advanced routing on virtual interfaces

Hello all,

following nic setup for firewall:
* 1 nic (nic1) for connection with ISP1 + 2 virtual interfaces (eth0:1 and
eth0:2)
* 1 nic (nic2) for connection with DMZ
* 1 nic (nic3) for connection with ISP2 + 2 virtual interfaces (eth2:1 and
eth2:2) (added recently)

I was able to connect to my firewall and servers in DMZ through the first
connection (ISP1) but was unable to access these machines through the
second connection (ISP2). So I looked into advanced routing to be able to
contact my firewall/servers through both connections.

On my firewall I have set up 'routing for multiple uplinks/providers' as
described in the Adv-Routing-HOWTO. The firewall's 2 public IP's (one for
each provider) can be pinged from outside the network. So far so good.

On both nic1 and nic2 I have defined virtual interfaces to map public IP's
to servers in the DMZ. By using netfilters address translation (DNAT) I am
able to connect to the DMZ servers over my first connection (ISP1) (just as
before using advanced routing). But on my second connection I run into
problems. Although I can ping the public IP provided by ISP2 for the
firewall, I'm unable to ping or connect to the public IP's provided by ISP2
for my DMZ server.

Any idea what is causing this behaviour? Solutions? Am I forgetting
something?


TIA


nobody