> I'm struggling to understand what you meant when you said that the > destination is the gateway. If you just mean that the traffic is > NATed, then again, I was not assuming that in any of my explanations. I said that, assuming the host with 2 public ips mentioned in the OP could be the gateway for a lan as I suspect routing based on source address that you suggested will not work for transit traffic. There's a routeback option in shorewall which probably does what the OP wants but I have no idea how to achieve this with firewalld or iptables.