Hi All,
I'm using a device with 2 internet interfaces (MPLS sim cards). Both these WAN interfaces can be reached from remote end.
I have put portforwarding rules, but I'm observing that these ports are only accessible through one of the 2 interfaces ( the one with lower metric ). I'm unable to access the forwarded ports from the interface with higher metric
Below are the iptable rules that are created for the portforwarding rules for port 9021 which is forwarded to port 21 on 192.168.1.1
test@iotgateway:~# iptables-save | grep 9021
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.146.236.235/32 -p tcp -m tcp --dport 9021 -m comment --comment "!fw3: FTP (reflection)" -j DNAT --to-destination 192.168.1.1:21
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.146.236.235/32 -p udp -m udp --dport 9021 -m comment --comment "!fw3: FTP (reflection)" -j DNAT --to-destination 192.168.1.1:21
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.82.29.142/32 -p tcp -m tcp --dport 9021 -m comment --comment "!fw3: FTP (reflection)" -j DNAT --to-destination 192.168.1.1:21
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.82.29.142/32 -p udp -m udp --dport 9021 -m comment --comment "!fw3: FTP (reflection)" -j DNAT --to-destination 192.168.1.1:21
-A zone_wan_prerouting -p tcp -m tcp --dport 9021 -m comment --comment "!fw3: FTP" -j DNAT --to-destination 192.168.1.1:21
-A zone_wan_prerouting -p udp -m udp --dport 9021 -m comment --comment "!fw3: FTP" -j DNAT --to-destination 192.168.1.1:21
below are my routes
test@iotgateway:~# ip route
default via 10.64.64.65 dev 3g-wanSIM0 proto static metric 10
default via 10.64.64.64 dev 3g-wanSIM1 proto static metric 20
10.64.64.64 dev 3g-wanSIM1 proto kernel scope link src 10.82.29.142
10.64.64.65 dev 3g-wanSIM0 proto kernel scope link src 10.146.236.235
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
239.255.255.250 dev br-lan scope link
Please let me know if there is any solution to this.