hi all, I use the following network topology: Internet | (official IP) Router1 (192.168.1.1) | | eth0 (192.168.1.2) eth0 (official IP) Router2/Firewall eth2(192.168.1.3) --- DMZ eth1 (official IP) eth0:1 (192.168.1.4) | | Local Network (official IPs) The official Network consists of a Subnet with 16 IP adresses. The router/fw is an p133 which uses kernel 2.4.2 and iptables. The DMZ (yes, its not a really DMZ :) is one host, running a www server, a mail server and some other daemons. Default gateway for DMZ is 192.168.1.3 (eth2 on FW) how you can see. The problem is, linux uses the first IP (?), which it can use for the fastest hop and therefor, if I ping the internet, the router1 can't forward the internal IP to the net. If I use ping -I OFFICIAL_IP internet, everything works fine! I installed the package "iproute" but I can't set up the routing with this. There is no manpage and the howto is little bit short. :) Is it possible to give the system an other IP (official) than the internal IP which linux uses as default ? Same problem occurs on the FW host. Second problem: How can I accept dhcp in iptables ? Can I use connection tracking ? Someone telled me, dhcp isn't using protocols like tcp or udp so how do I have to filter/accept them ? Last thing :) : iptables is messing up my messagelog. I wrote a script where I can define a loglevel at first what should I add do syslogd.conf if I want to write all firewall-msgs to /var/log/firewall for example ? The ULOG option is more complicated so I think adding a rule to syslogd is easier. thx for any help ! Marco -- Marco Ahrendt phone : +49-341-98-474-0 adconsys AG fax : +49-341-98-474-59 Karl-Liebknecht-Str. 19 email : marco.ahrendt@adconsys.de 04107 Leipzig/Germany gnupg key at www.aktex.net/marco_work.asc