Ahah ... perhaps you should draw a picture? This is what I get from your discription:
I would have expected:puts the server in a DMZ?

I'm starting to wonder if I'm being too simplistic? If you use the server box just for experimenting with software routing and learning about bastion hosts, IP forwarding and all that, then you may only be using the server or the router at any one time:(i.e. only one of server or router connected to modem at any time.)

/---------------[router]------------[network]
[modem]----[hub] |
\---------------[server]

I did it this way cause I had already built the network and I have other people on the network so I didn't want to be taking it down and up while I play around w/ the server.

Oh and I forgot to mention I managed to prefect remoting in, but I've encountered a problem where if I plug in the nic that connects server to router while I have the other server nic installed, Remoting in outside the network just times out?

was wondering if you had any idea why?

Well... the modem sends tcp/ip packets to the hub. The hub passes those packets to everyone it is connected to ... i.e. router and server.

If the router is connected to the server as well (i.e. the server is also on the LAN) then packets adressed to the server can arrive from two directions... from the LAN and from the external connection. The LAN packet will probably arrive just after the external one.

You may need to stop the router sending externally sourced packets to the server (the server gets these directly ... which is what you want) and stop the server sending external-directed packets to the router.

(You can probably do this with iptables on the router.)

wow ok...Hum, ok Thanks for the info. I hope my router is complicated enough, its just a simple linksys home wireless-b router.

I was looking through my router config and I found options:
IPSec Pass Through
Multicast Pass Through
PPTP Pass Through
PPPoE Pass Through

these were all enabled, would that be what was causing the problem?

(You can probably do this with iptables on the router.)

Sorry, my bad, I meant in the server.
If eth0 is from the hub/modem and eth1 is from the router (which is probably also an ethernet switch right?) then you want to drop packets coming in eth1 which are sourced from outside the network.

Of course, there is another way.
You could simplify your setup.

Just put the server on the LAN behind the router.

If it is a web server, requests for your webpage can be routed to it. You'll also be able to offer other services direct to the LAN. Bringing the server down won't interfere with the operation of the LAN in terms of internet sharing - just the services hosted by your server box will vanish.

You just won't be able to use it as a software router is all (Though you could hang that hub off the second nic, and so have an extra LAN all to yourself? Practise intranet routing that way?)

This way - the router automatically sends packets for the server to the server and there's no conflicts. Packets from the internet destined for hostname@mylan2.net will also go to the server for routing. (Enable IP forwarding and let iptables do the routing... though you may have fun setting up the router.)

I think you'll find this easier to set up for what you want to do.

I thought about doing it that way, the problem for me is this is a test server so its constantly going up and down, and I don't want the people behind the router to lose contivity, which was specifically why I kept it outside router + I didn't want to do port forwarding on the router, I wanted to get everything behind the router locked down and then just have the sole server as the access in.

1. Your existing LAN is modelled as mylan1.net and IP forwarding is what routers do.
2. You already have your internet connected to your LAN via the router.

So - noone on mylan1.net will lose connection when the server goes down Mylan2.net will be just for you to play with - i.e. optional.

The only real advantage to your existing set up is that, when the server is down, the LAN still gets it's internet via the router. (Which is most of the time.) Oh and I guess web pages can be presented direct to the web.

Still, it's your thing.