![](https://seccdn.libravatar.org/avatar/68a5dd80924177e65e95100de8891882.jpg?s=120&d=mm&r=g)
I am about to build a frankenstein monster out of my SuSE 8.1 Linux internet server / NAT router-firewall machine.... at least I'm going to try. Presently the machine has two nics in it, one is the external internet nic and the other is an internal network nic, with an rfc1918 address, in the classic firewall/router/bastion-host setup. I presently have a wireless ISP who gives me a static IP address, and the bandwidth is good enough for hosting my vanity domain name web and email servers but is not always so good (too much packet delay/latency) for my online game playing from windows boxes on my interior network which is NAT'ed by the Linux box as my internet router and firewall machine. Let's call this one ISP "A". I just signed up for a broadband cablemodem connection, which will only give me a dynamic ip address that will change frequently. Let's call this one ISP "B". I wish to add a third nic into my Linux machine and have it connected to both ISP's and have all my web/email/ssh server traffic running on that Linux machine routed out to the internet via the nic connected to ISP "A" and have my NAT'ed interior network traffic from the windows boxes routed out via the nic connected to the cablemodem ISP "B". Now if it weren't for my SuSEfirewall2 settings coming into play, I think I can do this via setting up two different routing tables and taking advantage of iproute2's abilities... I've found some config examples on usenet and have read the howto at http://lartc.org/howto/lartc.rpdb.multiple-links.html to get the basic networking stuff supporting this abominable nightmare, but I have grown too comfortable with my SuSEfirewall2 settings which make me feel safer against keeping the booger-man out of my Linux machine and the various other machines I have NAT'ed behind the Linux machine. From what I've been able to see with my limited knowledge of SuSEfirewall2, it seems that this wonderful iptables management tool is geared primarily for the model of having one external nic, one internal nic, and perhaps also a "dmz" third nic. Can the SuSEfirewall2 in SuSE 8.1 (in present form as shipped) support both my external nics and two ISP's and the multiple routing tables mess that I desire to have the best of both worlds? If so, can anyone possibly point me to some configuration examples showing me how to protect against evil traffic coming inbound from both external interfaces while still allowing desired traffic coming inbound from both nics, and allowing my desired outbound traffic to go out the appropriate nic as specified in the respective routing table? Also, as if I'm not enough of a glutton for punishment... I may even wish to add a fourth nic in the futire to be a NAT'ed "DMZ" of sorts on yet another rfc1918 network address separate from my windows network, for the purpose of placing a dedicated UT2003 server machine. Am I asking for too much in expecting to be able to do this all with one single Linux machine? I know it would probably be simpler to have dual machines (or just get a cheap Linksys router), one for each ISP, but I'm a cheap bastard who is out of money now after paying for two ISPs and would like to try to make all this complicated mess work on a single Linux box. Thanks for any help. Neal