I have a sytem with three network interfaces. Below is the configuration that I'm trying to set up. wlan0 (its actually an WiFi AP interface) - other devices connects via this interface. net1 - interface facing internet that has to be linked to wlan0 to provide internet services to devices connected via wlan0. net0 - interface facing restricted internet access to answer queries only for requests from within this subnet.

The default interface is net0 and its gateway. The output of ip route show looks like this:

default via 10.228.103.241 dev net0
10.228.103.240/30 dev net0 src 10.228.103.242

Now I would like to system to look up table 7 for route rules for all requests to eth0 and net1. So I created ip rules as below:

0:      from all lookup local
32758:  from all lookup main
32762:  from 8.8.0.0/16 lookup iTbl
32764:  from 192.168.225.1 lookup iTbl
32765:  from 192.168.172.2 lookup iTbl
32767:  from all lookup default

8.8.0.0 is for nameservers. Its listed as iTbl because I have defined 7 as iTbl in /etc/iproute2/rt_tables.

ip route show for table 7 looks like this:

default via 192.168.172.3 dev net1
8.8.0.0/16 via 192.168.172.3 dev net1
192.168.172.0/24 dev net1  src 192.168.172.2
192.168.225.0/24 dev wlan0  src 192.168.225.1

And finally my iptables looks like this:

iptables -nvL
Chain INPUT (policy ACCEPT 245 packets, 49904 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   180 ACCEPT     all  --  wlan0   *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 190 packets, 19182 bytes)
 pkts bytes target     prot opt in     out     source               destination

iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 22 packets, 2205 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 21 packets, 2145 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 91 packets, 7782 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 90 packets, 7226 bytes)
 pkts bytes target     prot opt in     out     source               destination
    2   616 MASQUERADE  all  --  *      net1  0.0.0.0/0            0.0.0.0/0

When I connected a device to wlan0 interface and try to browse internet, tcpdump shows all the requests from wlan0 seem to go via net0, which actually has to go via net1 desirably. I read through many posts and forums. After trying different things I couldn't solve the issue. I am not able to understand where its going wrong. From the tcpdump and logically looking at it, seems like the ip rule lookup to table 7 is not working. Please help to check if any of the rules has to be corrected.