From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jonas Lindqvist" <69link@telia.com> Date: Wed, 17 Apr 2002 16:42:39 +0000 Subject: Re: [LARTC] A tc htb/iptables rate control script for ADSL Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org ----- Original Message ----- From: "alex" > # For outgoing packets we need to mark stuff > /sbin/iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK > --set-mark 1 > > /sbin/iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK > --set-mark 2 I'd also do like this: iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK --set-mark 1 iptables -t mangle -A to-dsl -p tcp --dport 22 -j RETURN iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 2 iptables -t mangle -A to-dsl -p tcp --dport 80 -j RETURN etc... Otherwise iptables will do the whole "to-dsl" list for every packet. In your case ot wouldn't matter except for some extra CPU usage. But if you would like to mark port 80 as bulk-traffic and ACK's as interactive traffic, then those port 80 ACK's could be marked as bulk which you wouldn't want it to. Which brings me to another subject :) If your DSL-connection have different bandwidth like 1mbit/128kbit then your download speed could be destroyed by huge queues in your uplink. I'd guess this would do the trick. # Set ACK as prioritized traffic (ACK's are less than 100 bytes) $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j MARK --set-mark 1 $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j RETURN (You could probably mark ACK's with --tcp-flags SYN,FIN,RST ACK. But I have not tested that yet.) They also mention this here: http://lartc.org/wondershaper/ /Jonas _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/