I'm using a Linux based router appliance (named Zeroshell), but it should be a question related to generic Linux routing.
The router computer has 4 NICs, named ETH0 to ETH3.
- ETH0 is on the actual LAN (subnet 192.168.241.0/24) IP 192.168.241.254
- ETH1 is on a WAN connection router (subnet 192.168.1.0/24) IP 192.168.1.1, GW 192.168.1.254
- ETH2 is on a another WAN connection router (subnet 192.168.2.0/24) IP 192.168.2.1, GW 192.168.2.254
- ETH3 is on another LAN dedicated for guests (subnet 192.168.230.0/24) IP 192.168.230.254
The default gateway on the router is set to 192.168.2.254 so all outgoing traffic uses the second WAN connection (optic fiber), and NAT is enabled on both ETH1 and ETH2.
On first WAN router, 192.168.1.1 is set as the DMZ. On second WAN router, 192.168.2.1 is set as the DMZ.
I've set some port forwarding on port 80 on both ETH1 and ETH2 to a computer lying in the ETH0 subnet.
When connecting to the second WAN's public IP with a browser, I get the website hosted on the internal computer.
When connecting to the first WAN's public IP with a browser, connection stays stuck.
I'm pretty sure this has to deal with the default gateway set to the second WAN's router making all traffic go to him, even if it originated from the first WAN router.
So my question is : HOW should I configure the routing tables on my router so that it can handle incoming connections from both WANs, forward them to the relevant LAN computer and route answers to the proper WAN ?
EDIT:
Adding routing tables from the Webserver :
root@webserver:/# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:f1:03:10 brd ff:ff:ff:ff:ff:ff inet 192.168.241.23/24 brd 192.168.241.255 scope global eth0 valid_lft forever preferred_lft forever root@webserver:/# ip route show default via 192.168.241.254 dev eth0 10.8.0.0/24 via 192.168.241.21 dev eth0 192.168.240.0/24 via 192.168.241.21 dev eth0 192.168.241.0/24 dev eth0 proto kernel scope link src 192.168.241.23 Adding routing tables from the Router :
root@rtr ~> ip addr show 1: lo: <LOOPBACK,UP,10000> mtu 65536 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: sit0@NONE: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 3: ETH00: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc mq qlen 1000 link/ether 00:15:5d:f1:05:08 brd ff:ff:ff:ff:ff:ff inet 192.168.230.254/24 brd 192.168.230.255 scope global ETH00:00 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:fef1:508/64 scope link valid_lft forever preferred_lft forever 4: ETH01: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc mq qlen 1000 link/ether 00:15:5d:f1:05:09 brd ff:ff:ff:ff:ff:ff inet 192.168.2.1/24 brd 192.168.2.255 scope global ETH01:00 valid_lft forever preferred_lft forever inet6 2a01:e35:2e74:9560:215:5dff:fef1:509/64 scope global dynamic valid_lft 86156sec preferred_lft 86156sec inet6 fe80::215:5dff:fef1:509/64 scope link valid_lft forever preferred_lft forever 5: ETH02: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc mq qlen 1000 link/ether 00:15:5d:f1:05:0b brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global ETH02:00 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:fef1:50b/64 scope link valid_lft forever preferred_lft forever 6: ETH03: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc mq qlen 1000 link/ether 00:15:5d:f1:05:0c brd ff:ff:ff:ff:ff:ff inet 192.168.241.254/24 brd 192.168.241.255 scope global ETH03:00 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:fef1:50c/64 scope link valid_lft forever preferred_lft forever 7: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue link/ether 9e:3d:6a:0e:65:39 brd ff:ff:ff:ff:ff:ff inet 192.168.141.142/24 brd 192.168.141.255 scope global dummy0 valid_lft forever preferred_lft forever 8: dummy1: <BROADCAST,NOARP,UP,10000> mtu 1500 qdisc noqueue link/ether ee:6e:6f:33:32:34 brd ff:ff:ff:ff:ff:ff inet 192.168.142.142/32 brd 192.168.142.255 scope global dummy1 valid_lft forever preferred_lft forever inet6 fe80::ec6e:6fff:fe33:3234/64 scope link valid_lft forever preferred_lft forever 9: DEFAULTBR: <BROADCAST,MULTICAST> mtu 1500 qdisc noop link/ether 0a:61:ef:f2:09:80 brd ff:ff:ff:ff:ff:ff 10: VPN99: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 10 0 link/ether 1a:e8:0e:ee:78:aa brd ff:ff:ff:ff:ff:ff inet 192.168.250.254/24 brd 192.168.250.255 scope global VPN99:00 valid_lft forever preferred_lft forever 11: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 8e:65:6c:3d:76:e5 brd ff:ff:ff:ff:ff:ff 12: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 1e:34:34:54:8d:48 brd ff:ff:ff:ff:ff:ff 13: bond2: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 5a:bc:4c:86:83:dc brd ff:ff:ff:ff:ff:ff 14: bond3: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 6e:81:53:3e:0a:ff brd ff:ff:ff:ff:ff:ff 15: bond4: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 6a:35:c8:45:d1:ff brd ff:ff:ff:ff:ff:ff 16: bond5: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether ca:5d:10:21:02:30 brd ff:ff:ff:ff:ff:ff 17: bond6: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 82:60:85:97:d4:90 brd ff:ff:ff:ff:ff:ff 18: bond7: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether b6:fc:c9:a5:06:73 brd ff:ff:ff:ff:ff:ff 19: bond8: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether ce:75:5d:e5:7d:69 brd ff:ff:ff:ff:ff:ff 20: bond9: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop link/ether 2e:ef:1e:89:26:1b brd ff:ff:ff:ff:ff:ff root@rtr ~> ip route show default via 192.168.1.254 dev ETH02 192.168.1.0/24 dev ETH02 proto kernel scope link src 192.168.1.1 192.168.2.0/24 dev ETH01 proto kernel scope link src 192.168.2.1 192.168.230.0/24 dev ETH00 proto kernel scope link src 192.168.230.254 192.168.240.0/24 via 192.168.241.21 dev ETH03 192.168.241.0/24 dev ETH03 proto kernel scope link src 192.168.241.254 192.168.250.0/24 dev VPN99 proto kernel scope link src 192.168.250.254 
ip addr show; ip route showon both servers