On Wed, 20 Nov 2002, Paco Brufal wrote: > Sorry if this question is very common, but I searched the > maillist archive and didn't found an answer... Did you read the HOWTO? > I have a linux box with 3 interfaces, 2 of them have public IPs > (eth1 and eth2), and the third is a private IP (our LAN). I want to do the > following: if a packet is coming from eth1, it must be forwarded to eth0, > and when it comes back, it must be routed to eth1. In case of packet comes > from eth2, it must be forwarded to eth0, and the respose must be routed to > eth2. In other words, a packet must leave our network by the interface it > come. Okay, given the fact that you are using private IP space in your LAN this should be very doable using NAT and connection tracking. Read up on the `Using multiple uplinks' sections in the HOWTO. What I don't really understand though is that you seem to want to allow connections from *outside* to either eth1 or eth2, routing those through to the internal network, and then be able to route the stuff back. The only simple solution to that problem I can see is to use application level proxies on the firewall. Thereby you can suddenly let the application proxy handle the correct forwarding and keep the necessary state on the firewall. Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there's nobody watching _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/