Set gateway for specific ip destination and port
As you've hinted in the question, you can statically route specific ranges/hosts via the operating system or router's routing tables.
Dynamically routing ports however, is not possible on Windows. Routing is a Layer 3 task, whereas ports are Layer 5. See the below diagram for more information:
(source: s-msft.com)
If you're determined, you can use a Linux router running the iptables firewall to re-route packets according to their port - you'll need separate routing tables to handle the specific ports, and then use fwmark
to mark each packet. See this forum post as a starting point.
Related videos on Youtube
Nebu
Updated on September 18, 2022Comments
-
Nebu over 1 year
I have two internet connections. One has a static public ip address (WAN-STATIC gateway ip 10.0.0.1) and the other has a dynamic public ip address (WAN-DYNAMIC gateway ip 10.0.0.254). I wish to force traffic to specific ip addresses and ports to use WAN-STATIC. I tried to do this with a dual wan router but after a long telephone call with the support team it seems this is not possible in the router. I tried this:
route add xxx.xxx.xxx.0 mask 255.255.255.0 10.0.0.1 metric 1
This redirects my traffic correctly but i also need to specify the port. For example traffic to xxx.xxx.xxx.1 on port 80 needs to use the default gateway and traffic on port 8080 needs a static route. My computers runs on windows 7.
-
HBruijn over 9 yearsIt sounds like you desire policy based routing which ideally is implemented in your router, although also native support exists in the current Linux kernel as well, but not in Windows as far as I know.
-
-
Nebu over 9 yearsSo there is also no way to force email (port 25) to use a certain gateway.
-
ObiwanKeTobi over 9 years@Nebu - not unless you want to spin up your own custom firewall/router and use iptables as I said in my closing paragraph.
-
Nebu over 9 yearsAny closing arguments on how other companies solve this issue in a windows environment. I would be surprised if i am the only one facing this issue.
-
ObiwanKeTobi over 9 yearsEssentially it's not possible - you're attempting to bridge two OSI layers, which is only possible with software, and unfortunately the software doesn't exist on Windows.
-
Timmmm over 8 yearsOff topic, but that layer chart is bogus. E.g. how is "80" a layer? The internet doesn't use the OSI layer model. (It's similar but there are no session or presentation layers.)
-
Timmmm over 8 yearsThat... still has presentation and session layers? How about this one: w3.org/People/Frystyk/thesis/tcp.gif Edit: Here's a better one: i-technet.sec.s-msft.com/dynimg/IC197700.gif
-
Ron Maupin over 8 yearsPorts are not in layer-5, ports are layer-4 addresses, just like IP addresses are layer-3 addresses, and MAC addresses are layer-2 addresses. The RFCs make this clear. RFC 793, Transmission Control Protocol says, "To allow for many processes within a single Host to use TCP communication facilities simultaneously, the TCP provides a set of addresses or ports within each host."