[ previous ] [ next ] [ threads ]
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  "'Adam Nellemann'" <adam at nellemann dot nu>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Advanced traffic shaping
 Date:  Sun, 16 May 2004 22:16:08 +0200
> - How do you "reinject" packets? (I assume this can't be done through
> the webGUI? I further assume that "reinject" means "send through
> several queues/pipes"?)

Yes, at least that is what I meant. :) I have to admit that I haven't had
the time to research whether this is how things really work though, but I
hope it is. The text "the first rule that matches a packet will be executed"
might be misleading if this is the case.

> - Could you please specify your heigh weight rules (I think I've got
> the ACKs down, but I'm unsure about DNS?)

I'm currently only running this on the outgoing traffic (since my DSL is
2500/768kbit). But the rules I have is:

- Outgoing TCP packets size 0-80 with ACK flag (to speed up downloading)
- Outgoing ICMP packets (makes the measurements a little more exact)
- Outgoing UDP packets with destination port 53 (for the DNS queries)
- Outgoing UDP packets with source port 53 (to speed up queries to the NATed
dns server)
- Outgoing TCP packets with SYN flag with target port 80 or 443 (to speed up
web browsing)

All these are passed to a Queue with a weight of 9, and the final rule is a
"catch all" which passes the packets to a queue with a weight of 1.

> - I'm currently rejecting (not blocking) incomming SYN packets, is
> this wrong? (I was told this might improve performance in some
> circumstances?)

I'm currently sending RST (reject) to incoming packets to ports 113 (identd)
and 1080 (socks) since this speeds up connecting to services that check
these (i.e. IRC servers). Other uses might be if you're running a NATed *NIX
webserver to RST incoming ACK flags to destination port 80.

// Thomas Hertz