Can I limit a user (and their apps) to one network interface?

You could set up two virtual machines on the physical machine, and set up the network interface bridging so that one VM uses eth0 and the other VM uses eth1. See the virtual box documentation section on bridged networking.

You'll want to use the iptables owner module and perhaps some clever packet mangling.

owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match.

--uid-owner userid Matches if the packet was created by a process with the given effective (numerical) user id.

--gid-owner groupid Matches if the packet was created by a process with the given effective (numerical) group id.

--pid-owner processid Matches if the packet was created by a process with the given process id.

--sid-owner sessionid Matches if the packet was created by a process in the given session group.

Can I limit a user (and their apps) to one network interface?

Tags:

Linux

Routing

Networking

Iptables

Users

Related

Recent Posts