Hi all, I want to divide the incoming traffic between what should go to the firewall and what should be forwarded to the local network behind it. I started with the IMQ example config, but added an extra htb class right below "10:1" to get the two sfq's to borrow each other's bandwidth. However, I can't figure out how to set the two marks. According to this picture, taken from http://lartc.org/lartc.html, I thought I could set the marks in FORWARD and INPUT, but that didn't work at all. The traffic ends up in imq0 as it should, but only goes to the default class. Moving the '-j IMQ' to the INPUT and FORWARD tables didn't work either. What have I done wrong? +------------+ +---------+ +-------------+ Packet -| PREROUTING |--- routing-----| FORWARD |-------+-------| POSTROUTING |- Packets input +------------+ decision +---------+ | +-------------+ out | | +-------+ +--------+ | INPUT |---- Local process -| OUTPUT | +-------+ +--------+ iptables -t mangle -A INPUT -i $EXTERNAL_INTERFACE -p tcp -j MARK --set-mark 0x1 iptables -t mangle -A FORWARD -i $EXTERNAL_INTERFACE -p tcp -j MARK --set-mark 0x2 iptables -t mangle -A PREROUTING -i $EXTERNAL_INTERFACE -j IMQ /Basic
