I have a dual ISP setup and while I prefer one provider for output by default, I have come across a situation where I want to force the traffic from a given IP address on my lan through the (non-default) provider, which I did with a route_rules entry:
10.75.22.101 - IGS 1002 and that is having the desired effect with a route rule table looking like: 0: from all lookup local 1000: from all to 10.75.23.0/24 lookup main 1001: from all to 10.8.0.0/24 lookup main 1002: from 10.75.22.101 lookup IGS 10000: from all fwmark 0x100 lookup CGCO 10001: from all fwmark 0x200 lookup IGS 20000: from 7.1.7.2 lookup CGCO 20256: from 6.1.3.4 lookup IGS 32766: from all lookup main 32767: from all lookup default and the particular traffic does seem to be using the correct provider's output interface (ppp0), however the source of the these particularly directed packets on the ppp0 interface (IGS) is the address of the "preferred" provider's (CGCO)'s interface: 7.1.7.2. I would have thought the following nat table rules would have corrected that: Chain POSTROUTING (policy ACCEPT 782 packets, 47801 bytes) pkts bytes target prot opt in out source destination 1 1400 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0 2581 201K eth0.1_masq all -- * eth0.1 0.0.0.0/0 0.0.0.0/0 Chain ppp0_masq (1 references) pkts bytes target prot opt in out source destination 1 1400 SNAT all -- * * !6.1.3.4 0.0.0.0/0 to:6.1.3.4 But according to the tcpdumping on ppp0, it's not having any effect. So what am I misunderstanding about all of this? ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users