Rasputin wrote:
>>>At the moment prometheus is trying to route between two interfaces which are
>>>both on the same LAN, like this:
>>>
>>>   ISP  ----  < 66.136.7.248/29 network > -- prometheus --- <66.136.7.248/29> --- hermes
>>>
>>>which makes no sense - that's why my last post was gibberish :).
>>
>>*grin*
>>
>>I was originally hoping that it *did* make sense.  Now it's just a matter
>>of ``I don't understand why it *can't* be that way.''
> 
> 
> Basically, it confuses the router if you try to route between 2 identical
> (as far as it's concerned) networks.  It's like walking into Cardiff
> train station and saying 'two tickets to Cardiff, please' - the
> ticket seller just says 'but you're in Cardiff?'.
>  

Actually, my network is set up just like that, and working :D
With that setup I have one machine (prometheus in the example) which does 
all the firewalling and some more nice things.

All it took was to:
- the prometheus' interfaces to the same address on both ends
- set up the prometheus to (statically) route the different hosts in the 
/29 to different interfaces (the appropriate ones)
- set up the hermes-es to default route through prometheus
- tell the ISP to send all the traffic through prometheus

This way I lost the ability to talk from hermes to ISP network (on the /29) 
but since I had nothing I wanted to talk to but the gateway on that end 
(remember I want all traffic to go through prometheus for firewalling) so I 
did nothing to solve that. Okay, I get a * * * on the second hop when I 
traceroute from the hermeses, but I couldn't care less.
I am quite sure a simple and efficient solution to this glitch exists, but 
I haven't spent any time looking for it.

Hope this helps :)

-- 
--- TLD
"There is no Good, one thorough, there is no Evil, there is only Flesh"
   [Pinhead]