> That's right, you have configured hashing based on src/dst address + > src/dst port + protocol, which is almost classical SFQ hash. In your > case you should try only nfct-src, which will create queues per source > IP and service these queues fairly within htb class. Thanks, that makes perfect sense now. I have to admit I didn't really understand the rules I was writing! I have tried it with just nfct-src for the ppp0 device going from the server to the internet, and nfct-dst for the eth0 device going to the individual machines. This seems to work a lot more as I would expect. Thanks, Andy Beverley -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html