IP determines output interface?

Robert Nichols rnicholsNOSPAM at comcast.net
Thu Aug 25 17:19:46 CEST 2005

Paul Lewis wrote:
> Hi,
> I'm working on a new system for the college I work at. We have two types of
> users who connect - students and conference guests. Students connect to the
> internet through an academic LAN, but technically conference guests are not
> allowed to use this. So, we have a separate ADSL line for conference guests.
> Now, we have a DHCP system which assigns static IPs to our clients via DHCP
> (so not really static, but for our purposes they are). Conference guests get
> put in a different range to the students, although they can all see each
> other.
> Now, what I want to do, is set a few rules on the firewall so that I can
> determine which output interface a packet goes out on, depending on the IP
> it got sent in on, i.e I want conference guests with conference IP addresses
> to be directed out to the ADSL line, and students with student IP addresses
> to be directed out to the academic LAN.

This isn't a firewall issue.  It's a routing problem that can be
handled via routing policy database management.  Take a look at the
manpage for the 'ip' command and the "ip rule" section in particular.

Bob Nichols         Yes, "NOSPAM" is really part of my email address.

More information about the netfilter mailing list