Hello, I have a LINUX server with two internet connections available. I want all the traffic to go over the default route, but HTTP traffic to go over ISP2 line. Interfaces: eth1 192.168.2.254 - LAN 192.168.2.x ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route) eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a hardware router) I have the following configuration: echo 200 gate2 >> /etc/iproute2/rt_tables server:/etc/network# ip route x.x.x.6 dev ppp0 proto kernel scope link src x.x.x.106 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.254 192.168.164.0/24 dev eth0 proto kernel scope link src 192.168.164.254 default via x.x.x.6 dev ppp0 server:/etc/network# ip route list table gate2 default via 192.168.164.113 dev eth0 server:/etc/network# ip rule 0: from all lookup local 32765: from all fwmark 1 lookup gate2 32766: from all lookup main 32767: from all lookup default The script: ----------------------------------------------------- #!/bin/bash iptables -t nat -F iptables -t mangle -F iptables -F iptables -P FORWARD ACCEPT ip route flush table gate2 ip route add default via 192.168.164.113 dev eth0 table gate2 ip rule add fwmark 0x01 table gate2 ip route flush cache iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p icmp -j MARK --set-mark 0x01 iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x01 iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x01 for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $f done ------------------------------------------------------- I also mark icmp packets, that I could test my configuration using traceroute. It seems that my rules are working OK, with tcpdump and traceroute I see that HTTP traffic of LAN computers go over the ISP2 line. When I connect to the WWW page, that shows my public IP address, I see the ISP2 line address. But after some time, part of the HTTP traffic begins going over the default ISP1 line. I see that some HTTP traffic goes over ISP2 line (that's good), but also it goes over default route. And after some time, if I connect to the WWW page, that shows my public IP address, I see the default ISP1 IP address (that's bad). I do my test browsing from one of my LAN computers, there are other computers working in the LAN, and perhaps their HTTP traffic goes OK (over the ISP2 line), because with tcpdump -i eth0 net 192.168.164 and port 80 I see that there are much HTTP traffic on the ISP2 line. Then I reboot my server, for some time (about 10 minutes) everything works OK, but then there comes my problem... :( I am totally lost, I don't know how to solve this problem.... :( Perhaps somebody can see what I am doing incorrectly. I would be very grateful if you helped me with this issue. Rokas Zakarevicius _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/