Hi Ramin, > > > But I cannot specify an interface -i eth1.2 in the prerouting, because > > > it occurs pre-routing? > > This is a typo. What he meant was "-o"... OK, I see now. Damien, how about you forget about having identical routes on the two separate VLANs, which is likely to give you trouble anyway, and have static host routes to the individual servers on each VLAN. Then you will know from the new destination address (e.g. 192.168.50.10 in your example) exactly which VLAN the packet will be routed out over, because there is just one host route which it could take. So you don't need to match the destination interface name at all. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
