Hi all, I have two /27 networks on a shorewall box (fw) that is providing DNAT/MASQ for a lan. The DNAT seems to be working fine, but I haven''t figured out a way to get the MASQ working as I want it to. eth0 - lan (this is the gw for the lan) eth1 - first/27 eth2 - second/27 I want to have outgoing connections from the lan masqueraded randomly from eth1 and eth2. What happens right now is: Connections made from the fw randomly use only the first ip from each /27. Connections made from the lan masq only through the second/27. but randomly pick from that /27. The second/27 is last in the masq file. As far as I can tell, connections made from the fw are routed using the iproute2 balance route, and connections from the lan are masq''d through netfilter which only supports 1 interface (the last one in the masq file). Is there a way to accomplish this/a preferred solution? providers file: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY fiber 1 1 main eth1 x.x.x.x track,balance eth0 xdsl 2 2 main eth2 y.y.y.y track,balance eth0 masq file: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth1 10.0.0.0/24 x.x.x.x-x.x.x.y eth2 10.0.0.0/24 w.w.w.w-w.w.w.z Thanks! ds ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV