Gday all....\ngot a few q's on how to properly implement & correct a routing problem\ni have.\nConsider the following physical network:\n\n\nLAN -\-\- (Switch) -\-\- Linux -\-\- (Switch) -\-\- ADSL2+ Modem\n +-\-\-\-\-\- PIX -\-\-\-\-\-\-+\n\n\nLinux Int - 172.30.1.254, Ext- 172.30.250.254\nPIX Int - 172.30.1.251, Ext- 172.30.250.251\nADSL - 172.30.250.250\nADSL External has static IP - 18.104.22.168\n\nThe LAN has the Linux box as its default gateway. This linux box is\nNAT'ing this into the External Network, and the ADSL2 modem is NAT'ing\nthe external to the Internet.\n\nThe External interface of the PIX is defined as the 'DMZ' host in the\nADSL modem, so it receives all requests hitting the external interface.\nThis PIX then forwards on the requests to the appropriate LAN server\n(mail + web etc). This PIX is also a PPTP/IPSEC Vpn server to allow\ninternet users to log into the LAN.\n\nNow...why do it like this? I want the IPSec/Firewall features of the\nPIX, but the PIX is a 10 user 501, which only has 10mbit interfaces,\nand my ADSL2 connection is 24mbit, and I have around 30 machines on the\nLAN.\n\nNow, the problem. All the LAN users have no hassles accessing the\ninternet correctly. External services though...this is the issue. When\na user, for example, connects to port 25 for a SMTP session, hits the\n22.214.171.124 address, the pix forwards it on to the correct server. When the\nTCP stack on that server replies with its SYN/ACK though, it gets sent\nback via the Linux machine, being the default route. This confuses the\nADSL modem, which treats it as a new packet, re-nat's it, and sends to\nback to the user. The user's machine then replies with a RST because it\ndoesnt understand what the hell is going on. Hence the connection\nfails. What to do?\nI am puzzled. Any help would be fantastic - cheers!!