Re: Разделение трафика
В Вск, 11/11/2007 в 10:54 +0300, Mikhail A Antonov пишет:
> On 10 ноября 2007, Tiurin Alexandr wrote:
> > Доброго времени суток.
> > Комп подключен к провайдеру по 2м тарифам. Т.е. имеется 2 из из одной
> > сети, каждый ип для одного тарифного плана соответственно. Оба ипа висят
> > на одной сетевой карте.
> > Необходимо, что бы конкретные программы выходили в сеть с определенных
> > ипов.
> 1 - можно через vserver или openvz разделить IP
> 2 - как уже писал Артем, по портам расписать правила iptables
# man iptables
...
owner
This module attempts to match various characteristics of the
packet creator, for locally-generated
packets. It is only valid in the OUTPUT chain, and even this
some packets (such as ICMP ping
responses) may have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the
given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the
given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the
given process id.
(Please note: This option requires kernel support that
might not be available in official Linux
kernel sources or Debian's packaged Linux kernel sources.
And if support for this option is
available for the specific Linux kernel source version,
that support might not be enabled in the
current Linux kernel binary.)
--sid-owner sessionid
Matches if the packet was created by a process in the
given session group.
(Please note: This option requires kernel support that
might not be available in official Linux
kernel sources or Debian's packaged Linux kernel
sources. And if support for this option is
available for the specific Linux kernel source version,
that support might not be enabled in the
current Linux kernel binary.)
--cmd-owner name
Matches if the packet was created by a process with the
given command name.
(Please note: This option requires kernel support that
might not be available in official Linux
kernel sources or Debian's packaged Linux kernel sources.
And if support for this option is
available for the specific Linux kernel source version,
that support might not be enabled in the
current Linux kernel binary.)
NOTE: pid, sid and command matching are broken on SMP
...
--
Покотиленко Костик <casper@meteor.dp.ua>
Reply to: