IP determines output interface?

Robert Nichols rnicholsNOSPAM at comcast.net
Thu Aug 25 17:19:46 CEST 2005


Paul Lewis wrote:
> Hi,
> 
> I'm working on a new system for the college I work at. We have two types of
> users who connect - students and conference guests. Students connect to the
> internet through an academic LAN, but technically conference guests are not
> allowed to use this. So, we have a separate ADSL line for conference guests.
> 
> Now, we have a DHCP system which assigns static IPs to our clients via DHCP
> (so not really static, but for our purposes they are). Conference guests get
> put in a different range to the students, although they can all see each
> other.
> 
> Now, what I want to do, is set a few rules on the firewall so that I can
> determine which output interface a packet goes out on, depending on the IP
> it got sent in on, i.e I want conference guests with conference IP addresses
> to be directed out to the ADSL line, and students with student IP addresses
> to be directed out to the academic LAN.

This isn't a firewall issue.  It's a routing problem that can be
handled via routing policy database management.  Take a look at the
manpage for the 'ip' command and the "ip rule" section in particular.

-- 
Bob Nichols         Yes, "NOSPAM" is really part of my email address.




More information about the netfilter mailing list