Fabien Ribes wrote: > > Hi, > > As no solution appeared, I try again, here is my config (figure > clarified by Darryl Miles) > > 10.67.28.0/24 > -----------+----------------------------------+----------- > eth1 | 10.67.28.2 eth1 | 10.67.28.1 > +-----+-----+ +-----+------+ > | FIREWALL | | HOST | > | | | | > +-----+-----+ +-----+------+ > eth0 | 10.67.27.2 eth0 | 10.67.27.1 > -----------+----------------------------------+----------- > 10.67.27.0/24 > > The question: > >From the host, how to force a packet destined to 10.67.27.1 to go > through the firewall since > > route add -host 10.67.27.1 gw 10.67.27.2 dev eth0 > > is not enough ? > > Thanks for your help > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org Well, if what you really went to test is something like this: - Process A on host needs to talk to Process B on host, but traffic must pass trough the firewall. Only trick I can think of is with NATING and something like this: On host: ======== Process on Host doesn't connect to 10.67.27.1 but to 10.67.28.3 I think it is the only way for traffic to pass via firewall. On firewall: ============ Create alias interface eth1:0 10.67.28.3. Do destination nating so that packet with destination of 10.67.28.3 are NATED with destination of 10.67.27.1. Or, if this is for a paricular port number, do port forwarding so that on the firewall, connection on 10.67.28.3 port X are forwarded to 10.67.27.1 port X. And to make sure that replys come back trough the firewall, you'll probaly need to masquerade trafic forwarded on eth0 of the firewall so that packet from 10.67.28.1, going on 10.67.27.1 "appears" to come from 10.67.27.2 i.e. packet received by host on eth0 needs to have as source address the address of eth0 on the firewall. It might work... Danny Lepage - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
