2

I have two internet connections. One has a static public ip address (WAN-STATIC gateway ip 10.0.0.1) and the other has a dynamic public ip address (WAN-DYNAMIC gateway ip 10.0.0.254). I wish to force traffic to specific ip addresses and ports to use WAN-STATIC. I tried to do this with a dual wan router but after a long telephone call with the support team it seems this is not possible in the router. I tried this:

 route add xxx.xxx.xxx.0 mask 255.255.255.0 10.0.0.1 metric 1

This redirects my traffic correctly but i also need to specify the port. For example traffic to xxx.xxx.xxx.1 on port 80 needs to use the default gateway and traffic on port 8080 needs a static route. My computers runs on windows 7.

Nebu
  • 147
  • 1
  • 1
  • 7
  • It sounds like you desire [policy based routing](http://en.wikipedia.org/wiki/Policy-based_routing) which ideally is implemented in your router, although also native support exists in the current Linux kernel as well, but not in Windows as far as I know. – HBruijn Oct 24 '14 at 12:56

1 Answers1

0

As you've hinted in the question, you can statically route specific ranges/hosts via the operating system or router's routing tables.

Dynamically routing ports however, is not possible on Windows. Routing is a Layer 3 task, whereas ports are Layer 5. See the below diagram for more information:

enter image description here
(source: s-msft.com)

If you're determined, you can use a Linux router running the iptables firewall to re-route packets according to their port - you'll need separate routing tables to handle the specific ports, and then use fwmark to mark each packet. See this forum post as a starting point.

Glorfindel
  • 1,213
  • 3
  • 15
  • 22
Craig Watson
  • 9,370
  • 3
  • 30
  • 46
  • So there is also no way to force email (port 25) to use a certain gateway. – Nebu Oct 24 '14 at 12:39
  • @Nebu - not unless you want to spin up your own custom firewall/router and use iptables as I said in my closing paragraph. – Craig Watson Oct 24 '14 at 12:41
  • Any closing arguments on how other companies solve this issue in a windows environment. I would be surprised if i am the only one facing this issue. – Nebu Oct 24 '14 at 12:47
  • Essentially it's not possible - you're attempting to bridge two OSI layers, which is only possible with software, and unfortunately the software doesn't exist on Windows. – Craig Watson Oct 24 '14 at 12:50
  • Off topic, but that layer chart is bogus. E.g. how is "80" a layer? The [internet doesn't use the OSI layer model](https://en.wikipedia.org/wiki/Internet_protocol_suite#Abstraction_layers). (It's similar but there are no session or presentation layers.) – Timmmm Dec 22 '15 at 15:20
  • That... still has presentation and session layers? How about this one: http://www.w3.org/People/Frystyk/thesis/tcp.gif Edit: Here's a better one: https://i-technet.sec.s-msft.com/dynimg/IC197700.gif – Timmmm Dec 22 '15 at 15:35
  • 1
    Ports are not in layer-5, ports are layer-4 addresses, just like IP addresses are layer-3 addresses, and MAC addresses are layer-2 addresses. The RFCs make this clear. RFC 793, Transmission Control Protocol says, "_To allow for many processes within a single Host to use TCP communication facilities simultaneously, the TCP provides a set of addresses or ports within each host._" – Ron Maupin Dec 22 '15 at 17:38