Maybe you can use masquerading to accomplish your task. Something like: iptables -t nat -A POSTROUTING -d <ip of B> -j MASQUERADE
This way, B should think, A is the source. I haven't tested this, though - just a thought. HTH, Thomas "Peter A. Felvegi" <[EMAIL PROTECTED]> schrieb im Newsbeitrag news:[EMAIL PROTECTED] > hello all, > > there are two boxes, A and B. is it possible to set up the firewalls and > port forwarding on them that a port on A is forwarded to B, but one can > not connect to B directly? both machines have direct inet connection. > the whole point should be to have the users think that they connect to A, > but in practice they connect to B. they shouldn't discover the trick, so > direct connections to B are forbidden. btw, is it possible to detect port > forwarding by watching the traffic? > i can do the port forwarding part w/ iptables prerouting, but currently > i'm not able to restrict the access to B. if C (the client) connects to > A, it is forwarded and B sees the source ip C. filtering out C in the fw > rules of B will forbid both the direct and the indirect (through A) > connection. is there a solution? > > thanks, p > > >
