On Dienstag 06 Mai 2008, LDB wrote: All: I am having a routing issue on a server with 2 interfaces that are SUPPOSEDLY on 2 different networks: one being the DMZ the other being the internal network So the internal interface (eth0) is also the interface with the default route(eth0). Now, the other gateways are configured within the /etc/sysconfig/network/ifcfg-eth-*, respectively. On my DMZ interface (eth1), I cannot route back through my firewall to get HTTPS traffic returned to the requestor (as indicated below) until I change the default route to the DMZ interface (eth1). Apparently the interface does not know how to route back through the the eth1 interface to return the HTTPS traffic. But when I am in traversing the network internally via SSH or HTTP everything seemingly routes fine with both eth0 and/or eth1 - in other words I do not have return traffic problems. The problem above is resolved once I make the DMZ interface (eth1) the default route, but that causes other problems that I am not prepared, or more embarrassed to discuss. And somewhere there is the real problem hidden, you network setup looks like to have a design flaw :) How can my be resolved without making the DMZ interface my default route? From the informations you give, i guess setup a simple source policy routing will do the trick. ip rule add from <dmz-ip> lookup 10000 ip route add default via <default-gw> dev <dmz-iface> table 10000 ip route flush cache This makes sure, that packets with source ip <dmz-ip> routed one the <dmz-iface> to <default-gw> regards, Paul -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@xxxxxxxxxxxx For additional commands, e-mail: opensuse-networking+help@xxxxxxxxxxxx I apologize but I am having email problems, but my results from the above are as follows: agos:~ # ip rule add from 192.168.100.0/24 lookup 0 agos:~ # ip route add default via 192.168.100.254 dev eth1 table 0 RTNETLINK answers: File exists agos:~ # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 * 255.255.255.0 U 0 0 0 eth1 192.168.187.0 * 255.255.240.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo default DFR 0.0.0.0 UG 0 0 0 eth0 And yes ... the NETWORK is messed up, but this is what I have inherited for now and I have to live with for this year ONLY. :) -- To unsubscribe, e-mail: opensuse-networking+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-networking+help@opensuse.org