Hi Bruno Maciel Fonseca, I try to solve your problem, if I'm wrong please somebody correct me. The weakness of ordinary method of QoS in Linux is only working to outgoing traffic of that interface. But this limitation overcome by using ingress method. > Router: eth0: 192.168.0.207 > eth1: 10.0.1.1 > Client: 10.0.1.2 is the right client 10.0.5.2 ? There is no problem with your script with u32. But maybe it can be more efficient that to remove classid 1:1 and change the parent of 1:10 to 1:0 like below: SCRIPT WITH u32: tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 256Kbit avpkt 1000 cell 8 tc class add dev eth0 parent 1:0 classid 1:10 cbq bandwidth 256Kbit rate 64Kbit weight 6Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded tc qdisc add dev eth0 parent 1:10 tbf rate 64Kbit buffer 10Kb/8 limit 15Kb mtu 1500 tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 10.0.5.2 flowid 1:10 Hey, I got another idea if you use only one group of client you can use only two lines below. This will make your CPU proccessor working a little. Please let me know if I'm wrong, I never tried it before. But I have ever tried to limit the bandwidth of interface without tc filter command, that will make all outgoing traffic of interface eth0 will be limited to 64 Kbit. SCRIPT WITH u32: tc qdisc add dev eth0 root handle 1:0 tbf rate 64Kbit buffer 10Kb/8 limit 15Kb mtu 1500 tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 10.0.5.2 flowid 1:0 Let's look your main problem, you must use eth1 not eth0 to your commands. You can't use ipchains like that because it only marking the incoming packet of interface eth1. And I think it's better to use tbf than sfq for limiting traffic. The right commands is at below, but you can make more efficient like above. SCRIPT WITH fw: ipchains -A forward -s 10.0.5.0/24 -j MASQ tc qdisc add dev eth1 root handle 1: cbq bandwidth 128Kbit avpkt 1000 tc class add dev eth1 parent 1:0 classid 1:1 cbq bandwidth 128Kbit rate 128Kbit allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000 tc class add dev eth1 parent 1:1 classid 1:2 cbq bandwidth 128Kbit rate 128Kbit allot 1514 weight 12Kbit prio 8 maxburst 20 avpkt 1000 tc class add dev eth1 parent 1:2 classid 1:11 cbq bandwidth 128Kbit rate 128Kbit allot 1514 weight 2Kbit prio 5 maxburst 20 avpkt 1000 split 1:2 tc qdisc add dev eth1 parent 1:11 sfq quantum 1514b perturb 15 tc filter add dev eth1 parent 1:11 protocol ip prio 100 u32 match ip dst 10.0.5.2 flowid 1:11 Regards, Junus Junarto D.
