I have an Ubuntu 12.04 LTS server with two NICs. They are connected to different networks.
Code:
# ip route list table main
default via 192.168.1.254 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.30
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.30
I created another table for the other network (VPN)
Code:
# ip route list table VPN
default via 192.168.2.1 dev eth1
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.30
Then configured iptables to mark the packets from UID 108.
Code:
#iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1
#iptables-save > /etc/iptables.up.rules
#iptables-restore < /etc/iptables.up.rules
#iptables -t mangle -nvL OUTPUT
Chain OUTPUT (policy ACCEPT 18544 packets, 3026K bytes)
pkts bytes target prot opt in out source destination
17139 2734K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 108 MARK set 0x1
Finally created a rule as below.
Code:
#ip rule add fwmark 1 pri 201 table VPN
#ip rule list
0: from all lookup local
201: from all fwmark 0x1 lookup VPN
32766: from all lookup main
32767: from all lookup default
But the packets from UID 108 still go through eth0! Why?
Code:
$tracepath -n google.com
1: 192.168.1.30 0.088ms pmtu 1500
1: 192.168.1.1 0.623ms
1: 192.168.1.1 0.560ms
2: 192.168.1.1 0.362ms pmtu 1400
Please help.