echo 201 net1 >> /etc/iproute2/rt_tables

mcedit /etc/rc.local

#!/bin/bash
#add route
ip route add 10.150.0.0/24 via 192.168.50.100
ip route add 10.151.0.0/24 via 192.168.50.100
#run ip forwarding
sysctl -w net.ipv4.ip_forward=1
#add pbr
ip rule add from 192.168.150.35 table net1
ip route add default via 89.89.89.161 dev ens192 table net1
#run iptables
/etc/iptables.sh
exit 0

mcedit /etc/iptables.sh

iptables -P INPUT ACCEPT
iptables --flush INPUT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ens160 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i ens160 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i ens160 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -m state --state NEW -j DROP

iptables -P OUTPUT ACCEPT
iptables --flush OUTPUT
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -o lo -j ACCEPT

iptables -P FORWARD ACCEPT
iptables --flush FORWARD
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -s 192.168.150.0/24 -i ens160 -j ACCEPT
iptables -A FORWARD -m state --state NEW -j DROP

iptables -t nat --flush
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat --flush POSTROUTING
iptables -t nat -A POSTROUTING -s 192.168.150.35/32 -o ens192 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o ens224 -j MASQUERADE

Почему MASQUERADE, логика такая, как в pf и ufw,
чем меньше мы пишем тем меньше ошибок допускаем
тем безопаснее код

sysctl -w net.ipv4.ip_forward=1

ip rule add from 192.168.150.35 table net1
ip route add default via 89.89.89.161 dev ens192 table net1

sh /etc/iptables.sh

Перезагружаем

init 6

Проверяем загрузились ли правила

ip route show table all
ip route show table all | grep default
iptables-save
iptables -L -n -v --line-numbers
iptables -t nat -L -n -v --line-numbers
iptables -t filter -L -n -v --line-numbers
iptables -t mangle -L -n -v --line-numbers

iptables -S 
iptables -S -t mangle
iptables -S -t nat