Hi, We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (i.e- subnet is 255.255.255.248). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well. pls see below for installed pkgs. [root at firebox ~]# rpm -qa |grep iptables iptables-1.2.11-3.1.RHEL4 [root at firebox ~]# rpm -qa |grep iproute iproute-2.6.9-3.EL4.3.centos4 This firewall has 3 ethernet cards at the moment. one is connected to router. one is connected to our DMZ zone. one is connected to LAN1. These are ips of the firewall. eth0 (internet) - 1.2.3.4/255.255.255.248 (pls assume it. For security reason, I will not give you the actual ip) eth1 (DMZ Zone) - 192.168.100.254/255.255.255.0 eth2 (LAN1) - 192.168.101.254/255.255.255.0 Now, everyone in LAN1 has access to internet. (due to SNAT rule) Now, I want to install another ethernet card to this firewall. then, it would be eth3. eth3 will be as follows. eth3 (LAN2) - 192.168.102.254/255.255.255.0 Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet access to them. But, I do not want them to use my whole bandwidth (i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate 64 kbits/s(kilo bits per second) for their internert access. Is it possible to acheive this task on firewall running iptables and iproute2 (CentOS 4.5) ? If so, How can I do such thing? If I do such thing, what will happen to the people behind LAN1 ? Will they get whole 256 kbits/s as before or will they get 256 kbit/s - 64 kbit/s for their internet access? Hope to hear form you. -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070802/dbaefc26/attachment-0003.html>