Hi List, Only signed up recently and posted the problem that we had with FWMARK. Got it solved, so if anyone has the same problem, maybe this could help : The problem with the (redhat) 2.4.20 kernel was that when doing ethernet bridging, packets seemed to bypass iptables rules, thus no marking occurs. Apparently there is a patch available to allow firewalling on the bridge but I didn''t bother to use it. Funny thing is that the kernel that comes with RH 7.3 actually does let bridged packets be filtered by iptables . We finally opted for the 2.6.0-test1 kernel and everything is working fine now. Iptables is marking the bridged packets, and tc is queuing them as the filters dictate. Just thought I''d share that. For limiting the ftp-outgoing involved a little of iptables sorcery. See, the problem is that we want to limit outgoing ftp to a particular ip range, but the ftp server actually sits on a webserver as well. So i tried these rules to mark the packets, looks like its working fine. If there is a better way to accomplish this, please let me know, cause I''m sure this isn''t the best way : target prot opt source destination MARK tcp -- 100.200.100.10 xxx.xxx.xxx.xxx state RELATED,ESTABLISHED MARK set 0x1 ## ftp marking rule MARK tcp -- anywhere anywhere tcp spt:http MARK set 0xa MARK udp -- anywhere anywhere udp spt:http MARK set 0xa 0x1 goes to the htb class where we limit the traffic 0xa just goes to an htb class with a sfq qdisc attached to it Everthing else also goes to the sfq by default So this works fine. FTP downloads from the limited range are limited nicely, and uploads of "new" files from that range is fast, just like it should be. The only thing is that when you upload from the range and overwrite files on the ftp server, it gets limited just like if you where doing a download. This is extremely odd to me and if anyone has any ideas of why this might happen please give me a shout. Regards, Cilliè _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/