I know question was answered multiple times, but this situation a bit different.
So here is what I have:
Separately this things easy to implement, but together... With setup it mostly works: 1002 user goes via eth1 and goes nowehere if it's not available. However, some hosts are still routed via eth0. I have no idea why.
Here is my setup:
user@localhost:~$ ip rule
0: from all lookup local 1000: from all fwmark 0x5 lookup 5 2000: from all fwmark 0x5 lookup 6 32766: from all lookup main 32767: from all lookup default`
user@localhost:~$ ip route list table 5 0.0.0.0/1 via 10.10.0.185 dev eth1
user@localhost:~$ ip route list table 6 blackhole 0.0.0.0/1
user@localhost:~$sudo iptables -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT
user@localhost:~$ sudo iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -A POSTROUTING -o eth1 -j MASQUERADE
user@localhost:~$ sudo iptables -t mangle -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -A OUTPUT -m owner --uid-owner 1002 -j MARK --set-xmark 0x5/0xffffffff
You specified a route of
0.0.0.0/1. This subnet consists of 0.0.0.0 through 127.255.255.255 inclusive. It's not at all clear why you would want to only route half of the possible IP addresses. I suspect you meant to route all of it (e.g.
User contributions licensed under CC BY-SA 3.0