> On 02 Sep 2015, at 09:10, Daniel Wagner <[email protected]> wrote: > > On 08/25/2015 04:39 PM, Gianfranco Casanova wrote: >> Hi Daniel >> >> I try to understand better the mechanism of Routing and Source Address >> Selection. >> >> Taking the example I posted, the steps are (what we are doing in Connman): >> >> Create a "wifi" user >> 1. adduser wifi >> >> Mark packets coming from the wifi user >> 2. iptables -t mangle -A OUTPUT -m owner --uid-owner wifi -j MARK >> --set-mark 42 >> >> Apply the Wi-Fi IP address on them >> 3. iptables -t nat -A POSTROUTING -o ath0 -m mark --mark 42 -j SNAT >> --to-source 10.1.2.3 >> >> Route marked packets via Wi-Fi >> 4. ip rule add fwmark 42 table 42 >> 5. ip route add default via 10.0.0.1 dev ath0 table 42 >> >> Except for point 2. I see this (point 2) as the only way to have the >> marked packets with the WiFi address as Source! > > That is correct and that is what ConnMan is doing (if no bug prevents it)
There is a difference respect what we were discussing i.e.: -m mark --mark 42 is also in the point 3. > >> Otherwise I do >> understand what packages the NAT table rules are modifying (in our case >> we'd have two rules for NAT depending on UID). >> >> Reading the http://linux-ip.net/html/routing-selection.html as well as >> the http://linux-ip.net/html/routing-saddr-selection.html it looks to me >> that we can work on "ip route add default via <IP> src" that can really >> specify better the Source address (in this case I'd say that even the >> NAT is useless). > > I don't understand what you are saying here. > > Thanks, > Daniel In the post aforementioned to enforce the SRC, this is added via the command "ip route add default via <IP> src”. With this command seems to me we can avoid to change it by NAT table after. But please, correct me if I’m wrong. Cheers GIanfranco P.S.: added conman mail list. _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
