I have a network 128.187.2.0/24 and 128.187.1.0/24 that was setup by a vendor. I''m not too sure about the subnet mask above might be 16. I have a host on 128.187.2.1 and 128.187.1.1 that I need a network to talk to. I have a firewall setup like the following. eth1: 128.187.3.1/24 and eth2: 128.187.4.1/24 - with clients on each side of the lan with default gateway being the interface that it is connected to. The 128.187.2.1 is on the hub that eth2 is connected to and 128.187.1.1 is on the hub that eth1 is connected to. I have done the following: echo 1 > /proc/sys/net/ipv4/ip_forward ip route replace 128.187.1.1 dev eth1 ip route replace 128.187.2.1 dev eth2 From the firewall I can ping 128.187.1.1 & 128.187.2.1. clients from the 128.187.3.0 side can''t ping 128.187.2.1 and clients from the 128.187.4.0 side can''t ping 128.187.1.1