Multiple Internet Connections with split access

1. TATA_INTIP="192.168.15.2"
2. AIRTEL_INTIP="192.168.1.2"
3. TATA_LANIP="192.168.20.1"
4. AIRTEL_LANIP="192.168.2.1"
5. # Interface connected to Internet
6. BHARTI="eth0"
7. TATA="eth1"
8. AIRTEL="eth3"
9. # Interface connected to LAN
10. BHARTI_LAN="eth4"
11. TATA_LAN="eth4:0"
12. AIRTEL_LAN="eth4:1"
13. # Squid port
14. SQUID_PORT="3128"
15. SSL_PORT="3129"
16. iptables -F
17. iptables -X
18. iptables -t nat -F
19. iptables -t nat -X
20. iptables -t mangle -F
21. iptables -t mangle -X
22. # Load IPTABLES modules for NAT and IP conntrack support
23. modprobe ip_conntrack
24. modprobe ip_conntrack_ftp
25. # For win xp ftp client
26. #modprobe ip_nat_ftp
27. echo 1 > /proc/sys/net/ipv4/ip_forward
28. # Setting default filter policy
29. iptables -P INPUT DROP
30. iptables -P OUTPUT ACCEPT
31. # Unlimited access to loop back
32. iptables -A INPUT -i lo -j ACCEPT
33. iptables -A OUTPUT -o lo -j ACCEPT
34.  
35.  
36. # Allow UDP, DNS and Passive FTP
37. #iptables -A INPUT -i $BHARTI -m state --state ESTABLISHED,RELATED -j ACCEPT
38. iptables -A INPUT -i $TATA -m state --state ESTABLISHED,RELATED -j ACCEPT
39. iptables -A INPUT -i $AIRTEL -m state --state ESTABLISHED,RELATED -j ACCEPT
40.  
41.  
42. # set this system as a router for Rest of LAN
43. iptables -t mangle -A PREROUTING -p tcp 192.168.20.0/24 -j MARK --set-mark 4
44. iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.15.2
45. iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source 192.168.1.2
46.  
47.  
48. # unlimited access to LAN
49. iptables -A INPUT -i $BHARTI_LAN -j ACCEPT
50. iptables -A OUTPUT -o $BHARTI -j ACCEPT
51.  
52. iptables -A INPUT -i $TATA_LAN -j ACCEPT
53. iptables -A OUTPUT -o $TATA -j ACCEPT
54.  
55. iptables -A INPUT -i $AIRTEL_LAN -j ACCEPT
56. iptables -A OUTPUT -o $AIRTEL -j ACCEPT
57.  
58.  
59.  
60. # DROP everything and Log it
61. iptables -A INPUT -j LOG
62. iptables -A INPUT -j DROP