Policy-Based Routing Using Software Firewalls?

Bios_Hakr asks: "My local computer group meets for monthly LAN parties. The location that hosts the parties also has a small internet cafe. After the cafe closes, they allow us to connect to their T-1 line. They supply us with a single IP address which we NAT/(PAT?) via a Linksys DSL router. We also have a second T-1 supplied by one of the more gracious members of our group. He agreed to supply this T-1 after experiencing abysmal ping rates with 30 people sharing the bandwidth. Herein lies the quandry: How can we implement Policy-Based routing for our LAN? I'd like all HTTP and FTP to be directed out one line while popular gaming ports are directed over the second line. All file-sharing traffic should be killed. I know how to do this via Cisco IOS and policy-route-mapping, but I'm at a loss when it comes to doing it via software firewall solutions. We have several Linux-familiar people in the group and lots of Windows geeks; but the solution should be simple and require zero brainpower to set up after the initial implementation. How would you split your LAN traffic across two T-1 lines?"

Simple perl script will do it

You will need to modify it to suit your particular set up, but it should be fairly obvious even to people new to perl.

#!/usr/bin/perls-Ws$command_lines=s"$0s"s .sjoins('s',s@ARGV);ssesGetopt::Long;sGetOptions(s "log"s=>s\$log_opts"help"s=>s\$help,s"ip=f"s=>s\$f irewallip,s"nat=s"s=>s\$nat,s"reserved"s=>s\$reser ved,s"executable"s=>s\$executable,s"queue"s=>s\$qu eue,s"paranoid"s=>s\$paranoid,s"trusted=s"s=>s\$tr usted,s"match"s=>s\$match_opts);sifs(s$#ARGVs<s0s) s{s&usage();sexit;s}swarns"WARNING:sIscan'tsfindst hatsinterface\n"sunlesss(greps/$ARGV[0]/,s`/sbin/i fconfigs-a`);s$EXTERNAL_INTERFACE=$ARGV[0];sdies"C annotsdeterminespathstosiptables:ssetsmanually"sun lesss(chomp($iptabless=s`whichsiptables`));s$logs= s();s$portmatchs=s();s$SERVICES="/etc/services";s% seens=s();s$DATE=localtime;sprints"$match_opt\n";s $logs=s"1"sunlesss!s$log_opt;s$portmatchs=s"1"sunl esss!s$match_opt;sifs($firewallip)s{s$DITTY="-ds$f irewallip";s#ssetsfirewallsipsifsgivens}selses{s$D ITTY="-is$EXTERNAL_INTERFACE";s}sifs($help)s{s&usa ge;s#sdumpsusagesdittysifs-hsexits1s}sprints"#!/bi n/sh\n"sunlesss!s$executable;s@RESERVED_IANAs=sqws (0.0.0.0/8s1.0.0.0/8s2.0.0.0/8s5.0.0.0/8s7.0.0.0/8 s10.0.0.0/8s23.0.0.0/8s27.0.0.0/8s31.0.0.0/8s36.0. 0.0/8s39.0.0.0/8s41.0.0.0/8s42.0.0.0/8s58.0.0.0/8s 59.0.0.0/8s60.0.0.0/8s127.0.0.0/8s169.254.0.0/16s1 72.16.0.0/12s192.168.0.0/16s197.0.0.0/8s224.0.0.0/ 3s240.0.0.0/8);s@RESERVED_MINIMALs=sqws(127.0.0.0/ 8s192.168.0.0/16s172.16.0.0/12s10.0.0.0/8);sprints "\n#schainspolicies\n",s"#ssetsdefaultspolicies\n" ,s"$iptabless-PsINPUTsDROP\n",s"$iptabless-PsOUTPU TsACCEPT\n",s"$iptabless-PsFORWARDsDROP\n",s"\n#sf lushstables\n",s"$iptabless-F\n",s"$iptabless-FsIN PUT\n",s"$iptabless-FsOUTPUT\n",s"$iptabless-FsFOR WARD\n",s"$iptabless-Fs-tsmangle\n",s"$iptabless-X \n",s"$iptabless-Fs-tsnat\n";sprints"\n#screatesDU MPstable\n",s"$iptabless-NsDUMPs>s/dev/null\n",s"$ iptabless-FsDUMP\n";sifs($log)s{sifs($queue)s{spri nts"$iptabless-AsDUMPs-jsQUEUE\n",s"$iptabless-AsD UMPs-pstcps-jsREJECTs--reject-withstcp-reset\n",s" $iptabless-AsDUMPs-psudps-jsREJECTs--reject-withsi cmp-port-unreachable\n",s"$iptabless-AsDUMPs-jsDRO P\n";s}selses{sprints"$iptabless-AsDUMPs-pstcps-js LOG\n",s"$iptabless-AsDUMPs-psudps-jsLOG\n",s"$ipt abless-AsDUMPs-pstcps-jsREJECTs--reject-withstcp-r eset\n",s"$iptabless-AsDUMPs-psudps-jsREJECTs--rej ect-withsicmp-port-unreachable\n",s"$iptabless-AsD UMPs-jsDROP\n";s}s}selses{sprints"$iptabless-AsDUM Ps-pstcps-jsREJECTs--reject-withstcp-reset\n",s"$i ptabless-AsDUMPs-psudps-jsREJECTs--reject-withsicm p-port-unreachable\n",s"$iptabless-AsDUMPs-jsDROP\ n";s}sprints"\n#sStatefulstable\n",s"$iptabless-Ns STATEFULs>s/dev/null\n",s"$iptabless-FsSTATEFUL\n" ,s"$iptabless-IsSTATEFULs-msstates--statesESTABLIS HED,RELATEDs-jsACCEPT\n",s"$iptabless-AsSTATEFULs- msstates--statesNEWs-is!s$EXTERNAL_INTERFACEs-jsAC CEPT\n",s"$iptabless-AsSTATEFULs-jsDUMP\n";sprints "\n#sloopbacksrules\n",s"$iptabless-AsINPU