LinuxQuestions.org - Choose route path by user id

Hi,

There are two users (user1,user2) on my system, and too interfaces (eth0,wlan0). I want to forward traffic generated by user1 to eth0 and user2 to wlan0.

wlan0 is 10.50.50.14/24 with gateway at 10.50.50.1 and eth0 192.168.1.11/24 with gateway at 192.168.1.1.

So I need user1 to use gateway 192.168.1.1 and user2 10.50.50.1.

First thing I've done is marking outgoing packets from user2 with iptables MARK target like this:

Code:

# iptables -t mangle -A OUTPUT -m owner --uid-owner user2 -j MARK --set-mark 1

Then I've created route policy like this:

Code:

# ip rule add fwmark 1 lookup gwroute

This is how gwroute table looks like:

Code:

10.5.50.0/24 dev wlan0  scope link  src 10.5.50.14

default via 10.5.50.1 dev wlan0

and this how main route table looks like:

Code:

192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.11  metric 202 

10.5.50.0/24 dev wlan0  proto kernel  scope link  src 10.5.50.14  metric 303 

127.0.0.0/8 dev lo  scope link 

default via 192.168.1.1 dev eth0  metric 202

Now when I send something from user2, gateway 10.50.50.1 is used, but IP source address field is set to 192.168.1.11. I figured out I have to change source address of outgoing packets so I've created SNAT (or masquerade would be more flexible probably).

Code:

iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to 10.50.50.14

Now everything works. My question is: Why do I need to rewrite source address? There is a "src entry" in main and gwroute table about setting source address to 10.5.50.14 when 10.5.50.0/24 is destination.

Thanks!