Hi, The machine has two ethernet interfaces: eth0 and eth1. My LAN is connected to eth0. The eth1 port is connected to a hub with two Internet routers. eth1 has two IP addresses, one for each router. Dynamic routing (or some other complex routing mechanism) is used. NAT is not used. It is not possible to change the hardware. I want to configure traffic shaping. But it is not supported to attach a qdisc to a virtual interface (or in other words to attach a separate qdisc to each one of the two external Ips that are defined on the WAN NIC). So far this seems to be impossible. Thanks for your help, Aron -----Original Message----- From: Martin A. Brown [mailto:mabrown-lartc@securepipe.com] Sent: Wednesday, February 04, 2004 4:34 AM To: Aron Brand Cc: lartc@mailman.ds9a.nl Subject: RE: [LARTC] RE: LARTC digest, Vol 1 #1564 - 6 msgs Aron, I do not understand your network. In a prior note, I thought I understood that you had multiple serial (T1) interfaces. If you have multiple interfaces, then your statement about having "one physical WAN interface" is misleading. You may have only one T1 card (physical device), with several logical interfaces (for example, wan0, wan1 ...), which is not an uncommon configuration. Anyway, I don''t understand your network, so cannot help. Please give "ip addr" and a small ASCII netmap. : The scenario I am working on is the second one - there is one internal : network and two ISPs. Then you have two WAN interfaces? : How can I do fwmark based on the outgoing interface? iptables -t mangle -A POSTROUTING -o wan0 -j MARK --set-mark $wan0_mark iptables -t mangle -A POSTROUTING -o wan1 -j MARK --set-mark $wan1_mark : Remember that there is just one physical WAN interface, with two IP : addresses. Is it possible to fwmark somehow based on the routing : decision? I''m not sure. Maybe somebody else can pick up that question. It''s certainly possible to use -j ROUTE based on the fwmark, though [0]. I don''t really think that will be required in your situation, but I won''t know until I understand your network better. Best of luck, -Martin [0] http://netfilter.gnumonks.org/documentation/pomlist/pom-extra.html#ROUTE -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/