Last active
September 6, 2023 00:25
-
-
Save gunkaaa/acf7caca3d529d337c8e649f13012cf8 to your computer and use it in GitHub Desktop.
Use separate gateway based on iptables owner (UID)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# (In this case) default gateway is 192.168.1.3, alternate is 192.168.1.1. | |
# Usually default is either .1 or .254 - pay attention. | |
# If anything involving CDNs is involved, use https://github.com/hadess/resolvconf-override . | |
# Add new routing table, which uses alternate gateway by default | |
echo 100 altgateway >> /etc/iproute2/rt_tables | |
# Mark traffic sourced from UID as needing to go via other gateway (4 is arbitrary) | |
iptables -t mangle -A OUTPUT -m owner --uid-owner alt_gateway_user -j MARK --set-mark 4 | |
# Use altgateway table for marked traffic (4 is arbitrary) | |
ip rule add fwmark 4 table altgateway | |
# altgateway table routes | |
ip -4 r a default via 192.168.1.1 dev br0 table altgateway | |
ip -4 r a 192.168.1.0/24 dev br0 table altgateway | |
# https://tools.ietf.org/html/rfc1166 | |
whoami | |
traceroute -n -m 1 192.0.2.0 | |
echo "alt_gateway_user" | |
su - alt_gateway_user -s "/bin/bash" -c "traceroute -n -m 1 192.0.2.0" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment