On 07/22/11 6:49 AM, Jennifer Botten wrote: > > Hi, > > I have a firewall running IPTABLES. I have tried to route sip traffic > from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the > data will not route to the VLAN it keeps routing to the default > interface(eth2). Does anyone have an idea as to what I need to look for? > To route stuff out different interfaces, I found I had to use ip rules. In my case, I wanted specific local hosts (on the private LAN) to route out an alternate interface, so I did something like... iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to $net2.98 ip rule add from $net2.96/28 table 2 ip rule add from 10.0.1.0/24 table 2 ip route add default via $net2.97 dev $port2 table 2 to explain this, the LAN is 10.0.0.0/16. hosts on 10.0.0.0-255 are to be routed out the default interface, while a few hosts specifically put on 10.0.1.98-110 are to be routed out this 2nd interface, $net2.96/28 the two ip rule commands tag any traffic that is from either the second external circuit or the reserved subnet of the local network to use 'table 2'. the ip route command says anything thats table 2 is to use the second circuit's gateway and port -- john r pierce N 37, W 122 santa cruz ca mid-left coast