Ok so, firstly, I’m going to assume few things.
wlp3s0
is your main internet over wifi.
enp0s20u1
is your phone via usb tethering.
We can separate phone connection/interface and put it in a VRF with its own routing table (this can be done multiple ways, eg. via ip
command, but I’m assuming you are using NetworkManager, so we are doing it with nmcli
):
# Create VRF connection
nmcli conn add type vrf con-name vrf0 ifname vrf0 table 10 ipv4.method disabled ipv6.method disabled
# Add enp0s20u1 connection to vrf
nmcli conn add type ethernet con-name enp0s20u1 ifname enp0s20u1 master vrf0 ipv4.method auto
# Start enp0s20u1 connection
nmcli conn up enp0s20u1
And this is basically it. Of course you can manually configure IPs, add routes, etc.
So now you can bind traceroute
or ping
to vrf0
interface:
ping -I vrf0 1.1.1.1
traceroute -i vrf0 -n google.com
But ok, you don’t need VRFs for that. You can just bind it to enp0s20u1
directly and it will work.
For programs that don’t support that, you have to use ip vrf exec vrf0 <program_name>
There is just one problem though. You need root privileges (or CAP_SYS_ADMIN and few other capabilities) to run this.
So one way around that is to run:
# Replace your_username with actual username
sudo ip vrf exec vrf0 runuser -u your_username -- firefox
If we are lazy, we can add this command to sudoers and allow us to run it without password:
/etc/sudoers.d/90-ip_vrf_exec
:
# Replace your_username with actual username (twice)
your_username ALL=(ALL:ALL) NOPASSWD: /usr/bin/ip vrf exec vrf0 /usr/bin/runuser -u your_username -- *
and make a bash script, an alias, or something, to call it:
$HOME/.local/bin/runvrf
:
#!/bin/bash
# Yes, I know, 'sudo' in a script...OMG
sudo /usr/bin/ip vrf exec vrf0 /usr/bin/runuser -u $(/usr/bin/whoami) -- "$@"
Run chmod 744
on it.
You can now start firefox, or run whole shell or whatever in vrf0
runvrf firefox
runvrf zsh
KEEP IN MIND: Some programs might not work properly (or at all) in a VRF (or you might need to run additional services in the same vrf).
Further reading: