On Thu, Sep 27, 2012 at 7:46 AM, Gordon Messmer <yinyang at eburg.com> wrote: > On 09/26/2012 09:15 AM, Steve Clark wrote: >> Is there a way to make this work correctly? > > Shorewall will generate a proper configuration if you specify the > "track" option in the "providers" file. It might be a good idea to use > that to generate your configs rather than building them by hand. > > I believe that you need to mark your connections and use the marks to > select the routing table, in addition to using the "from" rules that you > posted. Otherwise, nothing binds the connection to a fixed > route/interface in a load balanced configuration. In addition, you should ideally applying the following patches for Static, Alternative Routes, Dead Gateway Detection & NAT and recompile the kernel: http://www.ssi.bg/~ja/#routes Thanks, -- Manish Kathuria