Source IP Address Based on User

If you want to use different source IP addresses based on the logged in user or running service on a Linux computer you can use these simple commands:

/sbin/ifconfig eth0:1 NEW-IP-ADDRESS netmask YOUR-NORMAL-NETMASK
/sbin/iptables -t nat -A POSTROUTING -m owner --uid-owner USERNAME -j SNAT --to-source NEW-IP-ADDRESS

You can use this if the source IP is necessary for remote firewall filter lists, or to separate IP traffic from services that don’t allow to configure the outgoing source IP.

Add these lines to /etc/rc.local to make it permanent.

Version: Should work on every Linux kernel of the last 10 years, tested on Linux 4.11.1

Multiple Routing Tables with IPTables

Challenge: You have a linux based firewall, which should forward all internal and external traffic of its connected clients through a VPN tunnel, and at the same time the traffic from the firewall itself should not go through the tunnel (e.g. the tunnel connection packets).

Solution: There are lots of howtos for this probably. Here is my very simple and quick  (3 lines) solution.

Mark all packets that should go through the tunnel:
> iptables -t mangle -A PREROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -i eth1 -j MARK –set-mark  3

Setup a second routing table:
> ip route add table 3 default dev tun0

Add a rule to use routing-table 3 for packets marked with 3:
> ip rule add fwmark 3 table 3

192.168.2.0/24: client IPs
tun0: device of the vpn tunnel