Hi Folks, I'm using a 2.4.x kernel and TC from the iproute2 package so that I can limit traffic through my gateway. I'm using this to mark packets when they leave the LAN: /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0 -m 1 When the packets return, I need to have them marked again so that the ingress filter will limit the bandwidth in the opposite direction. The only way I have found to do this, is to mark EVERY packet like this: /sbin/ipchains -A input -i eth0 -s 0.0.0.0/0 -d 12.10.109.52/32 -m 1 This works, but what I would really like to do, is mark the 192.168.1.0/24 packets instead (after they have been "un-masq'ed", so that I can limit bandwidth on each interface in the gateway box. Is this possible? Thanks, Barton
