I've tried to read as much as I can about firewalls and I think iptables can do what I want to do.
I want to ensure that transmission doesn't send traffic out through eth0 and only tun0.
I copied the following from a website which was talking about doing what I want to do:
sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
which works, but now I can't connect in to Transmission.
Also, how can I do similar, but use a program name instead of --uid-owner to ensure that Firefox and other programs don't go over the VPN?