Alex Samad wrote:
On Tue, Jan 15, 2008 at 03:08:55PM -0200, Eduardo M KALINOWSKI wrote:
Alex Samad wrote:
On Tue, Jan 15, 2008 at 08:11:34AM -0200, Eduardo M KALINOWSKI wrote:
Alex Samad wrote:
[snip]
Well, this solution is far more complicated than what I wanted, so I took a
look at iptables' manpage and discovered that matching can be done based on
the UID that is running the process, so the idea is to let requests made by
user 'proxy' through, and redirect all others to the proxy. This accounts
to the two lines
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j
ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
I think there is a caveat it only works on non smp boxes !
Happens to be the case. ;-)
According to the iptables manpage, matching by uid and gid are fine
(well, at least there is no mention that it is not fine), but there are
problems for pid, sid and cmd-name for SMP. (And they require special
kernel support, etc, etc.)
--
if (instr(buf,sys_errlist[errno])) /* you don't see this */
-- Larry Wall in eval.c from the perl source code
Eduardo M KALINOWSKI
[EMAIL PROTECTED]
http://move.to/hpkb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
