Dear list members, I am certainly sure that this question has already been answered somehow, somewhere but unfortunately the internet is so big these days I need days to check for the right information... I am the administrator for a large company and I want to impose some bandwidth management rules to my internal PC's as far as the internet is concerned. My linux box acts as a firewall & traffic controller. I am running the latest kernel & iproute (with dsmark & htb). All the internal clients go through a proxy (squid) unning on the same machine as the firewall and tc. No discrimination so far for my bosses PC's (i.e. they use squid as well). Now, what I want is described with the following simple rules: 1. When my boss is using the internet (either directly or through the proxy) he should get priority over all other internal users. In other words, as long as he has packets to send, no one else should be allowed to transmit (or receive, if possible). 2. The rest of the machines should belong to one of two groups borrowing from each other: ones with access to the 80% of the bandwidth and the others to the 60% of the bandwidth. If both groups send too much data then the allocation should be in respect to these percentages. 3. Lastly the usual LARTC low latency rules should apply for all the above. My questions are: can these rules be achieved with linux traffic control? Can I have rules for packets going *out* of the proxy based on relevant information for packets going *in* the proxy? i.e. can I mark a packet and have squid preserve the marking for his own generated packets? Should I impose the above rules on both interfaces (internal-external) for my linux box? Are there any examples for configurations like these? Something to be used as a starting block? Thank you very much, George. __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com