/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Alucard Lim <[EMAIL PROTECTED]> wrote:
>
> I have another guess but correct me if I'm wrong. For users like me
> that uses a dialup for ipmasq, bandwidth is easily eaten up while
> surfing or download stuff, and that causes the keep alive packs from
> icq.com to reach the machine much slower?
While this is certainly a possibility, I think it is a rather slim
possibility. Most of your bandwidth is eaten up in the "download"
direction, while there is still plenty of bandwidth in the "upload"
direction.
If you feel that you are having problems with packet scheduling, though,
you can try some output rules that modify the type-of-service bits to
perhaps allow the packets to be sent ahead of others. Here are some
rules that I use, but I have no idea what good they do for me:
# Use output rules to modify Type-Of-Service fields in some packets.
# -t 0x01 0x10 = Minimum Delay
# -t 0x01 0x08 = Maximum Throughput
# -t 0x01 0x04 = Maximum Reliability
# -t 0x01 0x02 = Minimum Cost
ipchains -A output -p tcp -d 0/0 21:23 -t 0x01 0x10
ipchains -A output -p tcp -d 0/0 80 -t 0x01 0x10
ipchains -A output -p tcp -d 0/0 20 -t 0x01 0x08
ipchains -A output -p tcp -s 0/0 80 -t 0x01 0x08
ipchains -A output -p tcp -d 0/0 119 -t 0x01 0x08
ipchains -A output -p udp -t 0x01 0x04
As you can see, I try to match the type-of-service to the protocol. The
last rule causes all UDP packets to be marked as "Maximum reliability",
but perhaps they should be marked "Minimum delay" if you feel they
aren't being sent soon enough.
> So why is the tcp timeout so much higher? Like 7200? What happens if
> I set it lower/higher?
Remember, the purpose of these timeouts is to prevent legitimate
connections, which just happen to be idle, from being forgotten, while
still allowing older, stale connections to be flushed to make room for
more. Connection ports are a limited resource.
So, a value like 7200 means that if you telnet to a site, then stop
typing for up to two hours, you will be able to resume your connection
and continue typing. But if you wait longer than that, your connection
will be dropped, and you will have to re-open it.
Since I do a lot of interactive work on my box, I set this to 14400
seconds (four hours). And even then, sometimes I get a connection
dropped. Oh well, that *is* a long time to not have either side report
anything to the other. :)
> And the number in between the two?
That is the timeout for continuing to masquerade a TCP connection that
has been closed. TCP specifications state that both sides of the
connection should continue to watch for packets for a full two minutes
after the connection has been closed. That would not be possible, if
the masq subsystem were to drop the connection immediately after it is
closed.
I set this value to 30 (seconds) on my system, as I don't think two
minutes is really how long it takes for all the stray packets to flush
their way out of the networks.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Good judgment comes from experience.
sometimes known as David DeSimone || Experience comes from bad judgment."
http://www.dallas.net/~fox/ || -- Life Lessons
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
