Specific routing table for one process

I have multiple VPNs launched at any time that route all of my traffic outside the eyes of my ISP (including default gateway).

Some services however require me to have my ‘belgian’ ip address. The easy solution is of course to stop my VPN but hey, no way!

So here is another solution, quite simple (it does not involve mangling or bridges).

This solution is with network namespaces and multiple routing tables.

First, create a “belgium” network namespace.

ip netns add belgium

Create a pair of virtual ethernet interfaces (veth0 and veth1).

ip link add veth0 type veth peer name veth1

Move veth1 to your “belgium” namespace.

ip link set veth1 netns belgium

Set appropriate IP addresses to veth0 and veth1.

ip ad ad dev veth0
ip netns exec belgium ip ad ad dev veth1

Add appropriate routes in the “belgium” namespace.

ip netns exec belgium ip r add default via

Create a second routing table in the main network namespace by adding a line “1 rt2” to /etc/iproute2/rt_tables.

echo 1 rt2 >> /etc/iproute2/rt_tables

Set appropriate routes in this routing table:

ip r add dev wlp3s0 table rt2
ip r add default via dev wlp3s0 table rt2
ip r add dev veth0 table rt2

Set the rules for that routing table to catch the right packages:

ip rule add from table rt2
ip rule add to table rt2

Allow IP forwarding and Masquerade.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s -j MASQUERADE

Enjoy Football.

ip netns exec belgium su roidelapluie -c "mpv rtsp://"
Permalink. Category: Linux. Tags: network planet-inuits.
First published on Tue 13 October 2015.