On 02/08/2013 07:39 AM, Natxo Asenjo wrote: > Do you have any tips on how to reach vlan 5 on the virt host from vlan 1? Not without the configuration from your switch. The most likely problem is this: Your workstation is sending traffic to 192.168.5.10. The switch sends it through VLAN 5 to eth2 on your virtualization host. The host replies to that traffic using the correct address, but through interface eth0, since that is the only interface with a route to the workstation. Those packets would go to the default gateway. Either your switch or your default gateway may be doing ingress filtering, or reverse path filtering, or stateful firewalling. Any of those would block the reply traffic, and at least one of them is very likely in place by default on either an L3 switch or a router. What you're attempting to do is called multi-homing, and it's fairly complicated to do on Linux. You need to have multiple default routes, and you need the kernel to select the default route based on the addresses of the packets that it sends. That involves making multiple routing tables, tagging packets pre-routing, and using ip rules to select the appropriate routing table. Shorewall will simplify this if you use it to build your firewall rules. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos