I have two interfaces on my machine, and what I need to do is to close off eth1 using iptables due to that interface connecting directly to the DMZ on the router. (Snort is listening on the interface, and thats the interfaces only purpose)

The other interface is eth0 and is connected via the router. This is the interface that is to have no restrictions on it at all.

When I use iptables iptables -i eth1 -A INPUT -j DROP. I cannot get a network connection when this rule is in use. The webserver on the box allows no connection and email is not collected, Even though eth1 is specified. Could this be because the system is trying to use eht1 over eth0, if so how can I tell thesystem to use eth0?

Just to be clear:

Eth0 Protected network connection. No constraints or controls are needed.
Eth1 Snort interface, connected to DMZ, needs stealth


Thanks

Michael

How does your 'route' result look like? Maybe eth1 is your default interface, not eth0?

Yes, it does look like eth1 is the default interface.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default inetpoint 0.0.0.0 UG 0 0 0 eth1

How do I cahnge it?

When I try and add a route with eth0 it states that "Network Unreachable". When I unplug the cable thats attached to eth1, there is no connection at all.

Any one have any ideas whats happening here????

Are you trying to put two NICs on the same subnet, by any chance?

they are both using 255.255.255.0 eth0 ip is 192.168.1.5 and eth1 is 192.168.1.4

If I was to put them on different subnets it would not work would it? The rest of the network is using a subnet of 255.255.255.0.

I have just tried to put eth1 on subnet 255.255.0.0 and it keeps the routing table as:


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default inetpoint 0.0.0.0 UG 0 0 0 eth0

BUT: When I apply the IPTables it will not block off ports and does not stealth the box. I am using this rule: iptables -i eth1 -A INPUT -j DROP.

The IP 192.168.1.4 (Eth1)replys to pings from the other subnet without having to set a static route on the router, but refuses to block off using iptables. Do I have to add something else to the rule?

It won't work this way..What you can do is
1) use different subnets for the cards and leave 255.255.255.0 netmask
2) divide 192.168.1.0/255.255.255.0 into two subnets, one for every interase (requires change of one of the IPs)

Could you tell us what you're trying to do with this config?

Mara is absolutley correct. The Linux Stack will not allow multi-homing of interfaces (unless you are load-balancing, in which case both NICs have the same IP). If two NICs are in the same subnet, Linux will only use one of the interfaces to respond, reguardless of which interface the request came in on. Which can obviously casue problems. Time for some networking 101. Seperate your networks and enable routing if you need to communicate between them.