LARTC - Jun 2005 - Split access to 2 internet links

--------------------              ----------------------
|    SDSL 1        |              |   SDSL 2           |
--------------------              ----------------------
                 \                  /
           eth1    \              /   eth2
                     \          /
               *---*---*---*---*---*---*
               |  Linux Router/Server  |
               *---*---*---*---*---*---*
                           | eth0
                           |
              group A            group B
         192.168.0.1-.50    192.168.0.51-.100

I am trying to set up a network that can split the 2 local groups to use

the two SDSL line, that is group A will only use SDSL line 1 and group B
will only use SDSL line 2. 

I have read Linux Advanced Routing and nano.txt by julian. I have set it
up in and it worked but not the way it should as what i like in the
above
diagram. It worked in loadbalancing (equalize) only. 

I also have a squid proxy set up as transparent. would this be a problem
when the groups will be splitted in accessing the internet?

here is my config:

ip rule add prio 50 table main
ip route del default table main

ip rule add prio 201 from $SDSL1_NET table 201
ip route add default via $SDSL1_GW dev eth1 src $SDSL_IP proto static
table 201
ip route append prohibit default table 201 metric 1 proto static

ip rule add prio 202 from $SDSL2_NET table 202
ip route add default via $SDSL2_GW dev eth2 src $SDSL_IP proto static
table 202
ip route append prohibit default table 202 metric 1 proto static

ip rule add prio 222 table 222
ip route add default table 222 proto static \
        nexthop via $SDSL1_GW dev eth1 weight 1 \
        nexthop via $SDSL2_GW dev eth2 weight 1


$IPTABLES -A FORWARD -i eth1 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth2 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth2 -j ACCEPT

$IPTABLES -t nat -A POSTROUTING -o eth1 -j SNAT --to $SDSL1_GW
$IPTABLES -t nat -A POSTROUTING -o eth2 -j SNAT --to $SDSL2_GW

$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

Load balancing works well, and everything seems to be OK.
But i want to accomplish the said above diagram? Im not sure it the
setup
will work with transparent proxy. Any ideas?

================Charles J. Nierva
Davao City, Philippines