mike barrios said: >is eth0 your internal interface? yes
>try > >iptables -t nat -A POSTROUTING -o eth1 -s 192.168.57.0/24 -d ><whateverpublicipblockyouhave> -j ACCEPT is this the ip block of gw1? >iptables -t nat -A POSTROUTING -o eth1 -s 192.168.57.0/24 -j SNAT --to >203.131.4.1 > >so that connections to your other public ips dont get SNATed >whats your routing table look like? > >on gw1 you should have a route that says connections to 203.177.3.1 and >203.177.3.2(?) should be routed to 192.168.57.2 > >and something similar on gw2 so that connections can get back i have this on gw1. iptables -A PREROUTING -t mangle -i eth0 -s 192.168.57.0/24 -d 203.177.3.2 -j MARK --set-mark 2 echo 202 mail >> /etc/iproute2/rt_tables ip rule add fwmark 2 table mail ip route add default via 192.168.57.2 dev eth0 table mail when i try to traceroute to 203.177.3.2 nagta-timeout lng. but when i try to other host, it gets masqueraded/snat via gw1. -- Sandy T. Santos <[EMAIL PROTECTED]> Provincial Information Technology Office Provincial Government of Bulacan -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
