Bind a Linux user to an outgoing external IP address

I had just requested whitelisting of an IP on my VPS, tried to connect to the FTP server but I was still blocked… “What could be wrong?”, I wondered and decided to check the external IP address.

$ dig +short myip.opendns.com @resolver1.opendns.com
159.220.188.119


Well, crap… that’s the servers address, but not the address that is assigned to the user. After searching for at least an hour, I stumbled upon this command:

iptables -t nat -A POSTROUTING -m owner --uid-owner USER -j SNAT --to-source IP

Source

So, in my case this became:

iptables -t nat -A POSTROUTING -m owner --uid-owner pingwin -j SNAT --to-source 159.220.188.142

The only thing I’m still figuring out is why this sometimes gets reset. The server does not reboot, nor does the firewall restart. I’m thinking of just creating a cronjob to repeat this command every few hours, but that’s not really clean solution.

Leave a Reply

Your email address will not be published. Required fields are marked *