Hi , this is the situation , I am using a Linux gateway to shape the outbound traffic coming from a LAN, configured ( for example ) as following ( using htb ): ETH0 ( public interface ) 1 ROOT class rate 10240 kbit, ceil 10240 2 LEAF class rate 8192, ceil 8192 3 LEAF class rate 2048 , ceil 2048 ETH1 ( LAN ) Then i define the following rules : tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle 0x10 fw flowid 1:2 tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle 0x20 fw flowid 1:3 And set the iptables rules to assign the fwmarks : /sbin/iptables -t mangle -F mygroup /sbin/iptables -t mangle -X mygroup /sbin/iptables -t mangle -N mygroup /sbin/iptables -t mangle -A FORWARD -i eth1 -o eth0 -j mygroup /sbin/iptables -t mangle -A mygroup -p tcp -m tcp --dport 80 -j MARK --set-mark 0x20 /sbin/iptables -t mangle -A mygroup -p tcp -m tcp --dport 80 -j RETURN /sbin/iptables -t mangle -A mygroup -j MARK --set-mark 0x10 /sbin/iptables -t mangle -A mygroup -j RETURN In theory , this should assign all packets with dest port 80 forwarded from eth1 to eth0 to the 0x20 class, and the rest to the 0x10 class. And it works, until i do something like this : iptables -t nat -A PREROUTING -p tcp --source 10.1.0.0/24 --dport 80 -j REDIRECT --to-ports 3128 to set up transparent proxy redirection to the local squid ( 10.1.0.0/24 is the subnet of eth1 ). The redirection works but no packets end up in the 0x20 class. Any way to shape even transparent-proxied traffic ? thanks, Enrico _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/