0

so i just wondered, how i can route the whole traffic from server A through server B, so the traceroute looks like this:

Server A IP is 33.33.33.33 and Server B IP is 55.55.55.55
1: 1.1.1.1

2: 2.2.2.2

3: 6.6.6.6 

4: 55.55.55.55

5: 33.33.33.33

So that it is not possible to access server a without getting trough server B.

i have two servers, server is hosted in france, server b in italy.

i used google a lot, but couldn't find the "right" word for what i want, now, what is needed for server B to act as a "route-server", and what is needed for server A do go trough server B? i would like to use server B as a small "firewall", befor the traffic hits server A.

both servers are linux machines.

EEAA
  • 108,414
  • 18
  • 172
  • 242
0x0b
  • 1
  • 1
  • There are a few different ways to accomplish setting up a proxy server the way you'd like to. One way to do it would be adding the servers to a VPN, setting up forward rules on the proxy host, and disallowing all traffic from the non-VPN interfaces on the proxied host, and ensuring that the VPN route is the default gateway for the proxied host. – Parthian Shot Feb 29 '16 at 19:33
  • The easiest way to understand how this would work starts with Server B having **two** network interfaces. But I think before you work on understanding firewalls you have to understand routing. Perhaps start here: https://www.youtube.com/watch?v=LxNgWsseE0w – Todd Wilcox Feb 29 '16 at 19:33

1 Answers1

0

What you are trying to do is specificity a route. You would do this in your router.

You seem to be looking to have a transparent bridge mode firewall. This would look like this flow.

Internet -> Router WAN, Router LAN -> Firewall NIC 1, Firewall NIC 2 -> LAN

Look at Untangle (open source) which should give you a good explanation about transparent bridge mode.

There are many ways to do what you are asking about.

The two primary ways are to design your physical network topology so that all traffic must flow through the firewall and to setup a network route so that all traffic leaving one network must go through your firewall.

user5870571
  • 2,900
  • 2
  • 11
  • 33
  • @ToddWilcox which is what Untangle actually is (linux router/firewall with 2 NICs). – user5870571 Feb 29 '16 at 20:20
  • Ah, I misread your answer. – Todd Wilcox Feb 29 '16 at 20:28
  • From the OP's post: `i have two servers, server is hosted in france, server b in italy`. If I had to guess, I'd say they probably have a reason for that. Could be wrong, but usually when you have servers spread across multiple countries, it's for a reason less tractable than "I clicked the button to deploy in country X v. country Y". So, a change in physical network topology probably wouldn't work. – Parthian Shot Feb 29 '16 at 21:27
  • Agreed which is why the first point I made was that he needs to his routers to properly route the traffic. There are many hardware and also software configuration solutions to the problem but at the end of the day either a physical network topology change or a route configuration change needs to take place. – user5870571 Feb 29 '16 at 21:30