Thanks Joshua, Your links led me to the right place eventually. The key thing I was missing was the file /proc/sys/net/ipv4/conf/eth1/rp_filter which needed a 0 echo'ed into it. All working now ! Alan Alan Wilson | Icetrak Ltd | v 0845 456 0561 | f: 0870 889 5005 | w: http://www.icetrak.com/ -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of redhat-list-request@xxxxxxxxxx Sent: 02 April 2007 17:00 To: redhat-list@xxxxxxxxxx Subject: redhat-list Digest, Vol 38, Issue 2 ------------------------------ Message: 3 Date: Mon, 2 Apr 2007 11:58:30 +0100 From: "Alan Wilson, Icetrak" <awilson@xxxxxxxxxxx> Subject: Firewall/iproute query To: <redhat-list@xxxxxxxxxx> Message-ID: <065701c77515$dcafcbe0$6f2aa8c0@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hi, Has anyone done something like this before ? I've checked the Netfilter/iptables FAQ's and the iproute2/policy routing documentation, but no-one seems to have done anything exactly like this before. I have a managed server on the internet, IP address a.b.c.d, and it needs to connect to another managed server, somewhere else on the internet, with public address w.x.y.z. The server w.x.y.z is behind a router and firewall (F), running Fedora 6. All well and good, I can connect on the ports I require. However, to provide some redundancy, I've got two different ISP's coming into the firewall F, call them A and B. I've put several network cards in w.x.y.z, configured one for ISP A and ISP B, and I can connect via ISP A to w.x.y.z when I make the default route to the appropriate network A, and similarly with connection via ISP B when the default route from w.x.y.z is via the appropriate network B. What I'd like to do is NAT or smart policy routing so that I can route to server w.x.y.z via an ISP of choice from a.b.c.d without restarting networks adding/removing routes etc. Ideally, I'd like to load balance so, for example traffic for port xxxx goes via ISP A and traffic for port yyyy goes via ISP B in real time. Or even the same port on a round-robin basis. When we try this and do some packet analysis, it seems that with ISP A as the default gateway on server w.x.y.z, packets sent via ISP B are received at w.x.y.z, but the replies destined for a.b.c.d are routed to ISP A. Any thoughts ? Is this even possible ? Hope the description makes sense. Thanks, Alan Alan Wilson | Icetrak Ltd | v 0845 456 0561 | f: 0870 889 5005 | w: http://www.icetrak.com/ ------------------------------ Message: 4 Date: Mon, 2 Apr 2007 06:53:01 -0600 From: "Joshua Gimer" <jgimer@xxxxxxxxx> Subject: Re: Firewall/iproute query To: "General Red Hat Linux discussion list" <redhat-list@xxxxxxxxxx> Message-ID: <cf939bff0704020553g3589c4cdn4245c4fe7f9cdd47@xxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed http://www.linux.com.lb/wiki/index.pl?node=Load%20Balancing%20Across%20Multi ple%20Links You would need to do some more iproute2 magic to setup two default gateways, but it is easy enough. http://www.clintoneast.com/articles/multihomed.php -- Thx Joshua Gimer -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list