Make application use specific network interface

Question

I have an openvpn connection and I need it to work only for one application, this app uses an specific local port. I used route-nopull on my openvpn config file and then:

ip route add default via {P-t-P-IP} dev tun0 table 10;
ip rule add from {tun0-inet addres} table 10;

Using curl to test I tried.

curl http://icanhazip.com;
curl --interface tun0 http://icanhazip.com;

The first one gives my normal ip, the second one the openvpn connection ip, so that seems to work well.

Now I am having problems making a specific app use the tun0 interface. The app uses the local port 1033 to make some web requests. I tried these iptables rules (one at a time) i found googling:

iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1033 -j DROP
iptables -A OUTPUT -o tun0 -p tcp -m tcp --sport 1033 -j ACCEPT

iptables -A PREROUTING -p tcp --sport 1033 -i tun0

iptables -A PREROUTING -i tun0 -p tcp -m tcp --sport 1033

iptables -A PREROUTING -i tun0 -t mangle -p tcp --sport 1033 -j MARK --set-mark 1

Then I ran this test:

curl --local-port 1033 http://icanhazip.com

But I get my normal eth0 ip, not the openvpn connection ip.

If I try these rules (have also set ipv4_forward to 1):

iptables -t nat -A POSTROUTING -p tcp --sport 1033 -j SNAT --to-source 10.10.10.2;
iptables -t nat -A POSTROUTING -p udp --sport 1033 -j SNAT --to-source 10.10.10.2;

10.10.10.2 is my tun0 interface ip (the one openvpn uses), then the curl command times out.

How can I make all traffic that from local port 1033 go through the tun0 interface?

Answer 1

You can use linux network namespace for that I think you can add tun interface to a different namespace and run your app in that namespace. here is some example how to use this.