: But changing the rp_filter from one to zero seems to work, as I can : track packets hitting my FORWARD chain now. Excellent. I'm quite glad to hear it. : So, right now I seem to be on the right track - I think the general : problem with setting up something like this is that all relevant : information is usually scattered over many places with mostly only : fragments put together. But now now, Thanks Martin - you have been a : great help :-) Well, that's what my documentation attempts to remedy--but never can. Such a dynamic target is very hard to adequately document, but that will not prevent me from trying. Regardless your experience with my section on multiple Internet connections points out a now-obvious deficiency in the section on multiple uplinks. I will modify the section to include a similar cautionary note about the rp_filter sysctl. Thanks for letting me know it's working for you, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
