Thank you Alex and Rodoflo both for such quick replies. I did not want to get too specific and loose peoples attention. I will be happy to now of course. > Your iptable rules are fine by this time. Not enough info from your > post. Are there any rules you set manually or services started the same > way? I am not quite sure what you mean by this. All services are started during boot up. ssh, snort, network, iptables, etc. I disabled the ability to ssh as root. I ssh into the ip address of 192.9.200.10 which is the LAN card (eth0) as a non root user. I then then su - and become root. I am only allowing port 22:tcp on the host firewall. > > > 2) I then use system-config-network-gui though the ssh connection to > > get a nice gui from the remote machine. > > Expect u r using the right command. Or maybe you should try changing > manually /etc/sysconfig/network-scripts/ifcfg-ethX (X is the card's > number) Well I am using /etc/sysconfig/network-scripts/ifcfg-eth0 to configure both eth0 which is the lan card and to configure eth3 which is the stealth DMZ card. For the IP address i put 0.0.0.0. so that it is stealth. (This way it can see all traffic but will never send any traffic.) > > > 3) There is no DHCP server on the DMZ so i give it a static address on > > the same subnet, set subnet mask to 255.255.255.0 and default gateway > > to the correct default gateway. > > Probably this is the error. I cant understand you well, but if it is the > case, you must not use two cards on the same subnet. Try another > approach from the same LAN card. > Now that i have giving you some more insite. Here are all the details: Normal config is this: Eth0 is the LAN card with an: IP address of 192.9.200.10 Subnet of 255.255.255.0 Default gateway of 192.9.200.2 (the LAN interface on the firewall) and eth3 99 percent of the time has: IP address of 0.0.0.0 Subnet is blank Default gateway is blank Every once in a blue moon (if i want to remotely configure the DMZ switch for example) i would like to change the settings of eth3 to this: IP address of 192.168.218.x (as long as x is not the same as the webserver, email server or anything else on the DMZ i can use anything... for example 192.168.218.30) subnet mask: 255.255.255.0 Default Gateway of 192.168.218.2 (the DMZ interface on the firewall) > > 4) I then apply changes and activate the card. > > try using ifup ethX > > > At this point it kicks me out. It makes sense on some level that it > > would kick me out because the applet is restarting the network > > service. > > Not necessarily. If you are restarting the service, iptables could be > restarting also. Check logs, please. If IPTables is restarting, wouldn't port 22 still be open once it came back up. Shouldn't i still be able to ssh in on that port? I am sorry, this is all from memory. Like i explained before i am currently locked out of that machine and can not get see the logs. I am going to have to wait until someone on the remote office has the time to walk though shutting down eth3 (ifconfig eth3 down) and shutting down and then bringing up eth0 (ifconfig eth0 down && ifconfig eth3 up 192.9.200.10 netmask 255.255.255.0 gw 192.9.200.2. I hope i have given you enough details without boring you. Again i really appreciate your help and would be more than happy to clarify anything else.
