Re: policy routing

[Fraser Campbell <fraser@starnix.com>]

Cenk Hasirlioglu <cenkh@efes.net.tr> writes:

> Packets are sending by dialup terminals (at the and of the
> FIGURE below).  Cisco routers on the way have their own
> different "default gateway"s but "next-hop" policies sends
> packets to linux.  Also linux sends packets to 7206
> (212.174.112.18, top of the FIGURE) by iproute settings. 
> 7206 can distribute local packets but it cannot send other
> packets to Internet.

Are you sure that the configuration of the 7206 would let it forward packets
from the other network?  Perhaps it only knows about it's attached network 
(212.174.112/?) and it is refusing to let out packets whose source address is
from the 212.174.232.0/24 network?

Your situation sounds a little more complicated than mine.  I have a single
firewall with a private IP DMZ.  Real IPs from each of the attached networks
are assigned to the firewall, ports are forwarded as needed and the ip rules
dictate that traffic from a given internal server be masqueraded as a
specific IP and routed out a specific gateway.  In all cases the default
route is a single hop.

-- 
fraser campbell <fraser@starnix.com>                          starnix inc.
tollfree: (905) 771-0017                        thornhill, ontario, canada
http://www.starnix.com/             professional linux services & products