do you have two nics? the 2megas internet is eth0 right? so you are tc'ing packets going out of interface eth0. paquets are comming from eth1 for example? in such case you coutlf -t mangle -I PREROUTING -i eth1 -j MARK --set-mark {1|2|4|} ?? so packets going from internal (eth1) going out (eth0) are previusly marked. im pretty sure about this. hope it helps, good luck. Quoting Ratel <ratel@xxxxxxxx>: > Hi, > > I have some interesting problem with htb , I set up root class and > sub-classess: > > $TC qdisc add dev eth0 root handle 1: htb > $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil 2000kbit > $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit ceil 200kbit > $TC class add dev eth0 parent 1:1 classid 1:11 htb rate 1400kbit ceil > 1600kbit > $TC class add dev eth0 parent 1:1 classid 1:12 htb rate 1000kbit ceil > 1500kbit > $TC class add dev eth0 parent 1:1 classid 1:13 htb rate 1000kbit ceil > 1500kbit > $TC class add dev eth0 parent 1:1 classid 1:14 htb rate 1000kbit ceil > 1200kbit > > , filters and queuing disciplines : > #filter > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw flowid > 1:10 classid 1:10 > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 3 fw flowid > 1:11 classid 1:11 > $TC filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw flowid > 1:12 classid 1:12 > $TC filter add dev eth0 protocol ip parent 1:0 prio 3 handle 5 fw flowid > 1:13 classid 1:13 > $TC filter add dev eth0 protocol ip parent 1:0 prio 1 handle 6 fw flowid > 1:14 classid 1:14 > (note the packet marking classifier) > > adequate lines from firewall script : > [...] > # ftp > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 21 -m state --state > NEW,ESTABLISHED -t mangle -j MARK --set-mark 3 > # ssh > $$IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 22 -m state --state > NEW,ESTABLISHED -t mangle -j MARK --set-mark 2 > # smtp > $IPTABLES -A FORWARD -p tcp -s 0/0 -d 0/0 --dport 25 -m state --state > NEW,ESTABLISHED -t mangle -j MARK --set-mark 4 > [...] > > #qdisc > $TC qdisc add dev eth0 parent 1:10 handle 20: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:11 handle 30: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:12 handle 40: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:13 handle 50: sfq perturb 10 > $TC qdisc add dev eth0 parent 1:14 handle 60: sfq perturb 10 > > the problem is - all the traffic goes only through root class '1:' > > #tc -s qdisc ls dev eth0 > qdisc sfq 60: quantum 1514b perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc pfifo 50: limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc pfifo 40: limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc pfifo 30: limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc pfifo 20: limit 5p > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc htb 1: r2q 10 default 0 direct_packets_stat 671 > Sent 392890 bytes 671 pkts (dropped 0, overlimits 0) > > > I'd be very grateful , if you could help me with this. > > thanks in advance. > > Ratel .at. aonet.pl > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >