Send some internal IP users through the 2nd ISP

There are two providers on the gateway (FreeBSD 13.1, natd, ipfw).
The failover is configured and working in case of problems with the main channel of the provider.
There is a need for some IP users to work through the second (backup) channel of the provider.
To determine IP data, I use a table ipfw in script file ipfw.
rl0 - main ISP.
igb3 - backup ISP.
Additional natd for the backup provider:
/sbin/natd -n igb3 -port 8669

Code:
...
# To backup ISP start
        ${fwcmd} table 25 flush
/bin/cat /usr/local/etc/squid/bc_ch.list | while read ip; do
        ${fwcmd} table 25 add $ip
done
# To backup ISP end
...

Code:
...
# NATD Backup ISP forward users
${fwcmd} add 460 divert natd2 ip from table\(25\) to any
${fwcmd} add 470 fwd IP_GW_BACKUP_ISP ip from IP_BACKUP_ISP to any
...

Code:
...
${fwcmd} add divert natd2 ip from any to IP_BACKUP_ISP in via igb3
...

Code:
...
${fwcmd} add pass all from table\(25\) to any keep-state
...

This scheme works, but it is wrong. Packets from IP users from the table are wrapped in the channel of the 2nd provider (2ip.ru, etc show IP_BACKUP_ISP in the browser). The IP packets I need go (wrap) to the backup channel, but the answer seems to go through the channel of the main provider, to which the default gateway. Tracert from workplaces (listed in the user table) still shows the route through the main provider.
How to organize the described scheme of work?
 
Back
Top