0 
aprogram -> eth1 -> internet A
bprogram -> eth2 -> internet B
aprogram -> eth2 -> internet B
etc.

program (e.g. python script, curl) network communication route to specified interface by custom mechanism.

How can I solve this under linux (debian or ubuntu).

Improve this question
2

1 Answer 1

Reset to default
0

You can use policy routing together with owner match (iptables) or skuid/skgid (nftables), and run those programs under different users.

  1. Add different nexthops to different tables:
ip route add default via 192.0.2.1 table 101
ip route add default via 192.0.2.2 table 102
ip route add default via 192.0.2.3 table 103
  1. Add rules to use them based on firewall mark:
ip rule add fwmark 1 lookup 101
ip rule add fwmark 2 lookup 102
ip rule add fwmark 3 lookup 103
  1. Add firewall rules to assign those marks to packets based on socket owner:
nft add rule filter output meta skuid 1001 mark set 1
nft add rule filter output meta skuid 1002 mark set 2
nft add rule filter output meta skuid 1003 mark set 3

or

iptables -A OUTPUT -m owner --uid-owner 1001 -j MARK --set-mark 1
iptables -A OUTPUT -m owner --uid-owner 1002 -j MARK --set-mark 2
iptables -A OUTPUT -m owner --uid-owner 1003 -j MARK --set-mark 3

Now, programs which are run under UID 1001 will be routed through 192.0.2.1, and so on.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .