[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 560
  • Last Modified:

iptables, use alternate connection based on source ip or port

Hi All,
I have a linux firewall setup with 4 NIC's.

eth0 - (LAN)
eth1 - (Ethernet wireless corporate connection)
eth2 - (ADSL 2+) (ppp1)
eth3 - 333.333.333.333 (ADSL 2+) (ppp0)

Currently all traffic goes out through eth1, I have port forwards and other rules for inbound connections and they are working OK. But I'm trying to get all traffic from a couple of source IP's to use eth3 and be able to send all FTP (port 21) traffic out eth2.

I've tried using
iptables -t NAT -A POSTROUTING -s -d -p tcp -o eth3 -j MASQUERADE

I also tried quite a few other combinations, can't seem to get it working. I've tried using good old Google to find an answer, but can't.

Is it possible to do this with iptables?
If so, what should I be using?
If Not, what other solution is available?

1 Solution
This is possible with advanced routing and also in combination with iptables.

In iptables you can use the "mangle" table to MARK packets and then use this marking to decide which routing table to use (and hence the default gateway to use).

iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 21 -j MARK --set-mark 1

echo 200 FTPTRAFFIC >> /etc/iproute2/rt_tables
ip rule add from all fwmark 1 table FTPTRAFFIC
ip route add default via dev eth2 table FTPTRAFFIC
ip route flush cache


QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now