On 05/17/2010 07:49 AM, Jerry Geis wrote: > Ok - I found out how to enable iptables logging. I can see a connection > from 98.X on port 25 going to .58 as desired. > Then we can see that the return is going out eth2 - and - it should be > going out eth1 based on postrouting. No, it shouldn't. You cannot accomplish what you are trying to do with only iptables. Since we don't know what host is using 192.168.1.58, it's not even clear that you need iptables at all. You must use route policies. These are set up by the "ip route" and "ip rule" commands. I posted an example of how to do multi-homing with shorewall a few days ago: http://lists.centos.org/pipermail/centos/2010-May/094304.html If you're not familiar with policy based routing, you should definitely be using something like shorewall that can take care of some of this for you. This document can explain what's going on. http://www.shorewall.net/MultiISP.html