Hello again, : Martin, as you can see in my last post i have route to 10.0.0.1 in the : main routing table , so i have ping to the gateway but i can't connect : to inet. OK. So, you can ping the gateway.....can you ping the gateway from the source IPs you want to have Internet access? But, before we cover that, we need to back up to the "Why?" question. You don't explain enough for me to understand why you need the second routing table. In looking at your two routing tables, I don't see any reason for two. : #ip r l t main : 10.0.0.0/16 dev eth0 scope link : : : The only way to connect to inet is adding: : : ip r a default via 10.0.0.1 t main : : If i add the default gw in table main , i can connect to inet but i'd : like to do this in other table. I have some questions, then: - Are the packets initiated from the Linux box? - What is the source IP on a packet which is not leaving the box in the manner you desire? Can you add an "ip rule" to define the characteristics of this packet? - Are you trying to force packets to be sourced from a particular IP? - Are you trying to block particular packets from getting to the Internet? : Can you help me ? I'll most certainly try. : eth0: 10.0.0.2/16 : eth1: 10.0.0.1 (inet gateway) : : #ip ru l : : : 0: from all lookup local : 32765: from 10.0.0.2 lookup tabla1 : 32766: from all lookup main : 32767: from all lookup default : : : #ip r l t tabla1 : : : 10.0.0.0/16 dev eth0 scope link src 10.0.0.2 : 127.0.0.0/8 dev lo scope link : default via 10.0.0.1 dev eth0 : : #ip r l t main : : 10.0.0.0/16 dev eth0 scope link [ snipped some of my earlier ravings ] -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/