Greetings! I gave up on that old web-based firewall and now I'm running plain CentOS 4.8 with 3 ethernet adapters: eth0 = LAN eth1 = WAN eth2 = ADSL So I tried the following: ip route add default via 189.30.16.65 dev eth1 table WAN # < 1 in /etc/iproute2/rt_tables ip route add default via 192.168.2.1 dev eth2 table ADSL # < 2 in /etc/iproute2/rt_tables ip rule add from all fwmark 1 table WAN ip rule add from all fwmark 2 table ADSL iptables -t mangle -I PREROUTING -i eth0 -p tcp --dport 80 -j MARK --set-mark 2 # Tried with -I and -A with same effect (Got those from the Linux Advanced Routing mini HOWTO) Still, when I browse IP detection websites I get my WAN IP address. Just for the record; My other relevant netfilter rules are: iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 189.30.16.66 # <- my adapter's IP address iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.2.254 # <- my adapter's IP address iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT # HTTP Many thanks for reading! Diogo -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html