Hi all, i'm puzzled by a ploblem and I don't know how to debug it... I have a firewall with 2 gateways, adsl and isdn. Main gateway is via adsl, backup via isdn. I setup 2 table 'adsl' and 'isdn'. You can find a description below. I made a script to test both tables. That mainly 1. adds an iptables -t mangle -A OUTPUT -d my_test_ping_node -j MARK --set-mark 3 2. adds: ip rule add fwmark 3 table isdn 3. ip route flush cloned 4. ping to my_test_ping_node (here 217.27.90.70) I correctly obtain that ping packets go to the router, reach the test, get back to the interface... but ping don't show anything I see them w/ tcpdump on the firewall: 12:42:00.671314 IP 192.168.111.1 > 217.27.90.70: icmp 64: echo request seq 1 12:42:00.720840 IP 217.27.90.70 > 192.168.111.1: icmp 64: echo reply seq 1 I'm sure i'm not firewalling (I use log, and nothing gets logged). If I change default route to isdn, ping work correctly. This is not the first time I get into this situation, but I never understood what solved it. I'm convinced it is a routing problem, but I'm clueless: what can it be in between the packet ass seen by tcpdump and the fact that ping shows it? Is there a way to see which rule a packet is really using? Thanks a lot for any possible explanation sandro *:-) lo: 127.0.0.1/8 [eth0]: eth1: 192.168.11.254/24 eth2: 80.20.60.252/29 ==> GW 80.20.60.249 - main adsl eth3: 192.168.111.1/24 ==> GW 192.168.111.254 - isdn [eth4]: ### TABLE main: 80.20.60.248/29 dev eth2 proto kernel scope link src 80.20.60.252 192.168.111.0/24 dev eth3 proto kernel scope link src 192.168.111.1 192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.254 default via 80.20.60.249 dev eth2 ### TABLE adsl: 80.20.60.248/29 dev eth2 scope link src 80.20.60.252 192.168.111.0/24 dev eth3 scope link src 192.168.111.1 192.168.11.0/24 dev eth1 scope link src 192.168.11.254 default via 80.20.60.249 dev eth2 ### TABLE isdn: 80.20.60.248/29 dev eth2 scope link src 80.20.60.252 192.168.111.0/24 dev eth3 scope link src 192.168.111.1 192.168.11.0/24 dev eth1 scope link src 192.168.11.254 default via 192.168.111.254 dev eth3 ### RULES: 0: from all lookup local 39: from all fwmark 0x3 lookup isdn 40: from 80.20.60.248/29 lookup adsl 41: from 192.168.111.0/24 lookup isdn 48: from 192.168.11.0/24 lookup adsl 50: from all iif eth3 lookup isdn 52: from all iif eth2 lookup adsl 32766: from all lookup main 32767: from all lookup default -- Sandro Dentella *:-) e-mail: sandro@xxxxxxxx http://www.tksql.org TkSQL Home page - My GPL work _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc