Am Mit, 2002-07-17 um 19.18 schrieb Martin A. Brown: > Lucky, > So, you have something in your chains rules that looks like this: > ipchains -A forward -s 192.168.2.0/24 -d 0/0 -j MASQ > Simply insert a special case: > ipchains -I forward 1 -s 192.168.2.206 -d 0/0 -j ACCEPT OK, now I have in the firewall: Chain input (policy DENY): target prot opt source destination ports [ipac and lo rules] ACCEPT all ------ 0.0.0.0/0 pu.bl.ic.ip n/a [rest] Chain forward (policy DENY): target prot opt source destination ports ACCEPT all ------ 0.0.0.0/0 192.168.2.206 n/a ACCEPT all ------ 192.168.2.206 0.0.0.0/0 n/a [masq`ing stuff] Chain output (policy DENY): target prot opt source destination ports [ipac] ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a ACCEPT all ------ 192.168.2.206 0.0.0.0/0 n/a [rest] and the routing is as follows: moria2:/etc/ipmasq/rules# ip rule ls 0: from all lookup local 320: from 192.168.2.206 lookup public.ip 32763: from is.dn.if.ip lookup isdn 32766: from all lookup main 32767: from all lookup default moria2:/etc/ipmasq/rules# ip route show table public.ip nat pu.bl.ic.ip via 192.168.2.206 scope host default dev ippp3 scope link moria2:/etc/ipmasq/rules# ip route show table isdn default via is.dn.peer.ip dev ippp3 I have a problem with the public.ip-table: normally, like in the lartc-howto, one does ip route add default via is.dn.peer.ip dev ippp3 table public.ip this actually works for table isdn (right after dial-up), but when I do this for table public.ip I get: RTNETLINK answers: Network is unreachable The ISDN-Peer is in another subnet (x.x.32.121) than our address-space (x.x.35.40/29), maybe that does matter. I hope somebody can help me there. If not, I'm just going on and try things out :) Maybe it is a Kernel-Problem, or such. I'm using 2.2.20, perhaps I have to use the lates 2.4? -- Lucky _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/