Hello everyone. I am currently using SuSEfirewall2 with the following configuration. FW_DEV_EXT="eth0" FW_DEV_INT="eth1 eth2" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24 192.168.254.0/24" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_INT_TCP="ssh" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="no" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="no" FW_IGNORE_FW_BROADCAST="yes" FW_ALLOW_CLASS_ROUTING="yes" I have a firewall with 3 interfaces. eth0 is outside,public. eth1 is one local subnet (192.168.0/24), private. eth2 is a second internal private subnet(192.168.254/24). I have routing setup beween both subnets and I am able to ping across the firewall/router from one subnet to the other. Currently I have a DHCP server installed in the 192.168.0/24 subnet. Address 192.168.0.2. On the firewall I installed the DHCP realy package from the suse 7.2 CD It listenes on eth2 and forwards all request to 192.168.0.2 (the DHCP server). when I check the dhcp server logs I see that it is creating a lease for the new host on eth2 of the firewall. However the host is not receiving the address. I sure that it is a small misconfiguration on the firewall, but I cannot figure out what it is. Any help is greatly appreciated. If you need more information just e-mail me and I will try to get it. Thanks is advance, Pablo A. Maurin