Hi, > My problem is that it only shapes traffic going into the MASQed network > and not from it. I've been trying to figure out why, and the only reason I > can think of is that once the traffic passes through eth0 going out to the > public network the packets are no longer tagged with a 192.168.10.x ip, > but rather the public address. Is this the case? Yes. But I guess you can use the firewall mark and let ipchains (and probably also netfilter in 2.4) mark masqgraded packets with some specific value and then use filters to match this specific mark. I have not tried this myself, though. Christian
