Hi, you may check if /proc/sys/net/ipv4/conf/eth3/rp_filter is 0.
If it is 1 the kernel does a route lookup for an outgoing pseudo packet for every packet arriving on eth3. This pseudo packet is the incoming packet but with src and dst address exchanged. Only if this route goes via the same device as the original packet arrived on the latter is accepted. I don't think that netfilter is consulted in this process. So there this pseudo-packet is not marked and therefor your isdn table is not consulted. The iif roules will not match either. Instead table main is consulted where a route is found. But this route is via eth2. Please note that if you set /proc/sys/net/ipv4/conf/eth3/rp_filter to 0 you probably want to check the src address of incoming packets on eth3 for not being ones from your eth1. Greetings, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts Leopoldstraße 15 80802 München [EMAIL PROTECTED] http://www.studentenwerk.mhn.de/ - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
