[LARTC] beginner question about imq

[Szálka Tamás]

Hi!

I have to make a firewall which guarantees bandwidth to several clients 
(both upstream and downstream should be limitied). It has three interfaces, 
eth0 facing to the internet, eth1 to local network with several ip 
addresses (different subnets) and eth2 to dmz (webserver). Egress traffic 
is ok, I set up the tc rules to eth0 and the upstream limiting is fine. But 
I have to manage bandwidth of downloading too.
While eth0 has one public ip address, the firewall does masquerading to the 
local subnets (with local ip ranges). So should I set up an imq device on 
eth1 with iptables mangle through the prerouting chain to do traffic 
shaping to the subnets? In this case the packets arrive to eth1 already 
masqueraded (am I right?) and I can limit the ingress traffic of local 
adresses. Or should I use the imq on eth0? Doesn't it bothers egress 
shaping? I'm confused a little bit... :-s
Can you help me?

Thanks
Tom