I''ve had this working before, but been a long time. I''ve done some googling as well as reading through the lartc pdf again, and not sure what I''m doing wrong but probably something stupid. I''ve got dual- isp''s, and connections comming in from both to hosts nat''d behind the firewall. I can get to services on the firewall, but not the nat''d hosts. Anyone have ideas? # Do some cleanup before we do the config ip route flush table T1 ip rule del from $INTERFACE_1_IP table T1 ip rule del fwmark 1 table T1 ip route flush table T2 ip rule del from $INTERFACE_2_IP table T2 ip rule del fwmark 2 table T2 # Additional Routing tables ip route add $INTERFACE_1_SUBNET dev eth0 src $INTERFACE_1_IP table T1 ip route add default via $INTERFACE_1_GATEWAY table T1 ip route add $INTERFACE_2_SUBNET dev eth1 src $INTERFACE_2_IP table T2 ip route add default via $INTERFACE_2_GATEWAY table T2 # Main routing table ip route add $INTERFACE_1_SUBNET dev eth0 src $INTERFACE_1_IP ip route add $INTERFACE_2_SUBNET dev eth1 src $INTERFACE_2_IP # Routing rules ip rule add from $INTERFACE_1_IP table T1 ip rule add from $INTERFACE_2_IP table T2 iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 2 ip rule add fwmark 1 table T1 ip rule add fwmark 2 table T2