My Raspberry Pi 2 is configured as access point, working with the following iptables settings:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I'm using the Python binding of the libnetfilter_queue library.
I'm trying to make a rudimental Qos reading (with success) the source port of every packet I get (with the -j NFQUEUE --queue-num x rule), and depending on the packet sent from port 25, 80 or 5060 I may delay or send immediately the packet.
My question is: which of the last two rules should be applied to the NFQUEUE target?
Until now I only put packets in --queue-num from wlan0 to eth0, but I guess there is no need to apply the NFQUEUE target to the last rule too and monitoring packets from eth0 to wlan0...right?
If you are trying to QoS packets coming back from the internet servers (SMTP, HTTP, SIP), you'll want to NFQUEUE the 2nd rule. This will let you QoS packets coming in from eth0 (your wired interface) before they are sent out your wireless interface (wlan0).
If you want to QoS packets going both ways, you can do the same rule without the -i and -o flags, and then do your matching in userspace based on the results of the nfq_get_indev and nfq_get_outdev functions.
EDIT
I should add one more point.
The direction(s) you decide to QoS will depend on what you are attempting to obtain. If you want to make sure that all the packets your RPi is sending out its eth0 interface are not throttled by an upstream (ISP) router/modem, you should QoS the packets going from wlan0 to eth0. If you're more concerned about lowering the contention on your wireless side (ie. reducing retransmits), you should QoS the other direction (eth0 to wlan0).