Thanks for your suggestions. I have made the pipe a bit smaller (now 400kbps)
and made the modifications to the rules (passive ftp is disabled on the server
at the moment). It all works like a charm!
Great stuff, thanks,
PS: I included the list, so people will find the answer in the archives later
Quoting Manuel Kasper <mk at neon1 dot net>:
On 14.01.2004, at 12:25, Michel Schilthuizen wrote:
> Can anyone look at the config below and help me out?
Hmm, looks pretty much OK, but have you got substantial amounts of
non-TCP traffic? I'd change the last "catch-all" rule to protocol "any"
and not just TCP, as with your current setup, non-TCP traffic will not
be accounted for in the pipe, so it is possible that the modem buffers
still become full. Try decreasing the pipe's bandwidth too.
I'd always use a separate rule for SSH traffic, as it won't hit your
ACK prio rule because SSH packets are typically 100 bytes or more, and
you probably still want SSH to be more important than e.g. web
browsing. Also, I'm not sure if your FTP traffic limit rule works - it
most likely won't for passive FTP connections (dynamic port on the
server's side, and almost definitely not 20).