iptables question (was Re: Squid question)
David A. Bandel
david
Mon May 17 11:57:21 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 25 Dec 2003 11:03:27 -0500
Tim Wunder <tim at thewunders.org> wrote:
> On Wednesday 24 December 2003 3:09 pm, someone claiming to be David A.
> Bandel wrote:
> > On Wed, 24 Dec 2003 12:31:44 -0500
> > Tim Wunder <tim at thewunders.org> wrote:
> >
> > Tim, let's back up.
> >
> <snip>
> > well, there's a match -m called owner. So we need to see who's
> > running squid: root or squid? If squid, life becomes easier. Also
> > , the only chain we can use -m owner --uid-owner xxx is the OUTPUT
> > chain.
> >
> > So:
> > iptables -t nat -I OUTPUT -o eth0 -m owner --uid-owner ! 101 -p tcp
> > --dport 80 -j REDIRECT --to-ports 3128
> > (in the above rule I assumed the UIDfor squid was 101)
> >
>
> When I tried a variation of this, with --uid-owner !23, I got an
> error:
> # iptables -t nat -I OUTPUT -o eth0 -m owner --uid-owner !23 -p tcp
> # --dport 80
> -j REDIRECT --to-ports 3128
please notice the difference between mine and yours. you need a space
around the !
> iptables -t nat -I OUTPUT -o eth0 -m owner --uid-owner startx -p tcp
> --dport 80 -j REDIRECT --to-ports 3128
> iptables v1.2.8: Bad OWNER UID value `startx'
> Try `iptables -h' or 'iptables --help' for more information.
>
> Note that the '!23' I entered was converted to 'startx'. It looks like
> -m
try again with the space like I showed you.
Ciao,
David A. Bandel
- --
Focus on the dream, not the competition.
Nemesis Racing Team motto
GPG key autoresponder: mailto:david_key at pananix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/6zq8j31PLQNUbV4RAkKgAKCgyp6DZPe+dJtELlJ38eIVcBY8LACfVofB
X5iMjD0pUkUILglFkA+Y8HA=
=LOpR
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list