Routing port 80 over dual WAN

My setup is I have a 6mb/s DSL and a 3mb/s bonded T1 I would like to be able to route outbound web traffic and downloads over the DSL and keep the T1 open for games (lan center) since we are just starting up we dont have to money for a expensive solution from Cisco but i was hopeing for something maybe Linux based (free hopefully) and easy to manage (good GUI) we have a dedicated box right now running Smoothwall Express 2 so reuseing that box adding functionality would be the ideal solution.

Thank you in advance,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This is a dual gateway network. Indeed high end hardware is necessary for the hot setup, but...

You could run IPcop or other linux easy setup system (anything with squid caching proxy) proxy all web traffic on port 80 to ensure that it is going out and in via the DSL.  All other protocols will go out through your 3meg by virtue of having the gateway of all PC's point to the 3meg router.

Nothing to manage.  Proxying is ideal for web/download.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StammesOpferAuthor Commented:
Thanks that makes sense I was thinking too close mindedly that will serve my purposes very well I was planning on proxy anyway but hadn't thought of that.
You need policy based routing. It's available on moderb Linux and FreeBSD kernels for free. I'll tell you about Linux implementation.

I'm not shure about existing GUI for managing policy based routing, at least you may do it in Command Line Interface.
I suppose that behind your router you have a LAN with private addresses (suppose
Your router has 3 interfaces, call them ifLAN, ifT1, ifDSL (ok, they are probably eth0, eth1, eth2 in Linux). Your ifT1 default gateway has gwT1 and your ifDSL default gateway has gwDSL ips (suppose and respectively). Your ifLAN has gwLAN IP (suppose

Suppose we need to route TCP traffic to port 80 to gwDSL and UDP traffic to port 9999 to gwT1 all other traffic will be routed to gwDSL.
There is a very good book for policy based routing in Linux (available either on amazon or online):

Read this chapters before my explanations: (6.3 Tag Routing with TOS and fwmark (nfmark)) (8.3 NetFilter NAT)

Also this doc will help you in understanding 'tables' in Linux netfilter (-t switch of iptables command):

Here is a very simple example:

This type of routing is rather complex and you need to understand Linux NetFilter firewall functionality (man iptables).

Also note, that my example is needed to be ajusted and tested (it will probably may be tested on SmothWall Express 2, because it's linux 2.4.x based and it has all requiered kernel modules).

# You need to mark incoming packets from ifLAN interface
# We will modify 'nat' table.

# We will modify 'mangle' table (it will be processed before NAT)
iptables -t mangle -A PREROUTING -s -d 0/0  -p tcp  --in-interface eth0 --dport 80 -j MARK --set-mark 1
iptables -t mangle -A  PREROUTING -s -d 0/0  -p udp --in-interface eth0 --dport 9999 -j MARK --set-mark 2
# Any other packets will not be marked

# We may process route marked packets with different routing tables (and to route to different interfaces)
# We need two additional routing tables: for WEB traffic and for GAME traffic (append these linese only once)
echo 201     web.out >> /etc/iproute2/rt_tables
echo 202     game.out >> /etc/iproute2/rt_tables

ip rule add from fwmark 1 table web.out
ip rule add from fwmark 2 table game.out

# Now route packets in table web.out to gwT1 and device ifT1
ip route add default via dev eth1 table web.out
# Do the same with Game traffic
ip route add default via dev eth2 table game.out
# Any other traffic will go through default routing table

# Enable new routing tables
ip route flush cache

# That's not all... We need to do NAT (masquarade) in POSTROUTING so outgoibg packets will have interface
# outgoing address as source IP address
# read here:

# NAT to T1
iptables -t nat -A POSTROUTING -o eth1 -j MASQUARADE
# NAT to DSL
iptables -t nat -A POSTROUTING -o eth2 -j MASQUARADE

# That's all

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.