Fedora Firewall with multiple public IPs
Bill Davidsen
davidsen at tmr.com
Sat Oct 3 19:17:06 UTC 2009
Gabriel - IP Guys wrote:
> Thank you for taking the time to read my message.
>
>
>
> I wish to build a fedora box that will take control of all my ADSL
> connections – I use 2 ADSL modems with Ethernet connections, and
> multiple public static IPs on each. I wish for my internal network to
> only see one gateway, and have the gateway determine which route is the
> best route based on traffic type, and route availability.
>
>
>
> As far as I'm concerned, it should follow these ‘basic’ rules
>
>
>
> · All traffic goes via my unlimited connection (with the
> exception of)
>
> · Email – Goes via an SMTP relay for one of our providers, which
> has been added to our DNS
>
> · SIP traffic goes via the same provider, as they provide a rock
> solid connection
>
>
>
> If my A1 provider is absent for any reason, then use my B1 provider,
> until A1 comes backup. Any ideas, and suggestions will be appreciated J
>
Make the cheap unlimited ISP the default route, use the mangle table to MARK the
connections you want to go through the other ISP, then use a source route based
on the MARK to force the packets out the non-default interface. Use the nat
table to SNAT the marked packets to the correct source address.
I do that at several sites.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list