Hi. I think, I have quite common configuration on my firwall: eth0 - to provider (1Mbps) (imq0 attached on prerouting) eth1 - local network (100Mbps) (private IPs) - users with certain priorities eth2 - DMZ (100Mbps) (public IPs) I''m trying to set up traffic shaping that would give both networks (local and DMZ) 512kbps for connection to/from the Internet and unlimited traffic between them (local <-> DMZ) while still managing same priorities for the local users (some of them should have ''better'' service then others within the 512kbps limit). The problem I cannot overcome is the NAT - packets enter imq0 have public IP so I can''t distinguish the local users packet is heading for. On the other hand if I try to shape them on eth1 I will have to create a class with 100Mbps throughput and then a subclass with 512kbps which seems very ''unelegant'' solution to me. Is there any other way to shape in that kind of situation? best regards przem _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/