On 9/7/05, Carsten Rachfahl <cr@xxxxxxx> wrote: > I have problems with iptables and iproute2. In my scenario I want to use a host with a dsl connection on eth0 and a lan connection eth1 for policy based routing. I want to route http traffic generated by the host itself over eth0 and the rest over eth1. To solve the problem I Hopefully your situation is simple enough that you don't need to do special routing. Can you try to restate what you want to happen to web traffic going through your firewall? Does the LAN have access to the Internet besides the DSL connection? If not, it might be as simple as using NAT, and leaving iproute2/ip alone. Assuming the firewall machine is routing for the LAN, and its DSL connection on eth0 is the only way to the Internet, it sounds like you want to use SNAT/masquerading to let LAN clients out onto the web, and stateful rules to let replies back in. If you have your own web server on the LAN and not on the same machine as the firewall, you'll want to look for packets in the FORWARD chain, not the INPUT chain. You might also want to use DNAT to allow the Internet to access the internal server, and stateful rules to let replies back out. I wasn't able to glean what your goals and network configuration is though, so these suggstions may be way off. --Curby
