I've got some customers that have lots of bandwidth that are uploading and downloading files to our https:// help desk and are using up all of my T-1 at times. This leaves other customers sucking wind. I've taken a look at the '15.10. Example of a full nat solution with QoS' section. Would it work for me if I change the section that says eth0 to my internet adapter Serial0? If I can do that, will that allow fair sharing between all my customers of the https:// help desk? My setup: ////////// ///////////////// /////// https:// |-- |eth0 * Serial0 |-- |INET | ////////// ///////////////// /////// My proposed script: CEIL=1020 # actual is 1024Kbit IFACE=Serial0 tc qdisc add dev $IFACE root handle 1: htb default 15 tc class add dev $IFACE parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit tc class add dev $IFACE parent 1:1 classid 1:10 htb rate 170kbit ceil 170kbit prio 0 tc class add dev $IFACE parent 1:1 classid 1:11 htb rate 170kbit ceil ${CEIL}kbit prio 1 tc class add dev $IFACE parent 1:1 classid 1:12 htb rate 170kbit ceil ${CEIL}kbit prio 2 tc class add dev $IFACE parent 1:1 classid 1:13 htb rate 170kbit ceil ${CEIL}kbit prio 2 tc class add dev $IFACE parent 1:1 classid 1:14 htb rate 170kbit ceil ${CEIL}kbit prio 3 tc class add dev $IFACE parent 1:1 classid 1:15 htb rate 170kbit ceil ${CEIL}kbit prio 3 tc qdisc add dev $IFACE parent 1:12 handle 120: sfq perturb 10 tc qdisc add dev $IFACE parent 1:13 handle 130: sfq perturb 10 tc qdisc add dev $IFACE parent 1:14 handle 140: sfq perturb 10 tc qdisc add dev $IFACE parent 1:15 handle 150: sfq perturb 10 tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11 tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12 tc filter add dev $IFACE parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13 tc filter add dev $IFACE parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14 tc filter add dev $IFACE parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15 iptables -t mangle -I PREROUTING -p icmp -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p icmp -j RETURN iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p tcp -m tcp --sport ssh -j RETURN iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j MARK --set-mark 0x3 iptables -t mangle -I PREROUTING -p tcp -m tcp --sport https -j RETURN iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1 iptables -t mangle -I PREROUTING -m tos --tos Minimize-Delay -j RETURN iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5 iptables -t mangle -I PREROUTING -m tos --tos Minimize-Cost -j RETURN iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6 iptables -t mangle -I PREROUTING -m tos --tos Maximize-Throughput -j RETURN Thanks in advance for any suggestions Bernard _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/