I understand incoming virtual hosts with aliased IPs to an eth device but is there some way to force outgoing packets to appear to come from some other device/IP as to what the kernel defaults to ? I can apreciate this is tantamount to spoofing and "not encouraged" but I now have yet another legit need for this. a) I set up small ISPs where both the client dial-in PPP connection and the main outgoing IPPP (ISDN) link are both connected to the same box with no LAN effectively in use (ie; the eth0 card could be removed right now). Here's the routing table with two dialed-in users.... host# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface gympie-023.blah * 255.255.255.255 UH 0 0 377 ppp5 gympie-008.blah * 255.255.255.255 UH 0 0 92 ppp13 123.45.67.0 * 255.255.255.0 U 0 0 1994 eth0 139.130.0.0 * 255.255.0.0 U 0 0 691 ippp0 127.0.0.0 * 255.0.0.0 U 0 0 1968 lo default * 0.0.0.0 U 0 0 171026 ippp0 The eth0 card is ifconfig'd to (say) 123.45.67.1 and the upstream supplier provides two IPs for the main ISDN connection. For most services, the box appears from the outside world as the name of the eth0 interface which is what is wanted. For some services, like IRC, when a dial-in client connects elsewhere they appear to originate from the assigned ippp0 139.130.*.* IP rather than the 123.45.67.* eth0 range. If the host was conected to a seperate router via a LAN where outgoing packets flowed naturally via the eth0 interface then this effect would not be apparent nor a problem. Things work so it's not a disaster but it makes SSH, tunneling and VPNs rather awkward. b) Another server _is_ on a LAN with multiple outgoing links, some cheap(er) and others more expensive. I want this box mainly on the expensive link so it's web service is snappy to the outside world, but, incoming ftp transfers are also forced via this same link so I've disabled all mirroring (yuk, no CPAN). If I could force some eth0 bound packets to appear to eminate from a different network then I could take advantage of the cheaper/slower links available for things like large ftp mirrors. So, is there some "legit" way to do the reverse of virtual IP aliasing and demand which interface/IP a packet appears to be source'd from ? --markc - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
