Just an idea.. using the route iptables module (which is marked experimental in the netfilter repository.. but it still

the MMS collector is run as a different UID (this might be problem, it might not)

iptables -t nat -A POSTROUTING -d $remote_mmsc \
-m owner --uid-owner mms-service \
-j SNAT --to-source $my_local_mms_ip

iptables -t mangle -A OUTPUT -d $remote_mmsc \
-m owner --uid-owner mms-service \
-j ROUTE --oif $my_local_mms_if --continue

ip addr flush dev $my_local_mms_if
ip addr add 127.127.127.127/32 dev $my_local_mms_if

• $my_local_mms_ip = the IP address the device gets when connecting to the MMS apn
• $my_local_mms_if = the device connected to the MMS APN
• $remote_mmsc = IP address of MMSC (wapgw whatever)

When running as user mms-service, I can reach $remote_mmsc via the interface $my_local_mms_if and appear to come from ip address $my_local_mms_ip

When running as any other user, I can connect to $my_local_mms_ip and $remote_mmsc via conventional routes.. EVEN if those ip addresses are local (say if wlan0 has the same IP address as $remote_mmsc it still works!)

The issue I have, (and I can't test because I've not got access to a device at the mo) is if the MMS APN connection is point2point:

it has a local address and a remote peer address.. The remote peer address still overlaps.. I think this might need another NAT mangle rule to convince traffic to go via the default gateway.. perhaps something alone the lines of :

iptables -t mangle -d $remote_p2p_ip \
-m owner ! --uid-owner mms-service \
-j ROUTE -- gw $my_default_gw --oif $my_internet_if

either that or a better route..

I've been playing with eithernet interfaces (so the italics bit is slighty different, I've been specifying a gw too) If the rules could be inserted prior to bringing the MMS apn connection live, it might work provided the ppp connection is not UP before its addresses are flushed and replaced (with someting private)

Just a thought.. and obviously a horrible hack.. but it doesn't require a software stack and it works apparently quite happily on 2.6.24.x

dunno, just throwing that out there..