I have designed/built/deployed several capture portal/gateway/content servers that can accept multiple SSID/VLAN traffic and diffenciate SSIDs in order apply different connection/shaping rules based on the SSID/VLAN.

I now have a new requirement. I need to be able to connect SSID/VLANs to different outgoing VLANs. For example, I need to "route" eth1.100 through to eth0.101, and do that for each SSID/VLAN I am manageing.

I believe I have all the iptables rules correct, but I cannot figure out how to force traffic entering on eth1.100 to go out on eth0.101.

It may be that I'll have to use separate NICs, but I am hoping someone has the answer that will allow the gateway to route VLANs.

I suppose I could do it if I could use different subnets for each outgoing VLAN, as I do for incoming VLANs, but unfortunately I normally do not have control of the outgoing IP scheme and can allocate only a single IP address to the outgoing NIC.

Hmm, if I can have multiple outfacing NICs, why can't I have multiple outgoing subnets? Well that'll be the direction of my "investigations" until somebody smarter than me posts the answer here

Emmett

Routing to multiple VLANs is just routing to multiple physical interfaces, and having conflicting subnet addresses is not standard practice.

1. Use ibtables to mark packets based on incoming interface.
2. Use "ip rule" to select different routing tables based the mark.
3. Use "ip route" to add entries to the routing tables explicitly stating the outgoing logical interface.