I have two outgoing connections, pointing to different ISPs, on a gateway, in front of small-ish LAN.
IPs addresses are as follows:
ISP 1:
- network: 10.1.1.0/24
- gateway ip: 10.1.1.1
- client ip: 10.1.1.2 (eth1)
ISP 2:
- network: 10.2.1.0/24
- gateway ip: 10.2.1.1
- client ip: 10.2.1.2 (eth2)
LAN:
- network: 192.168.0.0/24
- gateway ip: 192.168.0.1 (eth0)
Few LAN clients, with IPs in range 192.168.0.128/25.
So, essentially, gateway has IPs 10.1.1.2, 10.2.1.2, and 192.168.0.1 on 3 NICs.
Default route on gateway is set to 10.1.1.1 dev eth1.
Right now, I have one routing table consisting of following entries, named isp2:
- network 192.168.0.0/24 dev eth0
- network 10.2.1.0/24 dev eth2
- default route 10.2.1.1 dev eth2
I use that isp2 in MANGLE rules to redirect some traffic to utilize second outgoing link.
Everything works fine, when I want to redirect traffic that goes OUT, if it will go over primary ISP or over secondary ISP, based on MANGLE table rules.
Question: How do I configure gateway so it would allow inbound connections from second ISP, to be forwarded to clients in LAN, behind gateway? I want to forward traffic incoming on specific ports to specific port of specific clients, but it has to work over non-default route.
Any ideas?
Platform that I use is irrelevant, I'm more interested what needs to be done in order for this to work, but you can write examples as if I were using linux (so iproute2/iptables).
You may use rinetd.
For FTP forwarding via ISP2, while ISP1 is the default one.
oneliner config:
10.2.1.2:21 192.168.1.129:21
the downside: on your FTP log, all connections will appear as coming from 10.2.1.2