Our router is connected to three separate providers on three interfaces and i need to forward a single port from all of them to internal IP, again on the same single port. The idea is to have some redundancy for connecting to our intranet management system.
Dst-nat does the job for the incoming packets, but on the way back, the connection always exits via the default route for the internal IP.
Solutions i am thinking about:
Marking the incoming packets, but the information from which provider the packet come is lost on its way back to the source.
Also i could put two more IP addresses on the internal host and dst-nat to three separate IPs, but i think there should be more civilized approach to this.
Use connection-marking to apply a mark to the connection identifying the provider it came in on (decided via in-interface) on the first SYN packet. This is done in mangle, the wiki has details. Then, also in mangle, set routing-marks on outbound packets that carry that connection-mark and install routes out the the three providers based on the routing marks. Leave your normal routes in place to catch all traffic that hasn’t been marked.
@fewi:
I have a very similar case. Do you think is is possible when using only 1 interface (for simplicity reasons) on the router, to accept and distribute all routes from the (n) gateways?
thanks
darengr