routing with multiple ISP connections


#1

In a nutshell, I’m trying to send only certain traffic over one particular interface and all other traffic in and out of the other interface.

eth1: internal network only
eth2: should handle in/out traffic solely for a handful of specific services. Nat rules and firewall rules already exist that allow access to internal resources from the outside world. This is presently our primary ISP. The goal is to eliminate this as the primary means of internet access for users within the network and force their traffic over eth3
eth3: currently unused, but needs to be the primary connection for users to access the internet.

Specifically, I have a vital service running on 10.4.1.11 that needs to be accessible to internal users via that address and external users via eth2. Internal users, however, should access the outside world via eth3.

It seems like this is something I should be able to accomplish with static routes, but I’m concerned about maintaining accessibility of the internal resources to internal users, while still providing that access to external users. Anybody have thoughts on the best method of accomplishing this?