On 1/19/07, Jim Duda <[EMAIL PROTECTED]> wrote: > David, > > Like this ? > > 1 $FW 0.0.0.0/0 udp 4569 > 1 $FW 0.0.0.0/0 tcp 4569 > 1 $FW 0.0.0.0/0 udp 5060 > 1 $FW 0.0.0.0/0 tcp 5060 > 2 $FW 0.0.0.0/0 icmp echo-request > 2 $FW 0.0.0.0/0 icmp echo-reply > 3 $FW 0.0.0.0/0 tcp 20 > 3 $FW 0.0.0.0/0 tcp 21 > 3 $FW 0.0.0.0/0 tcp 22 > 4 $FW 0.0.0.0./0 all - - - !0
Yes, and of course that's also documented in shorewall's traffic shaping page. > Jim > > David Mohr wrote: > > Hi, > > I can only point out one gotcha that I also ran into: > > > > On 1/19/07, Jim Duda <[EMAIL PROTECTED]> wrote: > > > >> I'm having troubles with my outbound VOIP connection. I'm convinced > >> that I don't have QOS/traffic shaping configured properly in my > >> shorewall linux firewall, which serves as my Asterisk VOIP server and > >> Internet router/gateway. I don't have a separate router box. I've been > >> > >> ... [cut] ... > >> > >> /etc/shorewall/tcrules: > >> 1 0.0.0.0/0 0.0.0.0/0 udp 4569 > >> 1 0.0.0.0/0 0.0.0.0/0 tcp 4569 > >> 1 0.0.0.0/0 0.0.0.0/0 udp 5060 > >> 1 0.0.0.0/0 0.0.0.0/0 tcp 5060 > >> 2 0.0.0.0/0 0.0.0.0/0 icmp echo-request > >> 2 0.0.0.0/0 0.0.0.0/0 icmp echo-reply > >> 3 0.0.0.0/0 0.0.0.0/0 tcp 20 > >> 3 0.0.0.0/0 0.0.0.0/0 tcp 21 > >> 3 0.0.0.0/0 0.0.0.0/0 tcp 22 > >> 4 0.0.0.0/0 0.0.0.0./0 all - - - !0 > >> > > > > Since the traffic originates on the firewall, you need to specify $FW > > as the source in tcrules, or it won't mark the traffic. > > > > Hope that helps! > > > > ~David ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
