Not off the wall at all. This is a solution that has been suggested by more people and is documented on the internet. We are talking about more than a handfull of systems with more than one operating system so I rather do everything on the firewall if at all possible. It seems now that there is a solution that may work and I'm trying it in the next hour or so. Thanks for the suggestion though. Gaby Schilders IBFD network admin -----Original Message----- From: Alistair Tonner [mailto:Alistair@xxxxxxxxxx] Sent: donderdag 16 oktober 2003 1:08 To: Gaby Schilders; netfilter list Cc: George Vieira Subject: Re: DNAT + 2 uplinks + route = nogo Can I make one other (possibly stupid) suggestion? if I understand correctly ... Can you perhaps have TWO ip addresses on the destination systems? alias the one on top of the other? Then DNAT from inbound interface A to target ip A DNAT from inbound interface B to tartget ip B and the unDNAT would handle more accurately? (or am I utterly off the wall here) and the reply from the target system to the firewall would not nessesarily come BACK from the ip it was sent to? On October 15, 2003 08:23 am, Gaby Schilders wrote: > idea. I will check if this works. Is the conmark retained on all packets > associated with the connection? -- Alistair Tonner nerdnet.ca Senior Systems Analyst - RSS Any sufficiently advanced technology will have the appearance of magic. Lets get magical!
