Hi @ all, i have a problem how to configure shorewall for a specivic scenario and i hope someone can help me. I have a dsl line as default route (ppp0), a local network at eth0 and now a LTE router on eth1 eth0 network 192.168.115.0/24 eth1 network 192.168.2.0/24 (192.168.2.1 = lte router / 192.168.2.2 = eth1) Now to my problem. I'm running a openvpn server on port 1197 (udp) with local ip 192.168.2.2 In the lte router i forward packages from incoming port 1197 to 192.168.2.2 port 1197 If i start an external openvpn (client) connection to the lte router i see with tcpdump, that the package arrives at the server side with destination 192.168.2.2 but and that is the problem it comes with the public ip as source (from the client side) . That is ok in the incoming direction. But for the outgoing direction, from openvpn server back to the public ip (openvpn client) i have a routing problem. With the public ip it would be routed over the default gateway (ppp0) and not over the eth1 interface. Is there a way to mark (masq ?) the incoming packages from eth1 so, that they would be routed back over that interface ? how can i do this ... Sorry, for my bad english. Best regards, MrWeb ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds