Brad, : This really helped, but it still didn't achieve what I wanted. I ended up : having all traffic route via the "table 4", instead of just the traffic I : fwmark'd. Thank you for the feedback. I'll pay attention to what I failed to convey in the multi-link section of my documentation, so I can improve it. (That section hasn't been rewritten in a *very long time*, and could use some editing.) : Currently its setup backwards to how I'd like it setup, but reversing it : shouldn't be too hard once I have it working. : : traceroute before I run this script : : 1 10.224.40.1 (10.224.40.1) 7.413 ms 7.148 ms 5.993 ms : 2 CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7) 7.527 ms 7.579 ms 8.155 ms : 3 GigabitEthernet4-2.cha23.telstra.net (139.130.193.117) 212.405 ms 214.032 ms 196.079 ms : 4 GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129) 8.220 ms 8.770 ms 8.499 ms : 5 Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221) 18.455 ms 20.626 ms 19.562 ms Please suppress name lookup on your traceroute--I think it'll be a bit easier to read and debug....thank you. <much-snipped> What does "ip rule show" produce? <much-snipped> : Anybody got any ideas.. I don't really understand fwmark too much, im just : winging it so far. :) fwmark is meta-information about a packet. It is not a part of the packet. As meta-information, it expires as soon as the packet is transmitted from the router. fwmarks are a way to use tools like ipchains/iptables to select packets for different treatment in routing and traffic control subsystems. In order to help you better diagnose your current configuration, I'd suggest using tcpdump on both outside interfaces while generating traffic from the inside network: # tcpdump -nn -i eth0 host 203.50.6.221 # tcpdump -nn -i ppp0 host 203.50.6.221 Now, start your traceroute from an internal machine. All of your traffic should go across one of these two links. Make sure you generate traffic which should go out each link. In other words, generate some traffic from 192.168.0.5 and some ssh, and then try something else from another host. This will tell you whether policy routing is functioning or not. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
