Linux Networking – Best Way to Route Traffic Based on Logged In User

ip addresslinux-networkingroutingubuntu-20.04

I have an Ubuntu 20.04 machine with 2 ethernet interfaces with 2 IP addresses each. It's an AWS EC2 instance and each of the 4 IP addresses has an EIP attached to it via NAT. Both interfaces connect to the same internal subnet. The setup looks like this:

EC2 Machine:

– eni1:

private-IP1 -> public-IP1
private-IP2 -> public-IP2

– eni2:

private-IP3 -> public-IP3
private-IP4 -> public-IP4

All 4 addresses are reachabale from the outside so that seems to be all fine. However for outgoing traffic currently always private-IP1 (and thus public-IP1) gets used. I want to specify that individual SSH users use specific IP addresses, so they'll come from the corresponding public IP when talking to services on the internet i.e.

user1 -> private-IP1

user2 -> private-IP2

user3 -> private-IP3

user4 -> private-IP4

What's the best way of achieving this result?

Best Answer

The best way to achieve that would be to clone the EC2 instance into four instances, assign each clone one IP address, and let each user use only the machine having the IP address he or she should use.

Related Solutions

Sonicwall route traffic through specific interface based on destination

What I ended up doing was this:

Created a new Address Object under the Network > Address Objects menu. Click Add under "Address Objects", Put the name of the object, such as "Datacenter".

Zone assignment: WAN Type: Network Network: xx.xx.xxx.xxx Netmask: 255.255.255.248

Click Add.

Next, Under Network > Routing

Click Add.

For Source, put in the LAN interface subnet, in my case I put in X0 For Destination, Select the Object we just created, "Datacenter" Service, Any (you can do FTP, HTTP, Etc only, if you want) Gateway: Default Gateway Interface: X1 (WAN Interface you wish the traffic to pass through) Comment: Datacenter over PRI

Click "Disable Route when the interface is disconnected" to allow for the WAN failover to still function, and traffic to reach the host if the interface is down.

Click Ok, and you're done!

How to route network traffic of a host via another host

You have multiple solutions to do this :

Easier way : NAT

Make A a router by allowing forwarding : sysctl net.ipv4.ip_forward=1 Put net.ipv4.ip_forward=1 in /etc/sysctl.conf to make it permanent.

Then on A, nat trafic by typing : iptables -t nat -A POSTROUTING -o ethx -j MASQUERADE

Finally on B : Route all traffic via A :

ip route del default  
ip route add default via IP_of_A

Other solution : Proxify,

but you need to setup all the components to use the proxy:

On B, open an SSH connection to A with this command :

ssh -D8000 -N -f user@IP_of_A

This will open a proxy sock on B and relay all traffic via A. If you use a web browser for example, you'll need to setup a proxy sock v5 on 127.0.0.1 listening on port 8000. You will not need to setup ip forwarding or touching to routes.