netfilter-bounces@xxxxxxxxxxxxxxxxxxx wrote on 05.11.2004 15:47:14: > Probably not easilly solvable. The thing is that both interfaces are > valid for sending responses out. So the kernel will probably use the > first where it gets the match (not sure about exact algorithm, so it may > as well be the last, or random). check the iproute2 package (program called "ip") and look at the grammar in "ip route help" output. there is way to assign "source" ip per route. so if you use the system for backups (initiated by the host in question) then it should work if you can't use binding. btw is not this thread a little offtopic on this list then? ;-) example: here is what i used some time ago for nat box to set it's ip traffic the only allowed source address on firewall short after booting. ip route change default via 212.96.166.17 dev eth1 src 212.96.166.18 you just substitute the "default" which is alias for 0.0.0.0 and also "eth1" for wahtever you want. you possibly need 2.2+ kernel (which is true with iptables) and not sure if advanced routing enabled in kernel (i guess not because this is somewhat trivial function)