My problem is really simple yet it sounds complex, but I have zero to none experience with this.
I have set up a box using gentoo which has its own semi-static WAN-IP and acts as router for my LAN. I have access to a router elsewhere on the web, which has a dynamic IP and is registered to dyndns. My plan is to redirect specific traffic from my gentoo-box to the router to make use of the tunnel and the dynamic IP.
My idea was to install a proxy on my gentoo-box which uses a VPN connection to the router as default. Every computer on the LAN and specific computers on the WAN (that have access right to the proxy) should be allowed to use this proxy, but no traffic should be forced to go through the router. Which rules out the idea of just using iptables.
Example: I want to redirect Firefox traffic through the VPN but not Opera traffic. I setup Firefox to use the local proxy, it gets the dynamic IP of the distant router, Opera still browses with my semistatic-IP.
Is this possible? Which software to use? Any further ideas?
btw: the router supports PPTP, IPSec and L2TP
Edit: If you have better ideas for the title please edit or suggest, I have no idea how to call my problem 🙁
Best Answer
There is no practical way to select different routes on an application-by-application or process-by-process basis. (Linux had one for a time:
iptables --cmd-owner, but that disappeared in kernel 2.6.14). See Linux : restricting outgoing on an application basis.You can select different routes on a user-by-user basis with
iptables --uid-owner, or select different routes for different virtual machines. So given your requirements, you can useiptables, as long as you run the proxy as a dedicated user.See Dual network connection for explanations.