Problem: I have a host that has 2 active network interfaces. One is used as a management port (
eth0), one is used as an FTP dropbox (
Both can route to the Internet, but all connections other than FTP on eth1 are blocked via iptables. The default route uses the interface for the FTP dropbox, but I have a static route configured for the subnet that includes my management and monitoring hosts so that I can SSH to the host and check on host availability, disk space, mail queue, etc.
However, the static route means that I cannot monitor the FTP dropbox, since FTP connection attempts coming in on one interface and IP address are then routed out via the management interface and IP address.
Solution: Use policy-based routing to direct the system to consult a different routing table for connections coming in on the FTP interface.
It sounds easy enough.
Continue reading Linux policy based routing