Alohá LeVA wrote:
Hi! I have this setup now:
[...]
Now the 128kbit/sec restriction doesn't apply to the internet uploads (which are marked with iptables, because these are going thru the router), but the LAN uploads are at full speed. What am I doing wrong?
Sorry, that was my mistake, but since the final destination of the packets is the internet and not the router itself, with this setup for the MARK target You shape only the traffic with the endpoint router ~:-/
So for Your situation You want to do something inverse, likeiptables -t mangle -A PREROUTING -d ! <network LAN, i.e. 192.168.1.0/24> -j MARK --set-mark 1
which marks all packets who's destination is *not* the LAN. sorry about the screwup best regards MartinP.S.: Is that a p2p-client are You trying to shape btw? There's also a good IP blacklist generator at http://www.bluetack.co.uk but be careful, those lists easily get huge and take forever to load ;-)