Fedora Firewall with multiple public IPs

[Bill Davidsen]

Gabriel - IP Guys wrote:
> Thank you for taking the time to read my message.
> 
>  
> 
> I wish to build a fedora box that will take control of all my ADSL 
> connections – I use 2 ADSL modems with Ethernet connections, and 
> multiple public static IPs on each. I wish for my internal network to 
> only see one gateway, and have the gateway determine which route is the 
> best route based on traffic type, and route availability.
> 
>  
> 
> As far as I'm concerned, it should follow these ‘basic’ rules
> 
>  
> 
> ·         All traffic goes via my unlimited connection (with the 
> exception of)
> 
> ·         Email – Goes via an SMTP relay for one of our providers, which 
> has been added to our DNS
> 
> ·         SIP traffic goes via the same provider, as they provide a rock 
> solid connection
> 
>  
> 
> If my A1 provider is absent for any reason, then use my B1 provider, 
> until A1 comes backup. Any ideas, and suggestions will be appreciated J
> 
Make the cheap unlimited ISP the default route, use the mangle table to MARK the 
connections you want to go through the other ISP, then use a source route based 
on the MARK to force the packets out the non-default interface. Use the nat 
table to SNAT the marked packets to the correct source address.

I do that at several sites.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot