Hi list, I have read the lartc 9th chapter, the bandwidth management part. I think I understand the principle, but I have a question. So I have a firewall that has several different interfaces. The most important for my question is the Internet interface, which is a 2mbps leased line. I have an interface into the protected network, I have a DMZ interface, and I have an interface with direct connection to a client. Here is what I need: Internet -> DMZ + Internet -> LAN + Internet -> firewall traffic together should not exceed 1.5mbps At the moment I have a tbf, that limits everything that goes to the LAN, and another that limits everything going to the internet. I would like to shape the incoming traffic from the internet. OK, I understand that I cannot influence the senders out there not to try to send me packets, I can only influence how fast these packets are sent from me. But can I somehow treat all incoming traffic together? Because my knowledge at the moment is only some shaping possibilities on the LAN interface and on the DMZ interface. I have only one idea, but I don't know if it is feasible, and if it is, how to do that. So I thought that I will create a virtual interface, and route all traffic from the Internet through this one. So incoming on Internet interface, outgoing on virtual interface, and from there incoming on the firewall machine, or outgoing on the LAN or the DMZ interface. Does it sound good? How can I do that? (I suppose I have to read other chapters in the lartc guide. Could you point me out where to start? What to look for?) Or is there another solution? What would you recommend? Cheers, Gabor _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc