> Any ideas? :) >From your description, you didn't convey what networks you have. One question would be is 213.2.4.37 bound to the firewall itself or is it a machine behind it? If it's a firewall IP, prerouting won't assign locally sourced packets in PREROUTING, only in OUTPUT. Even then there's no guarantee that OUTPUT has been assigned an IP. The 'src <ip>' clause in iproute2 assigns the default IP if the program itself hasn't. If it's a machine's behind your firewall (on eth1), it seems kind of strange that it doesn't work. When you say it doesn't work, do you mean that no traffic traverses the new interfacen that some traffic goes to each, or that all of the traffic goes out the original interface? Once again, this doesn't really make sence to me if why this wouldn't work.
