I have a centos 4 i386 machine that works like a router (iptables filter, NAT) with two NIC's. One NIC is connected to my ISP (100 Mbit FTTH), I get a DHCP assigned public IP that changes "sometimes". Most incoming ports are blocked by my ISP. In order to get a fixed IP and open ports, I have to set up a PPTP tunnel to the ISP. The default gw and the NAT'ing goes to this tunnel. This is the output of ifconfig: eth0 Link encap:Ethernet HWaddr 00:80:C8:EA:88:A7 inet addr:86.48.47.147 Bcast:86.48.47.255 Mask:255.255.254.0 inet6 addr: fe80::280:c8ff:feea:88a7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8083596 errors:0 dropped:0 overruns:0 frame:0 TX packets:3408048 errors:22 dropped:0 overruns:22 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1538901914 (1.4 GiB) TX bytes:519514046 (495.4 MiB) Interrupt:169 Base address:0x4000 eth1 Link encap:Ethernet HWaddr 00:12:79:A0:3D:7E inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 inet6 addr: fe80::212:79ff:fea0:3d7e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:126264 errors:0 dropped:0 overruns:0 frame:0 TX packets:155536 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23156937 (22.0 MiB) TX bytes:111015780 (105.8 MiB) Interrupt:177 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:912424 errors:0 dropped:0 overruns:0 frame:0 TX packets:912424 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:103397649 (98.6 MiB) TX bytes:103397649 (98.6 MiB) ppp0 Link encap:Point-to-Point Protocol inet addr:86.48.43.19 P-t-P:81.19.236.186 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1 RX packets:120948 errors:0 dropped:0 overruns:0 frame:0 TX packets:109043 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:80518167 (76.7 MiB) TX bytes:37434930 (35.7 MiB) This works today, my problem is that the tunneled traffic is slower than going through eth0 directly. How can I: 1. Use the tunnel for incoming and outgoing mail and incoming http requests. 2. NAT traffic from eth1 to eth0, i.e. not through the tunnel 3. Local traffic from the router should access the internet through eth0, except for outgoing mails. Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: mk@xxxxxx Homepage: http://www.crc.dk _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc