Hi, Let say you have a proxy behind a firewall on your LAN. You use SNAT or MASQUERADING to give Internet access to your proxy. You also want to do some Qos (CBQ + U32) to shape traffic coming from the net to the proxy. The goal is to mark a packet returning from an exernal host to the proxy. The OUTPUT chain can not be used to mangle packets as they were not generated locally. The FORWARD and POSTROUTING chains cant be used with the mangle table. The PREROUTING chain offers no match as the packet is targetted at the SNAT IP. The problem is: I can not mark a packet in order to match a shaping class. Anyone has an idea on how to do the trick ? Any reason why the FORWARD chain cant be used with the mangle table ? Regards, Jeff