'VoIP Queuing Issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    VoIP Queuing Issues
From:       "Charles C. Hocker" <chocker () drbs ! com>
Date:       2005-11-29 17:56:32
Message-ID: 491D9E2503E47D479FD1124DB858281A028EB8 () drbs-sbs ! DRBS ! Local
[Download RAW message or body]

Hello,

I have the following pf rule set for my firewall and am having 
trouble queuing the VoIP.

I am running a LinkSys VoIP router on the inside of the firewall.


When I check the status of pf with pftop, I can see
packets routed through the std_out, dns_out, and the tcp_ack_out
queues.  It appears that all VoIP traffic is being routed
through the std_out queue.

Charles

p.s.  Since the VoIP router is on the inside of the firewall,
I have verified that there is an active connection
using UDP 5061 from the firewall out.

#---------------------------------------------------
#
#	MACROS
#
#---------------------------------------------------

ExtIF	    = "tun0"
IntIF	    = "xl0"
IntNet      = "10.0.1.0/24"

ssh_ports   = "{ 22 2022 }"
im_ports    = "{ 1863 5190 5222 }"
voip_ports  = "{ 5060 5061 10000:20000 }"

UpLoad      = "768Kb"
DownLoad    = "5.0Mb"
voip_bw     = "256Kb"

#----------------------------------------------------
#
#	SCRUB
#
#----------------------------------------------------

scrub in all

#----------------------------------------------------
#
#	QUEUEING
#
#----------------------------------------------------

altq on $ExtIF priq bandwidth $UpLoad queue { std_out, ssh_im_out,
dns_out, \
        tcp_ack_out, netstream_out, voip_out }

queue std_out         priq(default)
queue ssh_im_out      priority 3 priq
queue dns_out         priority 4 priq
queue voip_out	    priority 6 priq
queue tcp_ack_out     priority 7 priq

#--------------------------------------------------------------
#
#	TRANSLATIONS
#
#--------------------------------------------------------------

nat on $ExtIF from $IntIF:network to any -> ($ExtIF)

#--------------------------------------------------------------
#
#	FILTER RULES
#
#--------------------------------------------------------------

block in  log on $ExtIF all
block out log on $ExtIF all

pass  out quick on $ExtIF inet proto udp from any port $voip_ports \
	to any keep state queue voip_out

pass  out on $ExtIF inet proto tcp from any to any flags S/SA \
        keep state queue(std_out, tcp_ack_out)

pass  out on $ExtIF inet proto { udp icmp } from any to any keep state

pass  out on $ExtIF inet proto { tcp udp } from any to any port domain \
        keep state queue dns_out

pass  out on $ExtIF inet proto tcp from any to any port $ssh_ports \
        flags S/SA keep state queue(std_out, ssh_im_out)

pass  out on $ExtIF inet proto tcp from any to any port $im_ports \
        flags S/SA keep state queue(ssh_im_out, tcp_ack_out)

pass  in log quick on $ExtIF inet proto tcp from any to $ExtIF \
	port $ssh_ports flags S/SA keep state
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic