- You have 2 connnections to the Internet - A is the default link, B - secondary link.
- You have hosts inside LAN which are DNAT'ed from B space IP addresses.
- Provider A blocks IP addresses from B address space
- on router you have DNAT'ed some hosts to LAN and SNAT'ed all outgoing IP addresses on A and B interfaces.
To correct this, you should:
- add corresponding iproute2 table (if not already exist)
- mark all outgoing packets from specified LAN host(s) with iptables PREROUTING chain
- add ip rule to route marked packets through specified table and gateway
## script - all other routes and configurations skipped
## you should add this only one time
# echo 200 bprovider >> /etc/iproute2/rt_tables
...
## add routes to B space and gateway - all in bprovider table
ip route add $B-NET dev $B-DEV src $B-IP table bprovider
ip route add default via $B-GW table bprovider
## add rule to answer all incoming connections to B space over B gateway
ip rule add from $B-IP table bprovider
## iptables part - DNAT incoming packets, SNAT outgoing packets, and mark LAN packets - only for B addresses.
## Only some http ports (80,443) are redirected to LAN host
...
iptables -t nat -A PREROUTING -d $B-IP -m multiport -p tcp --dports 80,443 -j DNAT --to $LAN_IP
iptables -t nat -A POSTROUTING -o $B-DEV -j SNAT --to-source $B-IP
iptables -t mangle -A PREROUTING -s $LAN_IP -j MARK --set-mark 99
...
## and finally - order marked packets to routed over B gateway
ip rule add fwmark 99 table bprovider
Some other approach with CONNMARK (don't tested yet): http://home.regit.org/?page_id=7
