1. Policy Routing The 2 rc scripts here contain examples on setting up policy routing when there are 2 interfaces on which traffic can go out. The rc.adsl script sets up the secodn interface to the internet and sets up policy routing. The rc.iptables script takes care of setting up default firewalling and setting up the NAT (ip masquerading) for the internal machines. These are just example scripts and should be edited for use in your environment. This is the first version of the scripts. I leave it up to you to add things like traffic shaping, limiting and DoS protection. This is the result of a all out frenzy to set it up and get it going in a day. So it may just be not completely accurate. The are even better examples and scripts at http://mirkk.kurd.nu/~monmotha/firewall/index.php For more information on Linux 2.4 routing capability's read the Linux 2.4 NAT HOWTO, Linux 2.4 Packet filtering HOWTO and the iproute2 command reference. The netfilter and iptables documentation and programs can be found at http://netfilter.samba.org/ The HOWTO's can be found in the "Rusty's Remarkably Unreliable Guides" section http://netfilter.samba.org/unreliable-guides/ The Advanced routing howto was also of help http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html 2. Traffic Shaping There is a kazaa_network_brake script here which might come in handy if you are having trouble with people filling the pipe with traffic and causing network congestion. This filter can slow down the downloads from entire subnets to a maximum set speed (at the main pipe) or possibly limit the speed per IP which might proof a more civil way to settle things. If you have a small pipe (relative to the clients) the default option of limiting the maximum amount of kazaa traffic passing over the link would be a good idea. This also gives the benefit that if it is calm the download speeds of the clients go up. It will be hard for the clients to detect they are being limited. If you have a large pipe (relative to the clients) the second option of limiting per IP is an option but people will notice faster. I have not given a example for this option but it is trivial. This came about after usage on of our networks gave network congestion and a near unusable internet connection. This is to allow the possibility of downloading without denying all traffic outright and still maintaing a usable link. That should be enough for now Seth Mos knuffie@xs4all.nl