Skyrunner ™ @Skyrunner2020-05-22 10:00:45
Can't connect to local MySQL server through socket?
1Reply
D
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question