Aron, I do not understand your network. In a prior note, I thought I understood that you had multiple serial (T1) interfaces. If you have multiple interfaces, then your statement about having "one physical WAN interface" is misleading. You may have only one T1 card (physical device), with several logical interfaces (for example, wan0, wan1 ...), which is not an uncommon configuration. Anyway, I don't understand your network, so cannot help. Please give "ip addr" and a small ASCII netmap. : The scenario I am working on is the second one - there is one internal : network and two ISPs. Then you have two WAN interfaces? : How can I do fwmark based on the outgoing interface? iptables -t mangle -A POSTROUTING -o wan0 -j MARK --set-mark $wan0_mark iptables -t mangle -A POSTROUTING -o wan1 -j MARK --set-mark $wan1_mark : Remember that there is just one physical WAN interface, with two IP : addresses. Is it possible to fwmark somehow based on the routing : decision? I'm not sure. Maybe somebody else can pick up that question. It's certainly possible to use -j ROUTE based on the fwmark, though [0]. I don't really think that will be required in your situation, but I won't know until I understand your network better. Best of luck, -Martin [0] http://netfilter.gnumonks.org/documentation/pomlist/pom-extra.html#ROUTE -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
