[TriLUG] Sendmail doesn't send mail on first attempt?...
dan at lost-habit.com
Tue Dec 12 16:50:03 EST 2006
Brian Henning wrote:
> iptables doesn't have per-user ability, does it? I thought it only
> examined packet headers, which I didn't think had any info about local
> user in them..
iptables has access to any information the kernel has about the packet,
and can indeed route packets based on user id. For example, to set up a
transparent proxy, I've got the following rule:
$ sudo /sbin/iptables -t nat -L
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere ! OWNER UID
match proxy tcp dpt:www redir ports 3128
Which redirects port 80 to port 3128 for all packets except packets
generated by the proxy user.
> I can't access a shell from that account (which is sensible)
You should be able to with e.g.
sudo su smmsp -s /bin/bash
> I can, however, telnet to strutmasters.net:25 from a
> standard unprivileged account.
cool, does this work? another thing you can do is fire up your favorite
packet sniffer and see what's going out on the wire.
More information about the TriLUG