I have rather strange problem with routing on Linux. The host in question is 2.2.19. It is connected to Frame Relay and ADSL (eth0 and ppp0 interfaces, accordingly). The intranet is on eth1, all connections outside are masqueraded.
What I want to do is to make requests to port 80 go to ADSL and all other things got to FR. Manual suggest following setup: ipchains rule along the lines: ipchains -A input -s 10.0.0.0/8 80 -i eth1 -m 1 10.0.0.0/8 and eth1 being the intranet addresses and interface, and then iproute setup: ip ru add fwmark 1 lookup adsl ip ro add default via PPP-host dev ppp0 The problem is that the setup doesn't work, and in a very weird way. The packet from inside gets out through ppp0, as intended, gets MASQed, is sent out, the responce from the host comes in, goes through the input firewall chain, is accepted - and _disappears_. It does not come to the output chain. Somehow seems that the packet is not demasqueraded, though the entry in the masquerade table for this port/host exists. If I set up the unconditional route (i.e., not via the iproute2 table rules, but as host route or default route) - everything works OK. Packets travel through the firewall and masquerading without any problem. The tcpdump and firewall report look exactly the same as in the above case - but this time the return packet gets demasqueraded successfully and gets output to the intranet interface. If I switch back to conditional rule - return packets are disappearing again. Does anyone has any idea what might be the problem here? Does anyone has any experience with such setups ("web connections go through one interface, all other connections go through another") - maybe I just went the wrong way? TIA, -- [EMAIL PROTECTED] \/ There shall be counsels taken Stanislav Malyshev /\ Stronger than Morgul-spells phone +972-50-624945 /\ JRRT LotR. whois:!SM8333 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]