Ubuntu NAT with multiple connections

Question

I have a linux server with 2 WAN connections. It has 2 public IP address as WAN_IP1 and WAN_IP2. The server default gateway is WAN_IP1.

The server also has 2 LAN interfaces and the relative subnets.

This server is supposed to forward some port from the WAN addresse_S_ to som LAN server, I've always done it with DNAT or MASQUERADE.

For example I have a web server in my LAN with address LAN_IP1 and the rules are:

iptables -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:80
iptables -A POSTROUTING -j MASQUERADE

When i try to connect to the web server via the WAN_IP1 everything goes well as WAN_IP1 is the default gateway but when I try via the WAN_IP2 the reply from the LAN server is routed through the default gateway WAN_IP1 and so the connection never establish.

I've seen a lot of possible solutions but I think there maybe something more "clean" than marking packets and making ip aliases...

Any suggestions?

Answer 1

Routing all outgoing traffic over the default gateway is the default behavior if no other route matches. If you want to route traffic to specific destinations via another gateway, you must define additional routes for these destinations.

A more "clean" way which comes to my mind is to put a router in front of your server, which holds the connection to both WANs and a connection to your server. Your server would only talk to the router (his default gateway) and the router would route the packets.
Although this is practically like specifying additional routes on the server, while they are configured on a router in this solution, but it would put the burden of network management onto network hardware.