Networking challange!

[inaki]

Okay folks, I have an advanced routing challange for you!

What I have:
1 Comcast Cable connection. Superfast (tests at about 18mbit with a 100MB file) but they have usage restrictions.
1 AT&T DSL connection. I can use this to my heart's content, but its only 1.5mbit.
1 Routing computer. 2Ghz P4, 1GB RAM, 1 port internal NIC, 4 port external NIC, 80GB HDD. Runs VMWare Server just fine, so VM voodoo is an option.

What I need:
I want the Comcast line to be the primary connectivity for the house. If in doubt, traffic should go over this line. HOWEVER. I'd like to direct specific traffic though the DSL line, things like bittorrent traffic, for instance. Most, but not all of the various DSL worthy programs will use various proxy connections.

Does anyone have any suggestions on how to do this? When we were running four DSL lines, I just ran four VMs, each running a Smoothwall installation. If I can simplify this into a single OS install, I'd like to. Or if I can do this with IPTables voodoo.

Okay ideas! Discuss!

Comments

[kyhwana.livejournal.com]

Well, for the DSL stuff, a simple squid or SOCKS5 proxy that binds to use the outgoing address of the DSL line. (I believe squid uses tcp_outgoing_address ?)

Routing bittorrent would be more tricky, if you're not using squid/socks5. Hmm.

[amethe.livejournal.com]

Since everyone in the house is on board with you as far as networking agreements go (since non-compliance would = losing the cable again), I'd designate a range of ports to be bulk traffic and use IPtables to run the bulk traffic through the DSL. Have two gateways, and set up simple IPtables routes to send ALL traffic on ports say.... 50000 - 55000 through the DSL gateway.

[wolphin.livejournal.com]

Quite easy to do with iptables, I was going to give an example, but my brain just barfed. Stuff like bittorrents, from speaking to a few of my friends are getting harder to nicely bunch into a rule set because the clients keep changing to assist with bypassing filters, so it may take a little fiddling and configuring on your end to get it working the way you want.

[inaki.livejournal.com]

Ya thats what I was thinking. So, then Linux can handle having multiple external gateways coming into it, and do NAT cleanly between them?

[wolphin.livejournal.com]

Yes, could be a bugger to set up, but it will come down to your routing and iptable rules. I don't use NAT which makes things easier for me, but shouldn't be much of a problem.

[snowwolf42.livejournal.com]

For the cheap, no hard disk solution: The Netgear FVS124G Dual WAN router (http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS124G.aspx). You can setup the dual WAN as active-active or active-passive. In active-active it has tables for traffic that must go over a specific WAN ports. Mapping would be everything except, say, HTTP or FTP goes over the DSL. That's what I run here.

Been using one for over a year, and bought a second recently for another location. After futzing with a motherboard on the router that ate Linux boot partitions for breakfast, I was happy to have this instead.

Only downside is their VPN software only seems to be available in a windows version. It was trivial to map SSH through to the linux machine on the other side, however.