I have a script for dual internet connections that does this: ------------------------- #!/bin/bash IF1=eth1 IP1=203.219.190.106 P1=203.219.190.105 P1_NET=203.219.190.104 IF2=eth2 IP2=220.245.224.46 P2=220.245.224.45 P2_NET=220.245.224.44 IF0=eth0 P0_net=192.168.0.0 TABLE1=inet1 TABLE2=inet2 ip route add $P1_NET dev $IF1 src $IP1 table $TABLE1 ip route add default via $P1 table $TABLE1 ip route add $P2_NET dev $IF2 src $IP2 table $TABLE2 ip route add default via $P2 table $TABLE2 ip route add $P1_NET dev $IF1 src $IP1 ip route add $P2_NET dev $IF2 src $IP2 # preference for default route ip route add default via $P1 # route out a given table choose what table to route with ip rule add from $IP1 table $TABLE1 ip rule add from $IP2 table $TABLE2 ip route add $P0_NET dev $IF0 table $TABLE1 ip route add $P2_NET dev $IF2 table $TABLE1 ip route add 127.0.0.0/8 dev lo table $TABLE1 ip route add $P0_NET dev $IF0 table $TABLE2 ip route add $P1_NET dev $IF1 table $TABLE2 ip route add 127.0.0.0/8 dev lo table $TABLE2 #route balancing ip route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1 ----------------------- its taken straight from the lartc howto. however, it doesn't appear to be route balancing at all. I have kernel 2.4.27 with the extra route balancing patches from this page: http://www.ssi.bg/~ja/#routes Traffic into the second interface (IF2) works fine, even portforwards through that interface work fine. You can ping it from out side etc. However, no traffic from inside the network ever appears to be nated out from it, nor does traffic originating from the router box ever go out over that interface. Is there some weight better than 1 that I need to adjust? What are useful values to balance the routes evenly over the two interfaces? Or is there something I am missing. btw, the network diagram looks exactly like this one: http://www.lartc.org/howto/lartc.rpdb.multiple-links.html is there some proc magic I can query to check the kernel has all the right bits? Here is the iptables stuff: iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0 net_dnat all -- 0.0.0.0/0 0.0.0.0/0 loc_dnat all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth1_masq all -- 0.0.0.0/0 0.0.0.0/0 eth2_masq all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain eth1_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0 Chain eth2_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0 (its shorewall) thanks Dave _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/