i have 3 internet links.
2 coming through the same cisco router.
and one other coming through a separate router.
1 link is purely reserved for surfing the web.
while the other 2 links should be used to link to some other organisation. The two links should be accessible from one windows server inside the orgarnisation.
my question is,
how do i tell my SuSEFirewall to separate the traffic for the 3 links, i want the windows server to sit behind the firewall. probably in a DMZ. but it's traffic should only pass through one of the other 2 links.
You can load additional custom rules into SuSEfirewall2 using the /etc/sysconfig/scripts/SuSEfirewall2-custom file, after enabling it in /etc/sysconfig/SuSEfirewall2. I'm not entirely sure if I understand your question correctly, but we had 3 internet connections in our house last year and did something like this (tried to simplify example so may have introduced errors. The methods for doing such things are described in full at lartc.org I suggest you read there. ------ INTERNALNIC=eth0 EXTERNALNICA=eth1 EXTERNALNICB=eth2 EXTERNALIP=0.0.0.0 #clean up for restart ip rule del fwmark 1 table interfacea.out ip rule del fwmark 2 table interfaceb.out #add rules to route packets marked with 1 with interfacea routing table #and packets marked with 2 with interfaceb routing table #you will need to have created these routing tables ip rule add fwmark 1 table interfacea.out ip rule add fwmark 2 table interfaceb.out #delete default route ip route del default #add default route through interfacea ip route add default via $externalipaddress dev $EXTERNALNICA table main #set default route for interfacea routing table through interfacea ip route del default table interfacea.out ip route add default via $EXTERNALIPA dev $EXTERNALNICA table interfacea.out #set default route for interfaceb routing table through interfaceb ip route del default table interfaceb.out ip route add default via $EXTERNALIPB dev $EXTERNALNICB table interfaceb.out #mark everything for connection 1 iptables -t mangle -A PREROUTING -i $INTERNALNIC -d 0/0 -j MARK --set-mark 1 #now mark stuff we want to go over connection2 #ssh iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 22 -j MARK --set-mark 2 #http(s) iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 80 -j MARK --set-mark 2 iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 443 -j MARK --set-mark 2 #irc iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 6667 -j MARK --set-mark 2 iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 6669 -j MARK --set-mark 2 #ssl iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp --dport 7070 -j MARK --set-mark 2 #freenode alternative port #put a specific machine on one connection iptables -A PREROUTING -i $INTERNALNIC -t mangle -p udp -s 192.168.0.30 -j MARK --set-mark 2 iptables -A PREROUTING -i $INTERNALNIC -t mangle -p tcp -s 192.168.0.30 -j MARK --set-mark 2