I have 2 Internet connections and I want to implement the following on my linux router/firewall. It has 3 inferfaces (1xlan & 2xwan)
1. Load balancing some sort of traffic (ex http)
Web Traffic comming from the lan should balances in a round-robin fashion across wans connections.(per destination load balancing)
2. Some sort of traffic should always use one of the two connections.
Ex: icmp and tcp/ssh should always use wan1 and tcp/smtp,pop,imap should always use wan2.
O thought of something like this:
iptables -t nat -A POSTROUTING -o eth1 -p tcp --dport 22 -s 10.0.0.0/24 -j SNAT --to-source 190.17.0.x
iptables -t nat -A POSTROUTING -o eth1 -p icmp -s 10.0.0.0/24 -j SNAT --to-source 192.17.0.x
iptables -t nat -A POSTROUTING -o eth0 -p tcp -m multiport --dports 25,110,143 -s 10.0.0.0/24 -j SNAT --to-source 89.0.x.x
echo "1" > /proc/sys/net/ipv4/ip_forward
What confuses me is that SNAT is done in POSTROUTING, this means after the routing process. How could I make the decision on what interface to send the packets based on protocol/ip/etc after the routing decision? Routing decision means choosind the outgoing interface based on some criteria (ex ip dest). right?
Please, help me understand this issue.