Hi, all: I have been used HTB Queue within netfilter bridge environment over two year and It''s working fine. Very thank for htb writer Martin Devera and experience share with Stef Coene... :) Last week I helped my friend to setup box that use nf-bridge + htb with 512/64Kbit ADSL. When I use two polciy to limit the bandwith and use ceil to share bandwith. The rate and ceil parameter can not work according to setting. I only test the download rule. Rule 1: Http download have 384Kbit rate and 512Kbit ceil. Rule 2: Ftp download have 64Kbit rate and 512Kbit ceil. Default rule: download have 64Kbit rate and 512Kbit ceil. When I start ftp session to download one file, bandwith can be about 500kbit. But when I start another http session to download file(ftp seeion still on). The http session only get 266Kbps bandwith and ftp session rate down to 167Kbps or sometime ftp will get more bandwidth. Why http session can''t get the 384Kbit rate? In my enviroment (nat box + bridge qos), the ceil setting can work. The only different between me and my friend is the nat gateway. I was using linux be nat gateway and my firend using normally IP Sharing router. PS: We also use same ISP. To found out why, I have done some experiment that remove my friend''s nat router and only use nf-bridge + htb to test those tc rule. It the same. The orign kernel is 2.4.18 + htb2 + nf-bridge-0.0.8. Even though I change to linux-2.4.21 + htb3 + nf-bridge-0.0.9. It also the same result. If I change test enviroment to local ethernet network,it can work again. In my guess, may be it is dsl problem. But if have linux nat router before bridge box, htb queue will be work. It''s a little strange... :( Of course, I can use nat + htb in same box to solve the problem. But may be to understand to reason will be good. Have someone talk me. Does other some reason will cause this situation or have some method to solve this problem? Thank''s for your advise. The tc rule and qdisc show are list below: Wan nic is eth0, Lan nic is eth1. The test client ip address is 192.168.1.10. /sbin/tc qdisc del dev eth0 root /sbin/tc qdisc add dev eth0 root handle 10:0 htb r2q 10 default ffff /sbin/tc class add dev eth0 parent 10:0 classid 10:1 htb rate 64kbit ceil 64kbit /sbin/tc class add dev eth0 parent 10:1 classid 10:ffff htb rate 12kbit ceil 64kbit prio 3 /sbin/tc qdisc add dev eth0 parent 10:ffff handle ffff:0 sfq perturb 10 /sbin/tc class add dev eth0 parent 10:1 classid 10:2 htb rate 36kbit ceil 64kbit prio 1 /sbin/tc qdisc add dev eth0 parent 10:2 handle 22:0 sfq perturb 10 /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 1 handle 2 fw classid 10:2 /sbin/tc class add dev eth0 parent 10:1 classid 10:4 htb rate 16kbit ceil 64kbit prio 2 /sbin/tc qdisc add dev eth0 parent 10:4 handle 24:0 sfq perturb 10 /sbin/tc filter add dev eth0 parent 10:0 protocol ip prio 2 handle 4 fw classid 10:4 /sbin/tc qdisc del dev eth1 root /sbin/tc qdisc add dev eth1 root handle 10:0 htb r2q 10 default ffff /sbin/tc class add dev eth1 parent 10:0 classid 10:1 htb rate 512kbit ceil 512kbit /sbin/tc class add dev eth1 parent 10:1 classid 10:ffff htb rate 64kbit ceil 512kbit prio 3 /sbin/tc qdisc add dev eth1 parent 10:ffff handle ffff:0 sfq perturb 10 /sbin/tc class add dev eth1 parent 10:1 classid 10:3 htb rate 384kbit ceil 512kbit prio 1 /sbin/tc qdisc add dev eth1 parent 10:3 handle 23:0 sfq perturb 10 /sbin/tc filter add dev eth1 parent 10:0 protocol ip prio 2 handle 3 fw classid 10:3 /sbin/tc class add dev eth1 parent 10:1 classid 10:5 htb rate 64kbit ceil 512kbit prio 2 /sbin/tc qdisc add dev eth1 parent 10:5 handle 25:0 sfq perturb 10 /sbin/tc filter add dev eth1 parent 10:0 protocol ip prio 2 handle 5 fw classid 10:5 /sbin/iptables -I PREROUTING -t mangle -p tcp -s 192.168.1.10 -m mport --ports 80 -j MARK --set-mark 2 /sbin/iptables -I PREROUTING -t mangle -p tcp -d 192.168.1.10 -m mport --ports 80 -j MARK --set-mark 3 /sbin/iptables -I PREROUTING -t mangle -p all -s 192.168.1.10 -m helper --helper ftp -j MARK --set-mark 4 /sbin/iptables -I PREROUTING -t mangle -p all -d 192.168.1.10 -m helper --helper ftp -j MARK --set-mark 5 ###### iptables mark rule list ###### Chain PREROUTING (policy ACCEPT 9102 packets, 259K bytes) pkts bytes target prot opt in out source destination 10117 15M MARK all -- * * 0.0.0.0/0 192.168.1.10 helper match "ftp" MARK set 0x5 7172 392K MARK all -- * * 192.168.1.10 0.0.0.0/0 helper match "ftp" MARK set 0x4 26520 40M MARK tcp -- * * 0.0.0.0/0 192.168.1.10 mport ports 80 MARK set 0x3 18545 796K MARK tcp -- * * 192.168.1.10 0.0.0.0/0 mport ports 80 MARK set 0x2 ###### /sbin/tc -s -d qdisc show dev eth0 ###### class htb 10:ffff parent 10:1 leaf ffff: prio 3 rate 12Kbit ceil 64Kbit burst 1614b/8 mpu 0b cburst 1680b/8 mpu 0b quantum 153 level 0 Sent 7372729 bytes 61380 pkts (dropped 158729, overlimits 58778) rate 5bps lended: 12217 borrowed: 49163 giants: 0 injects: 0 tokens: 831467 ctokens: 162500 class htb 10:1 root prio 0 rate 64Kbit ceil 64Kbit burst 1680b/8 mpu 0b cburst 1680b/8 mpu 0b quantum 819 level 3 Sent 9345277 bytes 78138 pkts (dropped 0, overlimits 0) rate 1603bps 25pps lended: 49163 borrowed: 0 giants: 0 injects: 0 tokens: 163300 ctokens: 163300 class htb 10:2 parent 10:1 leaf 22: prio 1 rate 36Kbit ceil 64Kbit burst 1645b/8 mpu 0b cburst 1680b/8 mpu 0b quantum 460 level 0 Sent 403214 bytes 7034 pkts (dropped 0, overlimits 0) rate 736bps 13pps lended: 7034 borrowed: 0 giants: 0 injects: 0 tokens: 284089 ##### /sbin/tc -s -d qdisc show dev eth1 ###### class htb 10:ffff parent 10:1 leaf ffff: prio 3 rate 64Kbit ceil 512Kbit burst 1680b/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 819 level 0 Sent 58166130 bytes 518222 pkts (dropped 1713, overlimits 482227) lended: 72484 borrowed: 445738 giants: 0 injects: 0 tokens: 162500 ctokens: 27488 class htb 10:1 root prio 0 rate 512Kbit ceil 512Kbit burst 2Kb/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 6553 level 3 Sent 98025731 bytes 544613 pkts (dropped 0, overlimits 0) rate 55148bps 36pps lended: 458124 borrowed: 0 giants: 0 injects: 0 tokens: 6773 ctokens: 6773 class htb 10:3 parent 10:1 leaf 23: prio 1 rate 384Kbit ceil 512Kbit burst 2Kb/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 4915 level 0 Sent 16020166 bytes 10591 pkts (dropped 0, overlimits 8155) rate 266Kbit 22pps lended: 10323 borrowed: 268 giants: 0 injects: 0 tokens: 212 ctokens: 6773 class htb 10:5 parent 10:1 leaf 25: prio 2 rate 64Kbit ceil 512Kbit burst 1680b/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 819 level 0 Sent 23876440 bytes 15800 pkts (dropped 0, overlimits 1) rate 167Kbit 14pps lended: 3682 borrowed: 12118 giants: 0 injects: 0 tokens: -140306 ctokens: 6773 ##### /sbin/tc -s -d qdisc show dev eth1 ###### Again ###### class htb 10:ffff parent 10:1 leaf ffff: prio 3 rate 64Kbit ceil 512Kbit burst 1680b/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 819 level 0 Sent 58166256 bytes 518225 pkts (dropped 1713, overlimits 482227) lended: 72487 borrowed: 445738 giants: 0 injects: 0 tokens: 164100 ctokens: 27688 class htb 10:1 root prio 0 rate 512Kbit ceil 512Kbit burst 2Kb/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 6553 level 3 Sent 118164481 bytes 557926 pkts (dropped 0, overlimits 0) rate 430Kbit 36pps lended: 461746 borrowed: 0 giants: 0 injects: 0 tokens: 6773 ctokens: 6773 class htb 10:3 parent 10:1 leaf 23: prio 1 rate 384Kbit ceil 512Kbit burst 2Kb/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 4915 level 0 Sent 28120752 bytes 18590 pkts (dropped 0, overlimits 8155) rate 28117bps 18pps lended: 18183 borrowed: 407 giants: 0 injects: 0 tokens: 212 ctokens: 6773 class htb 10:5 parent 10:1 leaf 25: prio 2 rate 64Kbit ceil 512Kbit burst 1680b/8 mpu 0b cburst 2Kb/8 mpu 0b quantum 819 level 0 Sent 31914478 bytes 21111 pkts (dropped 0, overlimits 1) rate 26828bps 17pps lended: 5510 borrowed: 15601 giants: 0 injects: 0 tokens: -115091 ctokens: 9288 Regards, Matt.