Hello there, : Now I put a server behind the Linux box. I want the server to be : reachable on an /extra/ IP in the routed subnet of ISP2. Does server have one or two IP addresses? Best solution? Use two IP addresses on server. : router ISP2: 1.2.3.1/24 : dev ISP2: eth1 : Linux box eth1: 1.2.3.2/24 : external ip ISP2 for server 10.0.0.2: 1.2.3.3 : arp -s 1.2.3.3 aa:bb:cc:dd:ee:ff pub : ip route add 1.2.3.3 via 10.0.0.2 : iptables -t nat -A PREROUTING -i eth1 -d 1.2.3.3 -j DNAT --to 10.0.0.2 : : When pinging 1.2.3.3, the packets get in through eth1 (ok), but the : replies are following the default route through eth0 (wrong) The problem is routing. Return packets from your server are handled in the main routing table. There isn't yet an RPDB entry directing traffic from 10.0.0.2 to use table_eth1. Your RPDB entry looks like this: : ip rule add from 1.2.3.3 lookup table_eth1 Try changing this (or adding another rule): ip rule add from 10.0.0.2 lookup table_eth1 instead. Now, your server should have Internet access strictly on the link handled by ISP2. If you would like to handle inbound traffic on both links, then add a secondary IP address to your server, and enter another DNAT rule which specifies another NAT mapping for the secondary IP. -Martin -- Martin A. Brown --- Wonderfrog Enterprises --- martin@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
