Dear bhik, You have a reasonable question which gets asked often here in many different forms. It should not be hard for you to answer the question for yourself by examining the kernel packet traveling diagram on www.docum.org: http://www.docum.org/stef.coene/qos/kptd/ : This is because the packets are Natted. Is it possible that when the : packets arrive from eth0 to eth1 no natting is done and at the time of : xmit at eth1 Natting takes place. Your supposition is absolutely correct. You might consider using the iptables MARK target to tag the desired packets and apply traffic control based on this fwmark on the packet. See the discussion of fwmark and queuing at LARTC: http://lartc.org/howto/lartc.qdisc.filters.html : iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 202.88.151.1 : iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE I'd also caution you to decide whether you are using SNAT or MASQUERADE. If the iptables rules are entered in this order on your publicly addressed host, then your "-j MASQUERADE" rule is extraneous. For an explanation of the difference between SNAT and MASQUERADE, consult http://iptables-tutorial.frozentux.net/iptables-tutorial.html#MASQUERADETARGET http://iptables-tutorial.frozentux.net/iptables-tutorial.html#SNATTARGET Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
