or maybe not, for you...

Picture this...

I have a firewall server acting as my LAN's connection to the WAN. It has TWO connections to the WAN with one being the default route for the box.

Lets say I have two networks in my lan: 192.168.1.0/24 and 192.168.2.0/24. I want the 1 network to utilize the firewalls default connection to the WAN whereas I want the 2 network to utilize the other (non-default route) connection.

I have look at SNAT and DNAT via iptables but haven't found a solution as the only thing I can translate is either an address or port and not an interface.

Any ideas to get me moving in the right direction?

Thanks in advance!

tell the router to forward through the non-gateway device if the source network is the network you want to use that route. so if the source is from net 192.168.2.x/24(assuming non-gateway allowed network), forward through eth1(assuming non-gateway nic).

ok... how though? what mechanism?

iptables? routing table?

From what I've seen, you can't specify a source network via the route command when adding/removing routes.

through iptables you can specify a source network, so if the source network is the one you want to go to other network, then say if source is that one, use the preferred nic to forward stuff to, and same for other network with gateway nic.

you cannot translate interfaces with iptables...

Using DNAT, the packet gets modified prior to the routing decision. Changing the destination address won't do me any good in this case. It's not like changing a MAC header, the destination IP needs to stay the same.

Using SNAT, the packet gets modified after the routing decision. So it doesn't matter what is happening to the packet becuase it is already headed for the wrong gateway.

And simply creating a rule like:

iptables -A FORWARD -s 192.168.2.0/24 -d 0.0.0.0/0 -o (secondary WAN interface) -j ACCEPT

Doesn't shape traffic in any way... it would only allow it in the case that I actually got this to work.

feel free to point out where I am wrong if this is the case...

thanks regadless though...

My first post ever, and I somewhat newbie-sh
Is it not routing.
Like:
route add -net 192.168.1.0 netmask 255.255.0.0 ethA
route add -net 192.168.2.0 netmask 255.255.0.0 ethB