On 11-12-02 17:20, Greg Scott wrote:

OK.  But I dunno....  I set eth0 on the router with the same address as
the real host behind it on eth1.  So something comes in on eth0 for
1.2.115.157.  The router has that as its own address now, plus a route
to somebody else with the same address on eth1.  But as far as the
router/firewall is concerned, that packet is already delivered - why
would it forward it out on eth1?

Where the packet gets delivered is decided by the routing - and the very 
first table traversed is local - which is auto filled by the kernel. But 
that routing rule still can be forcibly removed, after which the next 
matching one is the one added manually - after which the packet will end 
in FORWARD, instead of INPUT.

(and keep in mind earlier David's warning about confusing 
programs/services - it's still doable, but requires more manual labor - 
proxy is certianly cleaner and just works)