Hello! >> +---------------+ >> | modem | >> | (192.168.1.1) | >> +---------------+ >> | >> +-----------------+ >> | ppp0 | >> | | | >> | ...1.2 (eth0) | >> | | |eth1 >> | ...2.1|-----192.168.2.0/24 >> | Firewall | >> +-----------------+ > > [SNIP] > > >>Destination Gateway Genmask Iface >>192.168.1.0 * 255.255.255.0 eth0 >>192.168.2.0 * 255.255.255.0 eth1 >>default xxx 0.0.0.0 ppp0 > > > [Rest snipped - probably not relevant] > > The only thing I can think of, is that pppd causes the problem. > I think the following happens: > > 2.2 sends to 1.1 > Firewall receives on 2.1 > According to routing table firewall tries to send out on eth0 > But eth0 is now owned by pppd > And pppd doesn't know about 1.1, he only knows about default > gateway xxx > > As already said - this may be totally wrong (someone correct > me please). > > I bet if you stop pppd, 2.2 can connect to 1.1 without any firewall > rules (as long as the policies are ACCEPT and default gateway on 2.2 > points to 2.1). If this is true, the question is how to persuade > pppd to deliver to 1.1. Sorry, I can't help you - may be > somebody can jump in. Hmmm... unfortunately, this does not seem to be the case... I say this for two reasons: 1. I can still connect to 192.168.1.1 from 192.168.2.1 2. Even when I bring down ppp0, I still can't reach 192.168.1.1 from anywhere other than the machine I mention in (1) Unless, I didn't do the right thing. I simply did: # ifconfig ppp0 down Is this sufficient? Thanks again!! Dave