I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.

iptables -F

iptables -X

echo 1 > /proc/sys/net/ipv4/ip_forward



/sbin/iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

/sbin/iptables -A FORWARD -i tun1 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

/sbin/iptables -A FORWARD -i eth1 -o tun1 -j ACCEPT



/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -i ! lo -j DROP



/sbin/iptables -I INPUT -p tcp --dport 22 -s 10.0.0.11 -j ACCEPT

/sbin/iptables -I INPUT -p udp --dport 5000 -s 10.0.0.11 -j ACCEPT

/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT



/sbin/iptables -t mangle -A OUTPUT -m owner --uid-owner debian-tor -j MARK --set-xmark 0xa

/sbin/iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0xa -j MASQUERADE



My goal is to do something similar to the mangle on the tor traffic, but for an entire host. Any input would be appreciated.

iproute2 stuff would work fine

add a table /etc/iproute2/rt_tables
10 special

add a route for that table
ip route add default via <ip of gateway> table special

add a rule for your that host

ip rule add from 10.0.0.x table special

then anything from that ip will use the routing information from table special instead of the default route tables

echo "10 special" >> /etc/iproute2/rt_tables
ip route add default via <gateway> table special
ip rule add from 10.0.0.x table special

works perfectly. Thanks.