On 07/22/11 11:29 AM, Les Mikesell wrote: > You need this because you want to route based on the source address, not > the destination. That might be what the OP wants too, but it's not > clear from the question and doesn't have anything to do with the > interfaces being vlans. well, I suspect he wants to route based on it being SIP traffic, which is typically 5060 or 5061 tcp or udp, so will have iptables NAT these to an IP on the subnet of the alternate VLAN, then he'd use that VLAN's address as the rule for the source-based routing. this sort of thing really belongs on an iproute2/netfilter mail list, however, as its not at all centos specific. -- john r pierce N 37, W 122 santa cruz ca mid-left coast