My question is very similar to Output traffic on different interfaces based on destination port. However, that question was asked in 2011. Now we have newer kernels that can have ip rules with tcp or udp selectors ("policy routing now has a leg in layer 4"): source - see comment on this answer.

I am new to routing, so I only know as much as I have read in the answers on unix.stackexchange.com. I got most of my solution ideas from Routing port traffic over specific interface.

I have two interfaces eth1 (10.0.0.182) and eth0 (192.168.1.2). My default route is for eth0. I want all http and https traffic to route through eth1 instead of the default route. Everything else can remain unchanged.

route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 202 0 0 eth0 0.0.0.0 10.0.0.1 0.0.0.0 UG 203 0 0 eth1 10.0.0.0 0.0.0.0 255.255.255.0 U 203 0 0 eth1 192.168.1.2 0.0.0.0 255.255.255.0 U 202 0 0 eth0 

The device at 10.0.0.1 is a Comcast modem that acts as a DHCP server, firewall, etc. The public IP address is a Comcast IP.

Here are the steps I think I need to do to get this to work using the newer ip rules features.

# add a new (secondary) table: echo "200 comcast-route" >> /etc/iproute2/rt_tables # Populate secondary routing table ip route add default via 10.0.0.1 dev eth1 table comcast-route # relax Strict Reverse Path Forwarding to Loose RPF sysctl -w net.ipv4.conf.eth1.rp_filter=2 #NOTE: my system already has this value, so no change is needed # net.ipv4.conf.eth1.rp_filter = 2 # specify alternate routes when using specific destination ports # iif lo below means "from local" ip rule add iif lo ipproto tcp dport 80 lookup 80 ip rule add iif lo ipproto tcp dport 443 lookup 80 

Does all that look correct? If it does not work, how do I revert those changes?