Прочие заметки

PostUp и PostDown для внутреннего и внешнего

Для внутреннего

PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
PostUp = ip rule add from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
PostDown = ip rule del from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main

Для внешнего

PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE

Способ чтоб не терять связь с сервером

PostUp = ip rule add from <IP> table main
PostUp = ip rule add from 172.29.172.0/24 table main
PreDown = ip rule del from <IP> table main
PreDown = ip rule del from 172.29.172.0/24 table main

Для задач

/etc/iproute2/rt_tables

100 tcp_only

PostUp = ip rule add from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
PostUp = ip rule add from 172.29.172.0/24 table main
PostUp = iptables -t mangle -A PREROUTING -i amn0 -p tcp -j MARK --set-mark 1
PostUp = ip rule add fwmark 1 lookup tcp_only
PostUp = ip route add default dev %i table tcp_only
PostDown = ip rule del from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
PostDown = ip rule del from 172.29.172.0/24 table main
PostDown = iptables -t mangle -D PREROUTING -i amn0 -p tcp -j MARK --set-mark 1
PostDown = ip rule del fwmark 1 lookup tcp_only
PreDown = ip route del default dev %i table tcp_only