I have been reading about "ip route" command and I think that with Linux pure firewalling I could activate a routing based on dest ip, saying something like 'all packets from my LAN with destination address different of another company LAN, launch it trougth ADSL router'
Like... the... default route?
and 'all packets from my LAN with destination address equal to another of my company LANs, launch it trougth FR router'.
OK... Sounds pretty straightforward. Your internal interface gets its private address/netmask, and a route is added for the associated net.
Your FR facing interface gets its (also) private address/netmask, and a route is added for the associated net. If the remote end of this network is broader than that route, you'll have to add a static route. I'd assume Checkpoint provides you with that...
Your public interface gets its public address/netmask and the default route.
Now, set your FORWARDING policy to DROP. If you can, set up your firewall rules based on the interface the packet came in.
First rule: ACCEPT or MASQ packets coming in your private interface, where the destination is the remote office. Which you do depends on how your routes are set up...
Second rule: MASQ all packets coming in your private interface. This will catch everything else, bound for the internet.
Third rule: ACCEPT related,established packets coming in through the FR facing interface.
Fourth rule: ACCEPT related,established packets coming in though your public interface.
