[clug] Set TCP window size for specific incoming protocols?

Andrew Smith andrew at coolchilli.com
Tue Sep 16 22:21:59 EST 2003

> I have a firewall with a slow connection. I would like to limit the rate
> at which incoming packets for FTP hit the ISP side of my firewall. Because
> these packets are coming from the ISP, it strikes me that what I really
> want to do is set a relatively small size for the TCP window for these
> connections.

Small window sizes are a great way to shove traffic down a tiny (esp.
error prone) pipe, but aren't a guarantee that traffic will be delivered

>Does anyone have pointers on how to do this? I've had a look with google,
>and can see anything relevant, and the iptables man page (which is
>probably the wrong tool) doesn't seem to have anything either.

The QoS solution is really the way to go, even though it's scary and
decent doco is rare.  Rate limiting (qdisc) the ACK's will control the
delivery of data in, kind of a fudge.  You may want to rate limit outbound
traffic too.  Remember though that you want to limit the data socket (port
20 from the server).  Commands such as tc, ip rule, ip route and iptables
are all players.

"Policy Routing with Linux" (SAMS) has been my bible of late, not a bad
reference either.  I've had great success optimizing DSL links,
particularly important as the link layer doesn't have flow control such as
in serial links.

Good luck

More information about the linux mailing list