On 7/22/2011 1:17 PM, John R Pierce wrote: > >> I have a firewall running IPTABLES. I have tried to route sip traffic >> from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the >> data will not route to the VLAN it keeps routing to the default >> interface(eth2). Does anyone have an idea as to what I need to look for? >> > > To route stuff out different interfaces, I found I had to use ip rules. > > In my case, I wanted specific local hosts (on the private LAN) to route > out an alternate interface, so I did something like... > > > iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to $net2.98 > > ip rule add from $net2.96/28 table 2 > ip rule add from 10.0.1.0/24 table 2 > > ip route add default via $net2.97 dev $port2 table 2 > > > > to explain this, the LAN is 10.0.0.0/16. hosts on 10.0.0.0-255 are to > be routed out the default interface, while a few hosts specifically put > on 10.0.1.98-110 are to be routed out this 2nd interface, $net2.96/28 You need this because you want to route based on the source address, not the destination. That might be what the OP wants too, but it's not clear from the question and doesn't have anything to do with the interfaces being vlans. -- Les Mikesell lesmikesell at gmail.com