Let me see if bad drawings help any: eth0(to Internet IP "A.A.A.A")--|------| |Router|--eth2(192.168.1.1) eth1(to Internet IP "B.B.B.B")--|------| eth2:0(10.0.0.1)
and |---------------| <<--to router --eth0(192.168.1.2)---|PC #1 -localnet| eth0:0 (10.0.0.2) |---------------| All traffic to and from 192.168.1.0/27 goes over A.A.A.A All traffic to and from 10.0.0.0/27 goes over B.B.B.B A.A.A.A is the default gateway for all other traffic If I log into the router I can ping any IP, on any interface including my telco's first hop out eth0 and eth1. Packets get routed as expected. If I log into PC#1 I can ping any interface on the router, anything on the localnet and anything on the Internet (through the router's eth0 which is the default gateway) but I can not ping anything on the remote side of the router's eth1. If I log into a remote machine I can ping any IP serviced by eth0, can ping my telco's side of the eth1 connection but can not reach any IPs serviced by eth1, including eth1 itself. I'm using ipchains to log *all* packets on every interface and in all the above examples I can see the ping packets come in eth1 but that's it. They never attempt to leave through any interface. Note the IPs in the example are fake. The real IPs are in the public IP space so the problem isn't trying to route these private IPs over the internet. :-) The ipchains rules are: # Rules for eth0 these work! ipchains -A input -i eth2 -s 192.168.1.0/27 -j ACCEPT ipchains -A output -i eth2 -d 192.168.1.0/27 -j ACCEPT ipchains -A forward -i eth0 -s 192.168.1.0/27 -j ACCEPT ipchains -A forward -i eth2 -d 192.168.1.0/27 -j ACCEPT # Rules for eth1 these don't! ipchains -A input -i eth2 -s 10.0.0.0/27 -j ACCEPT ipchains -A output -i eth2 -d 10.0.0.0/27 -j ACCEPT ipchains -A forward -i eth1 -s 10.0.0.0/27 -j ACCEPT ipchains -A forward -i eth2 -d 10.0.0.0/27 -j ACCEPT # And of course there are other rules allowing traffic in and out eth0 and eth1. I'm stumped! I'd be happy if it was a routing problem that I could see or firewall rule screwing things up. Is there, maybe, something I need to do when I give the NIC an alias? Pete > I am not sure if I understand this exactly. It may help to have more > information. > > I have a feeling your replies are being sent out but are being firewalled > by another router, since they appear to have a source address that doesn't > belong to its network (i.e. address spoofing, SMURF attack). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]