Hi, I'm running a router on SuSE 8.2 which connects 2 local subnets to the internet. The subnets run over the same NIC with virtual interfaces: eth0, subnet 192.168.0.0/255.255.0.0 (call it subnet A) eth0:1, subnet 172.16.0.0/255.255.0.0 (call it subnet B) (Yes, this is a mess, but fixing up this naturally grown network topology might induce even more trouble.) eth1 connects to the internet. The setup works; both subnets have internet access. However, subnet A is still accessible from subnet B and vice versa. This is not what I want; instead I want the two subnets to be invisible to each other. There is no route from A to B or from B to A specified in the /etc/sysconfig/network directory (is there another place to look at?). Maybe this problem comes from the virtual interface stuff? I tried to set up routing rules with the "unreachable", "prohibit" or "blackhole" option, but I did't find useful documentation on usage of these options and it did not work as expected. I also tried some custom rules for SuSEfirewall2, but no success either. So what routing options and/or iptables rules do I have to use? Thanks, Holger