> > ipchains -A output -p tcp -d 0/0 6000:7000 -t 0x01 0x10 > > ./ip route add default tos 0x10 via x.x.x.x > > Only tos set by input chain is taken into account, > when selecting route. tos mangled by output chain can affect > only queuing. This I understand, but this machine *is* acting as a router: All packets coming from the Cisco AccessServer come in on eth1 All packets coming from the local network are masqueraded (eth0) All packets coming from the satellite for uplink come in on ppp2 ppp0 and ppp1 are EQL'd together. the routing table is as follows: host routes to the other end of EQL and the satellite uplink (via EQL) the Cisco's subnet goes through eth1 the local subnet (192.168.1.0/24) goes though eth0 default tos 0x10 via EQL default via 192.168.1.1 there are also a few other host routes and one or two class C routes gatewayed through EQL for low-latency but those mentioned are the main ones. 192.168.1.1 is the satellite computer's ethernet address. anything coming in to this address is NAT'd with the box's IP for satellite and sent back to this router via a null-modem link (ppp2) So you see, the firewall rules should always get applied since all packets are definately NOT originating from this box. The ones that do I can fiddle with enough to get going either via satellite or direct link (EQL). I never imagined this much of a response from *the* network gurus of Linux. I think the only person missing is David Miller but I think he's more the hardware guy than the protocol guy. :-) Thank you SO MUCH for this open discussion on this topic. I am rapidly becoming one with the protocol stack, but as the man says, "I am not yet a jedi" :-) Andrew - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
