Subject: Utilising multiple routes to internet
To: None <firstname.lastname@example.org>
From: David Brownlee <email@example.com>
Date: 01/10/2006 18:26:23
We have a site with 2M SDSL and a 4M/768k ADSL links, both via
external router boxes.
The external gateway box also acts as a transparent squid proxy,
so its ipnat.conf contains:
$intif - internal interface
$intip - IP address of internal interface
$extif - primary external interface
$extip - IP address of external interface
$altif - alternative external interface
$altip - IP address of alternative external interface
$altgip - IP address of alternative gateway
rdr $intif $intip port 80 -> 127.0.0.1 port 80 tcp
rdr $intif 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp
ipf.conf lets most traffic route out normally, but sends any tcp
traffic directly from this box to the alternative gateway via the
pass out quick on $extif to $altif:$altgip proto tcp from $extip to any flags S keep state
This all works very well, any traffic from the internal hosts
goes out via the normal $extif, while web traffic and anything
run directly from the gateway goes via $altif. I could easily
split the "pass out quick on" to a set of port = 80 and similar
rules, but chose not to.
Now, if a tcp connection comes in on $altif to $altip then
the return data always goes out on $extif _from_ $extip.
Is there any way to get that connection's return traffic
to come from the IP addres to which it connected ($altip?)
Short of using XEN to setup two virtual machines each with a
different default route, what obvious way am I missing to get
this box to be able to use two route to the internet?
David Brownlee -- firstname.lastname@example.org