Quoting Robin Mordasiewicz <robin at bullseye.tv>: > Is there any way to say that if traffic is recieved on VLAN#911 to be > sure that the return traffic is tagged with the same vlan id. > Currently traffic is tagged based on the routing table, and even if > traffic comes in on VLAN#911, when it returns the traffc it uses the > VLAN tag from the network that the default gateway is on(VLAN#902). If you can use something to identify those outgoing packets inside Netfilter, you can set firewall mark on them, and than use that firewall mark to route packets to correct VLAN. For example, if all port 80 traffic is from VLAN#911, and there is no way for traffic from VLAN#902 (or anywhere else) to get to your box, this might work. Failing that, you might consider CONNMARK target. Than you could set connection mark on the incomming packet (hm, is there a way to set mark based n VLAN tag?), and then based on that set firewall mark on the outgoing packets (--save-mark and --restore-mark options of CONNMARK target). And than, again, route outgoing packets based on the firewall mark. I'm not sure if CONNMARK target is included with CentOS kernel. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.