> Hello, > > John Meissen a écrit : > > > > I had a traditional setup with two ethernet interfaces on my Linux box > > (WAN=eth0/LAN=eth1), and NATing the traffic that was forwarded between them. > > > > I added another interface (eth2), and simply want to change the default > > routing to go through it. I'm leaving various services listening on all > > interfaces. > > > > If I change the default route to use eth2, I can route from the internal > > network to the outside just fine, and I can connect from the internal net > > to services on the system fine. But incoming connections on the original > > WAN (eth0) don't complete. They hang at SYN_RECV, as if I had a DROP rule. > > 1) Check that source validation by reverse path is disabled for eth0 > (sysctl net.ipv4.conf.{all,eth0}.rp_filter=0). > > 2) If you don't setup some routing policy (such as source address based > routing), packets sent in reply to packets received on eth0 will now be > sent through eth2 by default because of the new default route, but still > with the source address of eth0. Such traffic may be considered as > spoofing and discarded by the ISP eth2 is connected to. Yes, I should learn to not post to mailing lists at 3AM, that a good night's sleep is generally better for solving problems. :-P I realized I was thinking of the problem in terms of interfaces, not routing. Once I slept on it I realized the problem was 2), and that I couldn't really do what I was proposing. Relocating the new connection and making a minor change to the DHCP server to specify the new default route for the rest of the network solved the problem. Thanks. john- -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html