How can I redirect all traffic through one interface to another, but send certain traffic with iptables to another IP?

I have a Raspberry Pi with two interfaces:

wlan0 is connected to my internal network 192.168.2.0/24,
eth0 is connected to a network switch with a LAN network 10.0.0.0/8,

Currently I have all the traffic on the LAN 10.0.0.0/8 able to use the internet over my wlan0 Interface, and I am able to connect to all machines in the 10.0.0.0/8 Network from the raspberry Pi. For example, ssh in 10.0.0.2.

  • The raspberry Pi wlan0 Interface has IP address 192.168.2.30,
  • The raspberry Pi eth0 Interface has IP address 10.0.0.1,

I've configured this by enabling IP forwarding net.ipv4.ip_forward=1,

I then added the following iptables rules:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

But now I have to be able to intercept the traffic that hits it wlan0 Interface to port 80 or port 443 (from the other side, (192.168.0.2/24) and forward it directly to another IP address on the LAN to which this raspberry Pi is connected (10.23.220.88).

This is my current iptables filter table:

pi@something:~ $ sudo iptables -L -n -v --line-numbers
Chain INPUT (policy ACCEPT 48847 packets, 20M bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 157 packets, 9952 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     319K  467M ACCEPT     all  --  wlan0  eth0    0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2     161K   12M ACCEPT     all  --  eth0   wlan0   0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 26150 packets, 18M bytes)
num   pkts bytes target     prot opt in     out     source               destination

and that's my iptables current NAT table:

pi@something:~ $ sudo iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

How can I achieve this without disturbing the fact that I can route the Internet over this Raspberry Pi to my 10.0.0.0/8 network and connect to the 10.0.0.0/8 network?