Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the segment 192.168.1.0/24 via 10.10.10.1 /etc/sysconfig/ip6tables <BEGIN> *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -N DIVERT -A DIVERT -j MARK --set-mark 1 -A DIVERT -j ACCEPT -A PREROUTING -i br0 -p tcp -m socket -j DIVERT -A PREROUTING -i br0 -p tcp -d 2a02:1788:2fd::b2ff:5302 --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i br0 -m tcp -p tcp --dport 22 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 80 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 443 -m state --state NEW -j ACCEPT -A INPUT -i br0 -m tcp -p tcp --dport 3129 -m state --state NEW -j ACCEPT </END> the goal should be, that for specific IPv6 hosts (destination), the packets are redirected through the proxy running on the router box, other destinations should be just forwarded without proxy ... LAN port = br0 (dual stack), HE tunnel port = sit1 (ipv6 only), WAN port = eth1 (ipv4 only) Thanks, Walter