To verify if I understood your question correctly: You have a local computer with 2 WLAN interfaces and 1 LAN interface that you are using. Behind the LAN interface, there's another computer you want to access with a static IP. All other traffic should go through the WLAN interfaces. The WLAN interfaces acquire their addresses with DHCP.
If that's correct, you need a single default
rule for one of the WLAN interfaces ("exit to the internet using the wireless interface") in addition to each of the rules for the segment ("reach the remote server under the static address"). The routes for the WLAN interfaces are probably set automatically, and it doesn't hurt that theirs two of them as long as they have different priority, and you are aware you'll be only using one WLAN interface.
So the routing table should look like this:
default via 192.168.0.1 dev wlan3 proto static metric 600
default via 192.168.0.1 dev wlan1 proto static metric 601
192.168.0.0/24 dev wlan3 proto kernel scope link src 192.168.0.127 metric 600
192.168.0.0/24 dev wlan1 proto kernel scope link src 192.168.0.143 metric 601
193.*.*.1*8/25 dev eth0 proto kernel scope link src 193.*.*.1*7 metric 100
Assuming these are the default metrics, and assuming that the server you want to access via SSH has an 193...1*8 address (you didn't say). If it doesn't, you need an additional rule for the server address.
In other words, just do
ip route del 193.*.*.1*9 dev eth0 proto static metric 100
(with the correct IP address, of course).
Depending on how the LAN interface acquires its address (Network Manager?), you may automate this.
Edit
So the picture is like this:
+--------------+ +---------------------+ +-------------+
| eth0 |----| Some other computer |....| remote host |
| Laptop | +---------------------+ +-------------+
| wlan0 | +---------+
| Laptop wlan1 |::::| Some AP |
+--------------+ +---------+
Is this correct? If not, please clarify buy editing your question. A picture like the one above would help.
I understand that you want to protect public IP addresses, but that makes it difficult to assess the situation.
Let's assume the host you want to connect via ssh
has the public IP address 1.2.3.4
. On your laptop, WLAN has the address range 192.168.0.*/24
with gateway 192.168.0.1
, and your LAN has the address range 192.168.1.*/24
with gateway 192.168.1.1
. That's probably more realistic than your numbers (because everything that starts with 192.168 is in the private IP range; it's unlikely your LAN segment has a public IP range). Given that, your routing table on the laptop should be similar to
default via 192.168.0.1 dev wlanX
1.2.3.4 via 19.168.1.1 dev eth0
192.168.0.0/24 dev wlanX ...
192.168.1.0/24 dev eth0 ...
We are not interested in the routing table on the other computer or the ssh host.
Routes are matched by more specific prefixes, so this says "send traffic to 1.2.3.4 to the LAN gateway, traffic for the local segements through WLAN resp. LAN, and everything else to the WLAN gateway". You can verify with ip route get
:
$ ip route get 1.2.3.4
1.2.3.4 via 192.168.1.1 dev eth0
$ ip route get 1.2.3.5
1.2.3.5 via 192.168.0.1 dev wlanX
You either need to adapt this to your situation, or explain your local setup in more detail. It's safe to give IP addresses of the form 192.168.*.*
and 10.*.*.*
, these are private network addresses used by many people, and can't be used to identify you or your computer.
iptables
as possibly a more appropriate tool. The routing table doesn't have the ability to do application-specific routing like that. That said, if you're only concerned with a single IP address then you can accomplish what you want without IP tables.iptables
is not needed to setup routing. Nor is it needed for everything that somehow has to do with networking. I don't know why everyone is attempting to selliptables
as the solution for everything, please stop spreading this disinformation. It's a routing problem, so use the routing tools. Linux has routing tools, the kernel does routing, and these features are optimized (unlikeiptables
) to deal with issues like these.telnet
,ftp
, or whatever. This is really not the place for a long discussion about this issue, but I'm getting sick of all the recommendations foriptables
when you clearly need to do routing. Sorry you were the target for my rant.