[LARTC] Some questions concerning IPtables (& IMQ/SFQ)

["Nils Lichtenfeld" <Nils.Lichtenfeld@gmx.net>]

Hi there!

Some questions I couldn't find an answer for:
IPtables:
- Is it possible to filter those ACK-packets (to eleminate problems
with ADSL-connections) with IPtables? It wasn't possible with IPchains,
so u32 had to be used. Now there is this nice little --tcp-flags
option. But I just don't know if this is all I need. The u32 was
checking for packetsize too. So if there is a eqivalent to the u32
ACK-filterrule, what would it look like?

What I have found in the ML is this:
----
# Set ACK as prioritized traffic (ACK's are less than 100 bytes)
$IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j
MARK --set-mark 1
$IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j
RETURN
----

Wouldn't that apply on a lot more packets than only the ACK ones? What
is the exact specification of an ACK-packet?

- With IPchains it was possible to mark and return in one rule. Looking
at the example above this doesn't seem possible (two -j operators). Is
that right?

- Can I have for example one custom chain and have forward and output
send its packets to it?

- Is there a howto that explains -t mangel, -A PREROUTING/POSTROUTING
etc.? The only IPtables HowTo I have found is
http://www.telematik.informatik.uni-karlsruhe.de/lehre/seminare/LinuxSe
m/downloads/netfilter/iptables-HOWTO.html

- From Patricks' IMQ-page:
----
SFQ is very useful as a leaf qdisc. But by default, its internal queue
length is 128 which is too much for small classes or even for
not-so-fast links. Changing SFQ_DEPTH in net/sched/ sch_sfq.c to about
10-20 results in flows responding much faster to bandwidth changes.
----

Is that ment for SFQ in general or only in conjunction with IMQ?


Thank you.
Greetings, Nils

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/