Its a little hard to understand what you want exactly. Why do you want to keep both internet connections? Is it not possible to forward a port from the new gateway to your firewall? Why must your firewall use a different internet connection (ie why cant you connect the new connection directly to your firewall)? If you _really_ must have: -LAN traffic use your firewall as the default gateway, which then forwards the traffic to the new router -Firewall use the old router for its own internet Then your only option that I can think of is to use policy routing. Basically on your firewall do something like: ip rule add from x.x.x.x/z table 100 ip rule add to x.x.x.x/z table 100 ip route add x.x.x.x/z via i.i.i.i table 100 ip route add default via z.z.z.z table 100 Where: x.x.x.x/z = your LAN i.i.i.i = your firewall's LAN IP z.z.z.z = your new router in the LAN But your situation must be somewhat unusual if you really need to do this. urgrue Luca Ferrari wrote: > Hi all, > this is the situation: I've got a firewall double-homed, with a NIC assigned > to a public IP and the other to the LAN network. Until now I've used the > external NIC as default gateway, since my router has a public address too. > Now I'd like to use another router on the lan as default, leaving untouched > the external interface (since the firewall must be accessible from the > outside world). So I've changed the default gw to the lan one, and it works, > but I get the external ip unreachable, and I think it's because it does not > know the gateway interface. So, how can I specify for the external interface > the gateway to use? If I try to do it thru the route command it replies sayng > that the network is unreachable. Any help? > Thanks, > Luca > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html - To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
