Nat through non-default gateways more than one internal network.

One big office space (with one BIG net) shared by more than one company - each having different policies for IT infrastructure.
How do we nat different local networks (connected to eth2,3,4 etc) trough different gateway (connected openvpn to each Company VPN server)?

Here it is how:

#!/bin/sh

exc() {
cmd="$1";
[ -n "$2" ] && exitt="$2";
echo "Exec $cmd ...";
$cmd;
[ $? -gt 0 ] && echo "Error executing $cmd..." && [ "$exitt" != "0" ] && exit 1;
}

[ `which realpath|wc -l` -lt 1 ] && echo "This script requiers realpath command" && exit 1;

[ -z "$1" ] && echo "Param1: net config" && exit 1;
[ -n "$1" ] && cfg=`realpath $1`;
[ -n "$1" ] && ! [ -f "$cfg" ] && echo "Config $1 con't be found!" && exit 1;
[ -n "$1" ] && [ -f "$cfg" ] && . $cfg;

[ -z "$defgw" ] || [ -z "$vpnremoteip" ] || [ -z "$local1net" ] || [ -z "$local1ip" ] || [ -z "$local1netdev" ] || [ -z "$tundev1" ] || [ -z "$vpn1cfgdir" ] || [ -z "$vpn1cfg" ] || [ -z "$vpn1rtbl" ] && echo "Some variables that are required are empty! We need all: defgw : $defgw , vpnremoteip : $vpnremoteip , local1net : $local1net , local1ip : $local1ip , local1netdev : $local1netdev , tundev1 : $tundev1 , vpn1cfgdir : $vpn1cfgdir , vpn1cfg : $vpn1cfg , vpn1rtbl : $vpn1rtbl" && exit 1;


[ -n "`ps ax|grep openvpn|grep $vpn1cfg|grep -v grep`" ] && echo "Openvpn with cfg $vpn1cfg already runs PID: `ps ax|grep openvpn|grep $vpn1cfg|grep -v grep|cut -f1 -d ' '`" && exit 1;
local1ifacecheck=`ifconfig $local1netdev|grep inet|cut -f2 -d:|cut -f1 -d' '`;

[ -n "$local1ifacecheck" ] && [ "x$local1ifacecheck" != "x$local1ip" ] && echo "$local1netdev is UP but ip doesn't match ($local1ip != $local1ifacecheck)!" && exit 1;
[ -z "$local1ifacecheck" ] && exc "ifconfig $local1netdev $local1ip up" && exc "ip r del $local1net" 0;

[ `ip r s|grep $local1net|grep -v grep|wc -l` -gt 0 ] && exc "ip r del $local1net" 0;

[ `ip r s|grep $vpnremoteip|grep -v grep|wc -l` -lt 1 ] && exc "ip r add $vpnremoteip via $defgw dev eth0";

# start vpn and get local/remote ppp ip
exc "cd $vpn1cfgdir";
exc "openvpn --daemon --config $vpn1cfg";
sleep 10;

vpn1local=`ifconfig $tundev1|grep inet|awk '{print $2}'|cut -f 2 -d:`;
vpn1remote=`ifconfig $tundev1|grep inet|awk '{print $3}'|cut -f 2 -d:`;

[ -z "$vpn1local" ] || [ -z "$vpn1remote" ] && echo "Can't find local/remote vpn ips" && exit 1;

#clean up vpn routes from default routing table
vpn1net=`ip r |grep "via $vpn1remote"|grep -v grep|cut -f1 -d' '`;
[ -n "$vpn1net" ] && exc "ip r del $vpn1net" 0;
[ -n "$vpn1remote" ] && exc "ip r del $vpn1remote" 0;


echo "Add routing for: vpn1remote: $vpn1remote ; vpn1net: $vpn1net ; local1net : $local1net ; default";
#add routes in new routing table vpnr1
[ -z "`ip r s t $vpn1rtbl|grep $vpn1remote|grep -v grep`" ] && exc "ip r add $vpn1remote dev $tundev1 src $vpn1local table $vpn1rtbl";
[ -z "`ip r s t $vpn1rtbl|grep $vpn1net|grep -v grep`" ] && exc "ip r add $vpn1net dev $tundev1 via $vpn1local table $vpn1rtbl";
[ -z "`ip r s t $vpn1rtbl|grep $local1net|grep -v grep`" ] && exc "ip r add $local1net dev $local1netdev src $local1ip table $vpn1rtbl";
[ -z "`ip r s t $vpn1rtbl|grep 'default'|grep -v grep`" ] && exc "ip r add default via $vpn1local dev $tundev1 table $vpn1rtbl";
#add rules for vpn/vpn1-local nets to lookup vpnr1;
[ -z "`ip ru s|grep "from $vpn1net"|grep -v grep`" ] && exc "ip rule add from $vpn1net lookup $vpn1rtbl prio 1000";
[ -z "`ip ru s|grep "to $vpn1net"|grep -v grep`" ] && exc "ip rule add to $vpn1net lookup $vpn1rtbl prio 1000";
[ -z "`ip ru s|grep "from $vpn1local"|grep -v grep`" ] && exc "ip rule add from $vpn1local lookup $vpn1rtbl prio 1100";
[ -z "`ip ru s|grep "from $local1net"|grep -v grep`" ] && exc "ip rule add from $local1net lookup $vpn1rtbl prio 998";
[ -z "`ip ru s|grep "to $local1net"|grep -v grep`" ] && exc "ip rule add to $local1net lookup $vpn1rtbl prio 998";


[ `iptables -t nat -nvL|grep SNAT|grep "$local1net"|wc -l` -lt 1 ] && exc "iptables -t nat -A POSTROUTING -s $local1net -o $tundev1 -j SNAT --to-source $vpn1local";