> - How do you "reinject" packets? (I assume this can't be done through
> the webGUI? I further assume that "reinject" means "send through
> several queues/pipes"?)
Yes, at least that is what I meant. :) I have to admit that I haven't had
the time to research whether this is how things really work though, but I
hope it is. The text "the first rule that matches a packet will be executed"
might be misleading if this is the case.
> - Could you please specify your heigh weight rules (I think I've got
> the ACKs down, but I'm unsure about DNS?)
I'm currently only running this on the outgoing traffic (since my DSL is
2500/768kbit). But the rules I have is:
- Outgoing TCP packets size 0-80 with ACK flag (to speed up downloading)
- Outgoing ICMP packets (makes the measurements a little more exact)
- Outgoing UDP packets with destination port 53 (for the DNS queries)
- Outgoing UDP packets with source port 53 (to speed up queries to the NATed
- Outgoing TCP packets with SYN flag with target port 80 or 443 (to speed up
All these are passed to a Queue with a weight of 9, and the final rule is a
"catch all" which passes the packets to a queue with a weight of 1.
> - I'm currently rejecting (not blocking) incomming SYN packets, is
> this wrong? (I was told this might improve performance in some
I'm currently sending RST (reject) to incoming packets to ports 113 (identd)
and 1080 (socks) since this speeds up connecting to services that check
these (i.e. IRC servers). Other uses might be if you're running a NATed *NIX
webserver to RST incoming ACK flags to destination port 80.
// Thomas Hertz