Thanks for the information. I think the problem is that I'm trying to do something a little out of the ordinary which is why I've had so much troubles. Specifically I'm trying to setup a system using two ISPs. I'm not trying to fail over or balance or anything I just want to masq all my "other" local machines (eth2) to the cable modem (eth0) while using proxyarp to access my servers (eth1) from the dsl line (eth3).
It took me a while to figure out that I needed to define a sperate default route for the servers in order to get things to work at all. I did that be defining some rules to indentify traffic from the servers and define a seperate table (mostly pulling from the few ISP sharing articles I could fine). Here's what I have now (x.y.z is the dsl IPs, a.b.c are the cable IPs) firewall# ip ru 0: from all lookup local 32763: from x.y.z.212 lookup Servers 32764: from x.y.z.211 lookup Servers 32765: from x.y.z.210 lookup Servers 32766: from all lookup main 32767: from all lookup default firewall# ip r x.y.z.211 dev eth3 scope link x.y.z.210 dev eth3 scope link x.y.z.212 dev eth3 scope link x.y.z.208/29 dev eth1 proto kernel scope link src x.y.z.214 192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.254 a.b.c.0/21 dev eth0 proto kernel scope link src a.b.c.149 default via a.b.c.1 dev eth0 firewall# ip r l t Servers 192.168.1.0/24 via 192.168.1.254 dev eth2 default via x.y.z.209 dev eth1 It seems that i have a condition in these rules that is causing ProxyArp to respond on my internal server interface (eth3) when I don't want it to. With what you've said I've got a pretty good guess that theres an error in how I've specfied the rules to select the alternate table or that on the tables is missing something. It took me a *LONG* time to figure out that I had to add a route back to the masqaraded machines in the Servers table so I could get to my servers locally (which was the other main reason I wanted to do this in the first place!) Thanks again ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
