Hello,

I have a server with two network cards. On will sit on one VLAN the other on another! Card 1 will have a public ip/netmask address and Card 2 and internal address/netmask.

I dont want anyone to be able to access the internal network through the server. The internal ip is only to be used for ssh access to the server. How would i set this up? If i just give the second network interface an ip address in a diffrent range the server dies! I asume i need to run some cleaver routing rule. Can anyone suggest what i need to be doing?

Thank You!

You could as root:
echo 0 >/proc/sys/net/ipv4/ip_forward

Your distro may have a config entry in a gui program, such as YaST2 for example, or an entry in a file like /etc/sysconfig/networking where you can have it done when you boot. On a gui config program, it may be a checkbox to enable forwarding.

Also, make sure that the LAN IP address isn't used as the gateway on any of the machines on the lan.

If you have a firewall config program, only open the ssh port on the inside interface. This will use iptables rules, or you could edit them manually.

die? what u mean? which interface can't serve the user?

The OP doesn't want traffic routed from eth1 (LAN) to eth0 (ethernet). (I'm making up device names because they weren't given.)