Firewall - 2 Internet accesses - routing rules from source

el70 · February 17, 2005, 3:10pm

Hello,

I would like to modify my firewall configuration for being able to handle 2 internet connections in my Red zone.
I would then like to configure some selecting routing rules depending on the internal source.

Actual configuration:

          1 router A \(ISP\)
          | 
          | \(Red\) with different public adresses
              |                                                                   
             FW---------------- \(Orange\)
              |
              |\(green\)
              |
         ===================== \(LAN\)

          the default gateway of my firewall is fixed to the @ of my ISP router

New desired configuration :

       I now have 2 ISP providers with 2 different routers. \(belonging to my ISP\)
       In the future I even think to add some more new ones.

   routers A\(ISP-A\)  and  router B \(ISP-B\)
   \-------------  
          | 
          | \(Red\) with different public adresses
              |                                                                   
             FW---------------- \(Orange\)
              |
              |\(green\)
              |
         ===================== \(LAN\)

I wish to configure some routing rules in my firewall, so to be able to select the INTERNET exit gateway depending on the internal source.

I succeeded to make a simulation of this situation, using a Linux server as firewall and router.
I configured all rules in the Linux box using commands like : iptables, ip rule, an so on... .
I used some examples found in books and in Internet pages or forum.

But now I'm looking in a way to do it in my PRODCTION environment with my SMOOTHWALL-SERVER firewall.

I did not succeed to find how to do it with the Web interface of this product. Or better say, I did not know exactly where to look for it.
I even tried to force a configuration in a text mode command. But it seems that ip rule commands are not usable in the kernel situation of the Smoothwall.

If anyone knows how to do it with Smoothwall Server or Smoothwall Express I would appreciate some help. From a Smoothwall Express example, I would surely find a similar way of doing it with Smoothwall Server.

Here is the example of the routing rules I would like to be able to configure.

all internet traffic from a server A in my LAN zone should pass through router B to go to the INTERNET.
and all the traffic from all other computers or servers from my LAN should go through router A.
or the same rule for computers in my orange zone.
all internet traffic from a server B in my orange zone should pass through router B to go to the INTERNET.
and all the traffic from all other computers or servers from my orange zone should go through router A.

My question will perhaps seems a little bit tricky or even stupid for some of you.
But I'm a beginner in firewall configuration and I do not know much about it.
I just a begginer and any help will be fully appreciate.

Thanks for any indications or help that can guide me through my researches an tests.

Excuse all english mistakes in this text. I'm just a french guy and I do not write in english very often.

Thanks to all of you.

Phobos · February 19, 2005, 9:43pm

Perhaps you could just use your linux box to handle everything, instead of the SmoothWall. It appears that you fairly competent in using iptables, etc. that you could acomplish this task. SmoothWall is a proprietary software, and you would probably have to find somebody who knows how to use it, or go to their site and read their forums, help pages, etc.

Good Luck,
Robert