schmurtz@xxxxxxxxxxxxxxx writes: Hi again I'm not sure I made myself clear. Before using IMQ I was using ingress on ppp0 and egress on eth0 to police incoming traffic to the LAN. Now i'm using IMQ. I would like to do something like that: iptables -t mangle -A PREROUTING -j IMQ -i ppp0 iptables -t mangle -A FORWARD -i ppp0 -o eth0 -j MARK --set-mark 0x10 iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 0x10 -j IMQ but it's wrong, incoming traffic to my LAN is being queued twice to imq. Here is a simple example of what I would like to do: 2 htb classes bounded to imq0 (classid 1:10 and 1:20), i'd like to put incoming traffic destinated to the gateway in 1:10. And incoming traffic destinated to the NATed LAN in 1:20. Is there a way to correctly do that ? Is there anybody who understands me ? :-) > My setup is: > LAN --(eth0)-- GW/FW --(ppp0)-- Internet > How to distinguish incoming traffic to the gateway from the traffic to the LAN ? > I'm using 'iptables -t mangle -A PREROUTING -j IMQ -i ppp0' to send incoming traffic to imq0 > Now I would like to put incoming traffic to the gateway and incoming traffic to the lan in two different classes. > I tried 'iptables -t mangle -A POSTROUTING -o eth0 -m mark --mark 0x1 -j IMQ' and 'iptables -t mangle -A FORWARD -i ppp0 -o eth0 -j MARK --set-mark 0x1' > But it's wrong because the incoming traffic to the LAN goes twice to imq0. > Is there a way to do that correctly ? --
