So my main gateway on that machine is 192.168.1.2. I wan't to redirect all traffic from specific user through another gateway 192.168.1.1
Creating new user that will be redirected to another gateway
useradd -m proxy
Adding new routing table
echo "201 gw1" >> /etc/iproute2/rt_tables
adding ip rule so all marked packets will go to new routing table
ip rule add fwmark 0x1 table gw1
ip route add default via 192.168.1.1 dev eth0 table gw1
marking all packets from user proxy (and allowing our subnet to communicate without any redirection)
iptables -A OUTPUT -t mangle -o eth0 ! -d 192.168.1.0/24 -m owner --uid-owner proxy -j MARK --set-mark 1
This way user proxy will use separate routing table
now all ip traffic works fine, but dns don't work
curl -H "Host: ifconfig.me" 216.239.32.21
DNS requests don't work because it tries to use 127.0.0.1:53 which is routed through main gateway
now redirecting also dns traffic to same gateway, not letting it touch 127.0.0.1:53
iptables -t nat -A OUTPUT -m owner --uid-owner proxy -p udp --dport 53 -j DNAT --to 192.168.1.1:53
iptables -t nat -A OUTPUT -m owner --uid-owner proxy -p tcp --dport 53 -j DNAT --to 192.168.1.1:53
You can also put 8.8.8.8 there and it will be passed through 192.168.1.1, the main idea is to get it away from local caching dns server
now dns requests routed fine, you can check that with sniffer, however dig still shows dns from default gateway
curl ifconfig.me
making danted (or any other app) to use that rules by making it run as proxy user in dated.conf
#user.privileged: root
user.notprivileged: proxy
#user.libwrap: libwrap
and now you can add ip rule, ip route and iptables lines to rc.local and point your browser to danted socks server. All outbound traffic will be routed to 192.168.1.1 gateway
