hello list (and martin) ;x i have now composed my final(?) policy routing design. the goals i had when beginning with this, for you that have not follow mine and martins thread, was to 1) only let 192.168.1/24 to see all routes, 2) not route between defined networks, except to and from 192.168.1/24 and 3) not defined networks should only be able to reach 192.168.1/24. this might sound simple. it wasnt for me. the solution i came up with, after days and days of thinking (and patience) was this: two routing tables, one called "ALL" that, suprisingly, held routes to all networks defined and a default route to internet. the other called "main", just for ease, that held one route to 192.168.1/24 and had a default prohibit. the one rule that exists just says "if src == 192.168.1/24 use table ALL". of course there is an additional rule, the standard one that says "from all lookup main" with a number of 32766. so, for you that doesnt understand my poor english, literally every network that passes, except from 192.168.1/24, will use the main table that just holds the route to 192.168.1/24 and the prohibit one. this so simple, something just has to be wrong. feel free to englighten me. please flame. best regards, tomas bonnedahl
