if simple and generic is what you are after you could try using the Nth extention. http://netfilter.samba.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.7 of course this is more of a load balancing solution. Here is what I think you want using the iproute2 package. http://www.tldp.org/HOWTO/Adv-Routing-HOWTO-4.html#ss4.1 Have fun. >From: Jay Kline <list at slushpupie.com> >Reply-To: tclug-list at mn-linux.org >To: tclug-list at mn-linux.org >Subject: [TCLUG] Complex Firewall >Date: Tue, 18 Jun 2002 09:08:01 -0500 > >I am in the process for setting up a fairly complex firewall, that has 5 >nic's >in it. (one build on + 4port Dlink card) The basic setup is going to be the >office on one, Charter Cable on one, Astound Cable on one, and our wireless >gateway on the other (the wireless gateway is a Linksys WAP+router+4 port >switch). We dont need to load balance the internet connections, but I need >to be able to freely switch the default gateway between the two (and we may >be adding a 3rd soon too) > >Can I have some suggestions on how to configure this? Both iptables rules >and >generic policies would be great. Right now I have a very basic setup, but I >know there are some problems with it (being able to route between the >external interfaces, and the WAP without much security to name a few) Most >of >the firewall solutions out there only work for single internet connections, >so I will have to do most of this by hand, I assume. > >Jay >_______________________________________________ >Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, >Minnesota >http://www.mn-linux.org >tclug-list at mn-linux.org >https://mailman.mn-linux.org/mailman/listinfo/tclug-list --- Irony can be pretty ironic sometimes. -William Shattner, Airplane II --- _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx