I've had this working before, but been a long time. I've done some googling as well as reading through the lartc pdf again, and not sure what I'm doing wrong but probably something stupid. I've got dual- isp's, and connections comming in from both to hosts nat'd behind the firewall. I can get to services on the firewall, but not the nat'd hosts. Anyone have ideas? # Do some cleanup before we do the config ip route flush table T1 ip rule del from $INTERFACE_1_IP table T1 ip rule del fwmark 1 table T1 ip route flush table T2 ip rule del from $INTERFACE_2_IP table T2 ip rule del fwmark 2 table T2 # Additional Routing tables ip route add $INTERFACE_1_SUBNET dev eth0 src $INTERFACE_1_IP table T1 ip route add default via $INTERFACE_1_GATEWAY table T1 ip route add $INTERFACE_2_SUBNET dev eth1 src $INTERFACE_2_IP table T2 ip route add default via $INTERFACE_2_GATEWAY table T2 # Main routing table ip route add $INTERFACE_1_SUBNET dev eth0 src $INTERFACE_1_IP ip route add $INTERFACE_2_SUBNET dev eth1 src $INTERFACE_2_IP # Routing rules ip rule add from $INTERFACE_1_IP table T1 ip rule add from $INTERFACE_2_IP table T2 iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 2 ip rule add fwmark 1 table T1 ip rule add fwmark 2 table T2 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc