Phil: I think that if you want to use your Netgear router, it should be the only router ... You should then run Astlinux in "PBX-only" mode ...
If you want to use Astlinux to provide routing and packet shaping, you certainly can do this ... Edit your rc.conf file (the one located at /mnt/kd, not the one located at /stat/etc) similar to this ... ------------------------------------------------------- Enable the external interface ------------------------------------------------------- ##External Interface ##The external interface has a fairly restrictive firewall when not in PBX ##only mode. See the Firewall section in this file for more details. EXTIF=eth0 <-(uncomment the EXTIF line, this defaults to DHCP client mode so it expects to get its IP address from your ISP; by default, EXTIF will be the first ETH that Linux sees, normally ETH0) ------------------------------------------------------- Provide internal networks ------------------------------------------------------- ##If you do not define the INTIF, I will not try to start one. ##If you do not define the INTIF, I will also not start the following services: ##dnsmasq iptables astshape (PBX only mode) ##PBX Only mode is enabled by default from 0.2.8.10 INTIF=eth1 <-(uncomment the INTIF, normally you would assign this one a "private" IP address something like below; INTIF will be the second ETH that Linux sees, normally ETH1) ##Internal IP address and netmask INTIP=192.168.1.1 INTNM=255.255.255.0 ##Additional "Internal" interfaces ##By default they will be brought up identically to INTIF. ##They will be able to access the AstLinux machine and go ##out via EXTIF, but routing between them is not permitted. INT2IF=eth2 <-(if you really want to do it, you can enable additional internal networks by enabling additional NIC's, this is the third ETH port) INT2IP=192.168.2.1 INT2NM=255.255.255.0 INT3IF=eth3 <-(if you really want to do it, you can enable additional internal networks by enabling additional NIC's, this is the fourth ETH port) INT3IP=192.168.3.1 INT3NM=255.255.255.0 ------------------------------------------------------- Things to keep in mind: So far, I have been unable to figure out how to get machines on INT2IF to see machines located on INTIF ... The firewall in Astlinux seems to assume that they are separate LAN's so does not create a "bridge" between them ... I am sure this could be overcome with a bit of research and fiddling but in the situations where I need this, I have other hardware doing the job so do not need Astlinux to do it ... Hence, I have not had a good a reason to fight with it ... Frankly, in the rather small environments that could be supported by the NET4801, I am not sure what advantage there would be to having more than just the external and internal network interfaces ... More internal network routes that this is normally only required in really large installations where you might be running departmental LAN's or such ... So I think you would normally only want to use two of your seven ports ... Your NET4801 has a rather modest processor ... I suspect that using this piece of hardware to support advanced routing/firewalling (more than 2 ports) is a bad idea ... If this was all you wanted it to do, I suspect it would be fine but asking it to do this plus support Asterisk, may be a bit over the top ... I think your NET4801 running the m0n0wall or maybe even pFsense would be a much better choice ... Then use another NET4801 or some other modest machine to run Astlinux in PBX-only mode ... I am successfully running a three port router/firewall with Asterisk under Astlinux on a couple mini-itx machines with 1GHz Via processors ... This seems to work fine even for fairly aggressive VoIP activity on an 8mb Cable ISP connection with 5 people beating the Internet to death ... The packet shaping in Astlinux works pretty well to make sure my voice activity gets priority over my wife's streaming video addition ... But I am not sure I would try to this complex an integration on a 266MHz machine ... Astlinux now has the Arno firewall available as an option ... The Arno firewall has much the same flexibility as m0n0wal or pFsense ... You just have to deal with it using cfg files rather than a web based interface ... I suspect that the Arno firewall could be setup to provide routing/firewalling and QoS quite nicely if you were willing to do the research and experimentation required to get it setup properly ... G.Hendershot -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil McKerracher Sent: Wednesday, January 03, 2007 4:28 PM To: [EMAIL PROTECTED] Subject: [Astlinux-users] Connecting topology Happy New Year everybody, and thanks for all your replies to my earlier query on this subject on the old mailing list. I've held off replying while I did a bit more research about using astlinux as a router, to avoid making a complete fool of myself in public. But I still don't understand it all, so here goes anyway. :-) I've got no problem with throttling my external connection to 90% of the available bandwidth to avoid queueing problems. Obviously it would be nice to have a system that copes with congestion without configuration, but I can live with it. I've discovered elsewhere that the net4801 won't cope with 100 Mbit/s ethernet routing (between PCs on my SoHo LAN) but should cope with my 4 Mbit/s internet connection OK. This is as I suspected, although it does make me wonder why my (much cheaper!) Netgear router copes with it all right - presumably it contains special hardware. This in turn makes me wonder whether the net4801 was a good choice of hardware for this sort of thing. Anyway, I think I can avoid all the speed problems by simply connecting my Netgear router downstream from the astlinux box, with my PCs connected to the router and my phones to the astlinux box. It's twice as much cable but what the heck. I'm a bit puzzled that PBX-only mode is now the default, since that implies no traffic shaping, which I would have thought would guarantee problems whenever a big download or upload was in progress. What do people do in this situation? Use a separate internet connection? Or a clever router? Anyway, I now want to enable the other ethernet ports on my box, and it's not obvious how to do this from reading rc.conf. My net4801 has seven ports (which now looks like a mistake). Assuming I was happy with slower speeds I still don't see how I can configure the unit to connect several phones or PCs to it. Is there a hidden assumption here that I'm missing, that an external router is always used? In PBX-only mode the phones connect to the EXTERNAL interface (the only one active by default), right? So the asterisk box is just another device on the internal LAN, rather than being physically connected between the phones and the external internet as I had assumed. If so, then I think I need to buy yet another router. :-( I hope this is all clear. Maybe a couple of diagrams would help: 1. This is how I originally expected to connect things: __________ | |----IP Phone INTERNET---| astlinux |----IP Phone ... | box |----Computer |__________|----Computer ... 2. I now think PBX-only mode is meant to be connected like this: ________ | Router |----IP Phone | |----IP Phone ... INTERNET---| | __________ | |---| astlinux | | | | box | |________| |__________| 3. And this is how I now think the PCs should be connected: ________ | Router |----IP Phone | |----IP Phone INTERNET---| | __________ ________ | |---| astlinux |----| Fast |----Computer | | | box | | Router |----Computer ... |________| |__________| |________| Does that make sense? -- Phil McKerracher www.mckerracher.net _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED] REMEMBER: AstLinux mailing lists are moving soon: http://sourceforge.net/mail/?group_id=170462 Please move any discussions ASAP! _______________________________________________ Astlinux-users mailing list [email protected] http://lists.kriscompanies.com/mailman/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED] REMEMBER: AstLinux mailing lists are moving soon: http://sourceforge.net/mail/?group_id=170462 Please move any discussions ASAP!
