bert hubert (ahu@xxxxxxx) wrote: > You need to mark packets when they're coming in on the inside, with a Perhaps the following should work (based on help from nice people at lartc mailing list :-)) # Set up the marking iptables -t mangle -A PREROUTING -s LAN_IP_ADDR -j MARK --set-mark 0x1 # Set up the Bandwidth Management tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit avpkt 1000 # Set up the root Class at 10Mbit tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10Mbit rate 10Mbit allot 1514 weight 1Mbit prio 8 maxburst 100 avpkt 1000 # Set up a restricted class with a rate of 100Kbit tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 10Mbit rate 100Kbit allot 1514 weight 50Kbit prio 7 maxburst 20 avpkt 1000 bounded tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:2 Make sure you substituted 'eth0' with the interface that is connected to your LAN. Josip
