Policy routing and Linux

[bscott at ntisys.com]

Hello world,

  Has any one on the list done anything with policy-based routing and Linux?

  Scenario: We have two Internet feeds, DSL and cable, both connected to a
single Linux box.  Said Linux box is also connected to our LAN -- it is our
firewall/router/gateway.  The Linux box has a default route via the cable
feed's gateway.  In general, things work very well.

  One problem, though.  If I try to connect to the DSL address, the Linux
box sends the responding packets out the interface for the cable feed.  
That makes sense; that is the default route.  However, the cable provider
properly filters those packets as having a bogus source address (the DSL
address).

  So I need a way to tell Linux that packets it sends with a source address
of the DSL feed should be routed out the DSL feed.  In other words, I want
the kernel router to look at not just the destination address, but the
source address.  I'm pretty sure Linux can do this, but I'm having trouble
getting it to work.

  I've read the documentation for iproute2 and the ip(8) command.  It gives
me lots syntax, but not much on how to apply that syntax.

  I've read the "Linux Advanced Routing & Traffic Control" HOWTO.  It gives
me cookbook commands, but little explanation, and even the examples are a
little unclear.  More importantly, the commands I type don't seem to work.  
The system accepts them, and appears to make changes to the routing tables,
but the packets still end up going out the wrong interface.

  I'm hoping someone here has already done this, and can give me a hand.

  Anyone?

-- 
Ben Scott <bscott at ntilinux.com>