Hi, I have a linux box with 2 ethernet interfaces, one (eth1) to my internal network, the other (eth0) to an ADSL modem. eth0 gets the IP address given by the ISP via DHCP Spoofing from the modem, eth1 has an internal address (10.x.x.x). The linux system has only IP tables running with the following configuration: # Generated by iptables-save v1.2.3 on Fri Nov 30 03:13:03 2001 *nat :PREROUTING ACCEPT [4:336] :POSTROUTING ACCEPT [1:68] :OUTPUT ACCEPT [6:376] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Fri Nov 30 03:13:03 2001 # Generated by iptables-save v1.2.3 on Fri Nov 30 03:13:03 2001 *filter :INPUT ACCEPT [721:140547] :FORWARD ACCEPT [365:30660] :OUTPUT ACCEPT [802:82552] -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT COMMIT # Completed on Fri Nov 30 03:13:03 2001 While hoping to tune the traffic queues a bit to solve the speed dip when using both up and download, I turned on QoS in the kernel. From that moment on I can no longer visit the Internet via machines on my local net. It seems as if either the masquerading no longer works, or (more probable) that packets of eth1 are no longer forwarded to eth0 (or the other way around). Now I have looked in the archives for a solution, but without much luck. This might still be a stupid question though, sorry for that beforehand. If you have a solution/answer to this problem I (still) like to know. Kind regards, Frank
