Short answer: You will need specialized software (like
mpath-tools) to implement failover from one ISP connection to another.
Long answer: This can't be done easily, for a number of reasons:
Reason #1: This is a routing issue, and you're not running a routing protocol
In order to switch to an alternate gateway, you'll have to alter the local routing table. If your system was receiving routing information from two different upstream routers via BGP, the switch would happen automatically whenever one link went down (or the upstream router sent a poison update).
The vast majority of Internet connections for businesses (and
all residential connections) use static routing. In other words, it's up to your system to figure out when a link is down, and alter the routing table accordingly. The connection itself and the upstream routers provide no hints as to the status of the connection.
(And no, having two gateways with the same metric is not the answer, as that will just cause the IP stack to do round-robin load balancing across both links.)
Reason #2: Detecting line status is hard (what does "eth1 becomes unreachable" mean?)
It's easy to detect when an Ethernet
link goes down, but unfortunately that rarely happens when an Internet connection fails. Often the problem is at the ISP end, and the only symptom is that reply packets aren't coming in from Internet hosts. Even when a DSL router or modem fails, the Ethernet side of the unit is often operational.
Without BGP, you'll have to resort to some sort of manual link detection, for instance by pinging or otherwise testing connectivity against one or more remote hosts. Telling the difference between an ISP routing issue and a host going down for other reasons would be a challenge.
Reason #3: NAT messes up everything
No matter what you do, as long as outbound traffic has to be NAT overloaded behind the public address of each interface, a line failure will break all active sessions.
If a remote host is sending data to the IP address at
eth1, without BGP there's no way that traffic can be redirected to whatever address is assigned to
ppp0 in the event of a line failure. The best you could do would be to use the MASQUERADE target instead of the SNAT target, and take the interface down (and then back up) whenever a line failure is detected. That would purge the conntrack table, and outgoing traffic using the other interface would be NATed behind the correct address.
