I've got sort of a strange setup that I'm looking to accomplish some strange async routing. I know how I want to accomplish it and am pretty sure that I can do it with netfilter but just can't seem to find the proper way. Here's the rundown on the network setup: [ LAN ] -- [ DMZ ] -- [ Firewall/Router ] -- [ WAN ] | | [ WLAN ] The WLAN is between myself and a couple of other people in my building to provide redundant paths out of each of our networks and is working beautifully. We all advertise (via BGP) blocks close to us to each to provide the shortest path as well. Comming from the WAN I have a /29 routed to the DMZ which services a number of machines that provide different services. The firewall/router is a linux box that is running iptables. Now the problem: Because of the advertisments comming over the WLAN I now have about 40 routes in the kernel routing table. Most of them are not very specific since we advertise our ISP's blocks to each other, so I have routes for /16's, /21's, etc... What happens is when someone that resides in one of these blocks that I'm getting advertisements for tries to access an address in my /29 their return path follows the advertisment over the WLAN. Using the iproute2 package I've created a second routing table with a single default route out my WAN default route. I'm hopping that there's a way to tag the connection in the conntrack table and then -j MARK it when a related,established packet comes back so that I use the iproute2 package to specify that the second routing table will be used. Anyone know of a way that I can accomplish this? Thanks in advance, Evan -- Evan Borgstrom <evan@unixpimps.org> http://www.unixpimps.org - SIG:ILL