All: It's been years since I posted here. I've got a situation that I could use some help on. I've got a client who is doing some interesting things. I've got a firewall with four Ethernet interfaces in that connects to the Internet via PPPoE. eth0 - Internal private network eth1 - Public wireless network for their clients and visitor use eth2 - connection to DSL via PPPoE eth3 - connection to internal VOIP system (use for failover if dedicated VOIP internet connection fails) tun0 - OpenVPN ppp0 - External connection Everything has worked fine in this site for years. The client recently decided to move to a VOIP system for their internal phones, and it has it's own Internet connection to the provider. The VOIP provider's proprietary router has an Ethernet interface to allow failover connection to a secondary provider if their own network fails. eth3 is set up as static 10.20.0.2/255.255.0.0/16 with the external Ethernet interface on the VOIP router (10.20.0.1) as the default gateway on the network. I've set up iproute2 to add a new table in /etc/iproute2/rt_tables: 100 voip_provider 255 local 254 main 253 default In /etc/network I've added a script if-post-up-eth3.sh: ip rule add from 222.88.20.0/24 table voip_provider ip rule add from 222.88.21.0/24 table voip_provider ip rule add from 222.88.22.0/24 table voip_provider ip route add default via 10.20.0.1 dev eth3 table voip_provider ip route flush cache ip masq is working for eth3. I can connect a PC on the eth3 10.20.0.0/16 network and it has no problem surfing etc. What I want to do is have packets from all of the specified external subnets routed out of the firewall to the address 10.20.0.1 on eth3. Basically, all external traffic from these source address ranges need to be forwarded to the VOIP provider's router, with no exception. Any ideas? -- Bill S