Well, I got it to work in a mode, where all traffic is going through VPN like
this:
ip route add $IP_VPN_GATEWAY via $IP_LOCAL_GATEWAY dev eth1
ip route del $IP_REMOTE_VPN_ENDPOINT dev ppp0 src $IP_LOCAL_VPN_ENDPOINT
ip route del default via $IP_LOCAL_GATEWAY dev eth1 && ip route add default
via $IP_VPN_GATEWAY dev ppp0
But is not as nice as I would like.
I tried this to achieve my initial goal -- ppp0 for particular user:
echo localIP_VPN = $1
echo remoteIP_VPN = IP_VPN_GATEWAY = $2
echo real interface = $3
ip rule add from all fwmark 1 table net
ip rule add from all fwmark 2 table net-2111
ip route add table net default via $2 dev ppp0
ip route add table net-2111 default via 0.0.0.0 dev $3
ip route del $2 dev ppp0 src $1
ip route flush cache
iptables -t mangle -A OUTPUT -m mark --mark 1 -j ACCEPT
iptables -t mangle -A PREROUTING -m mark --mark 2 -j ACCEPT
iptables -t mangle -A OUTPUT -m mark ! --mark 1 -m owner --uid-owner
articles -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -d $1 -m mark ! --mark 2 -j
MARK --set-mark 2
iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $1
But that just didn't worked somehow. Please take a closer look at previous
commands and give some advices about if that is what I should do...
As you see, I have two tables, so I hope to "take out" outgoing from user
through ppp0 and forward replies back to eth1, which, I believe is listened
to, when is default in route main table.
Jan
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
