On 10/22/2005 10:14 AM, Tom Gaudasinski wrote: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use > Iface > 120.40.60.192 0.0.0.0 255.255.255.248 U 0 0 0 br0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 > 0.0.0.0 120.40.60.193 0.0.0.0 UG 0 0 0 br0 > > How can i get the private LAN users to route to the publically bridged > subnet? What is the routing table on the public machines? What NAT rules do you normally use? It may be that the private machines and firewall are fine, but the routing is wrong on the public machines. If they simply have the default gateway of 120.40.60.193, then they will be sending reply packets for private addresses to the DSL modem, which is wrong. Although these packets go via the firewall, their ethernet destination will be the DSL router, so the firewall will bridge them rather than route. You have two options: - add a route on the public machines to use the firewall as the gateway for the private addresses - make sure the NAT rule on the firewall always NATs the private addresses, even for connections to the public machines.
