Hi All, We are doing traffic shaping with tc command of iproute2. With NATMAP our internal (Say)192.168.1.X class is mapped with routable 172.16.1.X class. We can successfully implement traffic shaping on either upload or download. We are using "red" scheduling and "fw" filter classifier for this. # /sbin/iptables -t nat -A PREROUTING -d 192.168.1.0/24 -j NETMAP \ --to 172.16.1.0/24 # /sbin/iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j NETMAP \ --to 192.168.1.0/24 To restrict Downloads: # /sbin/iptables ?t mangle ?I PREROUTING ?d 172.16.1.57 ?j MARK --set-mark 57 # /sbin/tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000 cell 8 # /sbin/tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit \ rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000 # /sbin/tc class add dev eth0 parent 10:1 classid 10:010 cbq bandwidth 100Mbit \ rate 120Kbit allot 1514 cell 8 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded # /sbin/tc qdisc add dev eth0 parent 10:10 red max 12288 min 6100 limit 12288 \ avpkt 1000 burst 12 # /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 100 handle 57 fw classid 10:10 To restrict Uploads: # /sbin/iptables ?t mangle ?I PREROUTING ?s 192.168.1.57 ?j MARK --set-mark 57 # /sbin/tc qdisc add dev eth1 root handle 11: cbq bandwidth 100Mbit avpkt 1000 cell 8 # /sbin/tc class add dev eth1 parent 11:0 classid 11:1 cbq bandwidth 100Mbit \ rate 100Mbit allot 1514 cell 8 weight 10Mbit prio 8 maxburst 20 avpkt 1000 # /sbin/tc class add dev eth1 parent 11:1 classid 11:010 cbq bandwidth 100Mbit \ rate 120Kbit allot 1514 cell 8 weight 12Kbit prio 5 maxburst 20 avpkt 1000 bounded # /sbin/tc qdisc add dev eth1 parent 11:010 red max 12288 min 6100 limit 12288 \ avpkt 1000 burst 12 # /sbin/tc filter add dev eth1 parent 11:0 protocol ip prio 100 handle 57 fw classid 11:10 Though in Advance-Routing-HOWTO Section 9.1 its clearly stated that "With queueing we determine the way in which data is sent. It is important to realise that we can only shape data that we transmit". I wanted to work on setup someting describe below. Now instead of this 12Kbytes for individual upload and download; I want let user have total 12Kbytes; and sum of upload and download should not be more then this 12Kbytes. Is there any way to implementing traffic shaping over "from and to" an IP say 192.168.1.1? We did a little with "u32" classifier too. in that "match ip src" seems not work and/or work only while downloads and "match ip dst" works with uploads. Thanks for any support or hints. I'd like to even go for any beta-developmet going on this issue. Regards, -- Sumit