well, you can certainly force packets coming from the LAN use one given interface. You have to use what's called "Policy Routing". You have to create a new routing table in /etc/iproute2/rt_tables (use any tect editor) Then you have to polute that routing table with the routing configuration you want to use for those packets you want to treat specially.... say: ip route add default gw gw_ip dev eth0 table newtable all you have to do now is force the packets from the lan to use that routing table instead of the default one... itr could be: ip rule add pref 32000 from lannetwork table newtable That sould force the lan traffic to go out through eth2 Maybe i could have made a mistake in my commands, but the ideas are around that. Read about policy routing. However, I see you are connected twice in the same subnet... that is a major problem, in my experience. Be careful with that... good luck! On 2/11/06, Eduardo Bejar <wonka@xxxxxxxxxxx> wrote: > Hi, > > I have the following config: > > 1 PC with 3 NICs, that shares internet connection to LAN. > eth0 uses a public IP ($public_ip_1) > eth1 uses a private IP ($private_ip) > eth2 uses a public IP ($public_ip_2) > > I have a webserver and a mailserver accesible by $public_ip_1 (eth0) > I have a LAN with all terminals using private IPs, and $private_ip (eth1) as > gateway. > $public_ip_1 and $public_ip_2 are from the same network segment (two > consecutive IPs). > eth0 and eth2 should use the same external IP as gateway (only 1 provider, > so this is not a load balancing/multiple providers case). > eth0 and eth2 are connected to the same switch. > > How can I route all LAN traffic via eth2 and keep web/mail traffic on eth0? > And with this, make the LAN traffic use eth2's IP to connect to the Internet > and the PC traffic use eth0? > > I tested masquerading through eth2 with > iptables -t nat -A POSTROUTING -s $private_ip_net/255.255.255.0 -o eth2 -j > MASQUERADE > > But LAN could not access the Internet, although the PC could. > > Someone told me something about ip rules, which I tested but it seems that > they did not worked as both eth0 and eth2 should use the same gateway. > > Please send me any comments/help regarding this issue, > > Thanks! > > Edo > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc