David, Your post is a touch lean on the details, but I'm assuming that your policy routing device is the host you have identified as "fire". So please understand my comments accordingly. : from 196.33.50.0/25 (default route) to ISP1 : from 196.33.248.0/24 (default route) to ISP2 : : : ISP1 --------- fire --+---- 196.33.248.0/24 : / | : ISP2 --------/ +---- router ----- router ----- 196.33.50.0/25 : : : What I've done: : Default route via ISP1 : created routing table ISP2 for default route via ISP2 If you only wish to have different default routes depending on the source address, I'd suggest using only two routing tables, "main" and "ISP2" or any alternate table. Your default route (in table main) points to ISP1. Now, copy the entire routing table [1] to the table ISP2. This will populate table ISP2 with an exact replica of table main. ip route flush table ISP2 ip route show table main | while read ROUTE ; do ip route add table ISP2 $ROUTE done Once you have built table ISP2, you can issue the following command to replace the default route with your desired default route. ip route change default table ISP2 via $ISP2_GATEWAY Now, a new entry in the RPDB (similar to the one you already have) will select this table. ip rule add from 196.33.248.0/24 table ISP2 Now, the order of the lookup (predictable though it is) shouldn't matter. If a route lookup uses table ISP2, this table will have routes to the same destinations as table main. : I would like to do the following but they get loaded in the wrong order: You can specify priority in your ip rule commands: ip rule add prio 500 from 196.33.248.0/24 table ISP2 ip rule add prio 4000 from 196.33.248.0/24 to 196.33.248.0/24 table main : ip rule add from 196.33.248.0/24 to 196.33.248.0/24 table main : ip rule add from 196.33.248.0/24 table ISP2 : : Everything works but 196.33.248.0/24 can't connect to fire as fire is : loading the rule pointing at ISP2 first... This is the sentence which confuses me most about you your post. I hope my assumptions were correct, so let me know if they were not, and let us know how you fare. You may find a tour of the kernel's routing selection decision process helpful. [2] Also, for the record, I (and Alexey Kuznetsov, the author of iproute2) suggest explicit priorities to the rules in the RPDB. If you do not specify priority in your RPDB, the rules are added with a higher priority than the highest (non-zero) priority. The RPDB entry for prio 0 is the rule for locally hosted IPs. This cannot be removed, nor can it be superseded. Best of luck, -Martin [1] http://linux-ip.net/html/scripts/copy-routing-table.sh * [2] http://linux-ip.dyndns.org:54345/html/routing-selection.html * Sorry for the spelling error in this script. I just noticed it, and will attend to it, although I have no immediately forthcoming update to the site and scripts. -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/