-
-
Save apache2046/e6fa141c459d2cbfa7424f0ebc52a3d7 to your computer and use it in GitHub Desktop.
Use separate gateway based on iptables owner (UID)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# (In this case) default gateway is 192.168.1.3, alternate is 192.168.1.1. | |
# Usually default is either .1 or .254 - pay attention. | |
# If anything involving CDNs is involved, use https://github.com/hadess/resolvconf-override . | |
# Add new routing table, which uses alternate gateway by default | |
echo 100 altgateway >> /etc/iproute2/rt_tables | |
# Mark traffic sourced from UID as needing to go via other gateway (4 is arbitrary) | |
iptables -t mangle -A OUTPUT -m owner --uid-owner alt_gateway_user -j MARK --set-mark 4 | |
# Use altgateway table for marked traffic (4 is arbitrary) | |
ip rule add fwmark 4 table altgateway | |
# altgateway table routes | |
ip -4 r a default via 192.168.1.1 dev br0 table altgateway | |
ip -4 r a 192.168.1.0/24 dev br0 table altgateway | |
# https://tools.ietf.org/html/rfc1166 | |
whoami | |
traceroute -n -m 1 192.0.2.0 | |
echo "alt_gateway_user" | |
su - alt_gateway_user -s "/bin/bash" -c "traceroute -n -m 1 192.0.2.0" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment