Hi, I''ve been trying to set up my firewall so it uses the 2 adsl connections I have, but I have a problem. The outline is the following: ADSL1 -> eth0 ADSL2-> eth1 LAN -> eth2 The interfaces data are: eth0 -> 80.xx.xx.208/24 gw: 80.xx.xx.1 eth1-> 213.yy.yy.131/26 gw: 213.yy.yy.129 eth2-> 192.168.4.21/24 The network interfaces are set up when the machine starts, without adding any default gateways. My shorewall is set up so it starts creating a routing table. For each of the external interfaces, and it creates a default route with a different weight for each adsl. These are the setup files: shorewall.conf LOGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGRATELOGBURSTLOGUNCLEAN=info BLACKLIST_LOGLEVELLOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIRFW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes NAT_BEFORE_RULES=Yes DETECT_DNAT_IPADDRS=Yes MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP init # Outgoing Load Balancing if [ -z "`ip rule list | grep T1`" || -z "`ip rule list | grep T2`" ]; then ip route add 80.xx.xx.0/24 dev eth0 src 80.xx.xx.208 table T1 ip route add default via 80.xx.xx.1 table T1 ip route add 213.yy.yy.128/26 dev eth1 src 213.yy.yy.131 table T2 ip route add default via 213.yy.yy.129 table T2 ip rule add from 80.xx.xx.208 table T1 ip rule add from 213.yy.yy.131 table T2 ip route add default scope global nexthop via 80.xx.xx.1 \ dev eth0 weight 4 nexthop via 213.yy.yy.129 dev eth1 weight 1 fi fi interfaces net eth0 detect dhcp,routefilter,norfc1918 net eth1 detect loc eth2 detect zones net Net Internet loc Local Local Networks masq eth0 192.168.4.0/24 eth1 192.168.4.0/24 # ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 3: gre0@NONE: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:01:02:df:54:31 brd ff:ff:ff:ff:ff:ff inet 80.xx.xx.208/24 brd 80.255.255.255 scope global eth0 5: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:90:27:22:1d:31 brd ff:ff:ff:ff:ff:ff inet 213.yy.yy.131/26 brd 213.yy.yy.255 scope global eth1 6: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:90:27:0f:db:5e brd ff:ff:ff:ff:ff:ff inet 192.168.4.21/24 brd 192.168.4.255 scope global eth2 # ip route show 213.yy.yy.128/26 dev eth1 proto kernel scope link src 213.yy.yy.131 192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.21 80.xx.xx.0/24 dev eth0 proto kernel scope link src 80.xx.xx.208 default nexthop via 80.xx.xx.1 dev eth0 weight 4 nexthop via 213.yy.yy.129 dev eth1 weight 1 The problem is that the system works, but for instance, if an ssh session is opened from a workstation against an external machine, and on the other side the navigator, everything works. But after some time, the ssh connection halts (breaks). Any idea about what''s happening? Thanks a lot Sergio Navarro