Created
February 14, 2018 20:21
-
-
Save linuxenko/fa4bb88a2b908376a554a9d7fa544831 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # add group (to be used for iptables matching) | |
| groupadd novpn | |
| # add user to group | |
| adduser yourusername novpn | |
| # set iptables rules (marking packets of novpn group) | |
| iptables -t mangle -A OUTPUT -m owner --gid-owner novpn -j MARK --set-mark 1 | |
| iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE | |
| # add new routing table | |
| echo "1 novpn.out" >> /etc/iproute2/rt_tables | |
| # set new table (with standard interface wlan0 as default) | |
| ip route add default dev wlan0 table novpn.out | |
| # set new rule (matching the packets marked by iptables) | |
| ip rule add fwmark 1 table novpn.out | |
| # unset rp_filter (mandatory!?) | |
| for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $i; done | |
| # start process within the group | |
| sg novpn -c processname |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment