IMQ was the solution:

To install the IMQ Patch (from the FAQ):

you don't want to compile iptables: (no, you don't) Get the combo patch and the precompiled shared libs matching your iptables version (iptables -V).

# cd /usr/src/linux # patch -p1 <../imq-2.4.18.diff-combo-6 -- find where iptables keeps its shared libraries (/lib/iptables and /usr/lib/iptables is common) -- # tar xvzf libipt_IMQ-1.2.6a.tar.gz -C /lib/iptables

this is common for both methods: # cd /usr/src/linux # make menuconfig

You will have three new options: Networking options ---> IP: Netfilter Configuration --->IMQ target support Networking options ---> IPv6: Netfilter Configuration --->IMQ target support Network device support --->IMQ (intermediate queueing device) support

Choose at least one of the targets and the device itself. Netfilter debugging should be turned off, otherwise cou get lots of annoying messages.

# make dep modules bzImage modules_install

Here's my .config file that I used to compile my kernel. It's a pretty stock 2.4.20 kernel, patched with the IMQ patch, as noted here: http:// attachment:config-2.4.20-imq