Basically I have a armbian distro configured as NAT where wlan0 is the internal interface and eth0 is the "pubic" interface that provides internet (this set is provided out of the box by armbian-config).
My devices connect over wlan0 grabbing an IP, say 172.24.1.114
I have added a VPN to a remote network resulting in the creation of ppp0, with IP 10.10.10.12
Having these info, what I want to achieve is:
Only one IP (e.g. 172.24.1.114) has to always go towards ppp0 (that is all traffic back and forth should go to ppp0, so I can either reach machines and navigate on internet with the remote IP)
All other IPs can normally go towards eth0
Starting from the configured NAT from armbian-config I have added the extra iptables rules:
-A FORWARD -i wlan0 -o ppp0 -j ACCEPT (this is before -A FORWARD -i wlan0-o eth0 -j ACCEPT created by armbian-config)
-A POSTROUTING -o ppp0 -j MASQUERADE (order shouldn't impact with -A POSTROUTING -o eth0 -j MASQUERADE created by armbian-config)
-A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT (just to be sure!)
These extra rules + the one from armbian-config seem to work all most well:
From 172.24.1.114 client I can see content of a remote web server, say http://10.10.10.20 ( so apparently it goes thru ppp0)
From 172.24.1.114 client I can navigate on internet, but unfortunately checking the IP I go out with (using a geo ip website), it still results the one from eth0
All other clients correctly navigate going out thru eth0
So to summarize it, I can now reach the remote network over VPN for that IP but it is not able to navigate thru ppp0
As last try I found the way to set rule policies, like in this guide (http://wiki.wlug.org.nz/SourceBasedRouting), so I can specify that source IP 172.24.1.114 goes to custom table other than the main one; then I added in this new table the default gateway of 10.10.10.1 dev ppp0. This leads to lack of web navigation for that IP.
