I am trying to set up a Linux Server which was initially only supposed to be in one "server-subnet".
However I am forced to use a proxy to access HTTP/HTTPS services in this subnet, which causes a lot of problems with my web applications, that need to access an API over HTTPS.
Fortunately the Server is connected to a second "client subnet", which offers unrestricted access to HTTP/HTTPS services.
I configured both NICs and now I got the server subnet on eth0 and the client subnet on eth1.
I was reading up on similar issues and the closest I found was this: https://askubuntu.com/questions/104400/how-to-put-all-traffic-and-on-one-interface-and-some-traffic-on-another-interfac
I followed the instructions and changed the ports and interfaces accordingly (eth0's gateway being the default gateway) :
iptables -t mangle -A OUTPUT -p tcp --dport 443 -o eth0 -j MARK --set-mark 1
ip rule add fwmark 1 table 1
ip route add 0.0.0.0/0 table 1 dev eth1
However this doesn't seem to work.
I was wondering whether it is actually possible, from a technical point of view, to even create certain routing rules, that allow to route local outgoing HTTP/HTTPS traffic over another subnet.
Best Answer
I know this post is really old, but just recently I solved this problem using another approach which involves source policy routing: Can't ping multihomed Linux machine on non-default interface.
The host is connected to the two networks. The "client subnet" allows for access to external resources, however its clients cannot be accessed from outside the network. Clients on the "server subnet" can be accessed from outside the network, however they cannot access any resources outside their own network.
I set the gateway of the client subnet as the default gateway and configured the source policy routing as seen in the answer from the post above. The server then behaved as desired.