> This is exactly what I dont understand: What are they? After all they > are just IP packets. And if I am able to apply to them a rule like > > $IPTABLES -A INPUT -p UDP -i $INET_IFACE -d 255.255.255.255 > --destination-port 67:68 -j DROP > > which discards them, why am I unable to apply a rule which redirects > them to another subnets interface? Shouldn't the DNAT thingy take care > of the new destination address? If you DNAT the DHCP request, the destination IP is not an broadcast anymore. And because of that, the DHCP server will not recognize it as a DHCP request. //Jesper
