Well I don't know what to tell you. I should really try DD-WRT on other hardware to see if it behaves differently (I can't imagine so) I have the standard dd-wrt build, Firmware: DD-WRT v24-sp2 (08/07/10) std on a Ubiquiti Router Station pro. With two terminals open on my linux server, one running rip44d -v and the other running tcpdump, and an entry in the portal, I see nothing. Shortly after I enable DMZ, set to 192.168.1.100 (my linux servers inside address) I see them. I logged into the DD-WRT terminal and ran iptables -L, before and after enabling DMZ in the GUI to see what it changes. the magic appears to be this line: target prot opt source destination ACCEPT 0 -- anywhere 192.168.1.100 This is under the Chain FORWARD (policy ACCEPT) That line is absent without DMZ enabled. I have no rules that specify a broadcast address. That is really the only way I can imagine IPIP reaching a machine on the inside of a network, without a specific forwarding rule directing it to a specific inside IP address. Lynwood, could you share a dump of your iptables -L (sanitize as needed) Curiosity has the best of me at this point. Steve, KB9MWR