That's true rob, should be in the OUTPUT traffic. But rob, the problem is I'm trying to limit the upstream which in the case in which is squid is used, seems always to come from the local machine to the internet, so TC will not know to whom belongs that packet, it just belong to the local machine. There is where dscp is needed, in order to know (with squid's help) to know to whom the "routered" packet belongs. I have already posted this question on the netfilter maillist, but I haven't had an answer. >locally generated traffic should be in the OUTPUT chain, if you specify the >source port and the destination (device?) then i think you should not >need -m dscp anymore. > >-- >rob > > > -- Behold the warranty ... the bold print giveth and the fine print taketh away. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/