May i ask why you are using a bridge between ISP and OpenBSD firewall?
why not just implement QoS on the firewall if its OpenBSD anyway?
Have you verified ports for your voip? it looks like you are expecting
your outbound voip connection to be connection control=5060 and
media=10000-20000, i usually dont see that sort of uniformity on
clients behind nat(assumeing your clients are behind nat)
Hope that helps
On 07/11/2007, Michael Siers <[EMAIL PROTECTED]> wrote:
> Hi,
> I have a group of static ips and on one of my static ips I am running
> an OpenBSD 4.2 firewall with pf using nat and altq. Behind the OpenBSD
> firewall I have an asterisk server.
>
> So in order for me to implement QoS, I have set up a non-transparent
> bridge between my ISP router and the OpenBSD firewall. Everything is
> working fine except I can not get my outgoing VOIP traffic to be placed
> onto the correct queue.
>
> Using pftop, I can see that packets are being passed out using the
> rules that specify the queue "ovoip". But if I look at the queue view
> inside pftop, no data was sent out using the queue. The queue "ivoip"
> is being used for incoming traffic. Below are my pf rules.
>
> --------------------------------------------------------------------------------------------
> WANIF=external bridge interface
> PUBIF=internal bridge interface (also has assigned static ip)
> PRIVIF=internal private network
> VOIP=private ip address for my asterisk server
>
> altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
> queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
> queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
> queue idata bandwidth 98% priority 2 hfsc(default)
>
> altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
> queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
> queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
> queue odata bandwidth 85% priority 3 hfsc(default)
>
> nat on $PUBIF from $PRIVIF:network to any -> $PUBIF:0
>
> block in all
> pass out all
> pass in on $WANIF from any to $PUBIF:network
> pass in on $PUBIF from $PUBIF:network to any
> pass in on $PRIVIF
>
> pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
> pass in quick on $PUBIF proto udp from any to any port {5060:5063,
> 10000:20000} queue ivoip
> pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
> pass in quick proto udp from $VOIP to any port {5060:5063,
> 10000:20000} queue ovoip
> --------------------------------------------------------------------------------------------
>
> Does anyone have any ideas on how I can get this to work? Any
> information or examples of pf/altq rules with a bridge would be
> greatly appreciated.
>
> Thanks,
> Mike Siers
>
>
--
-Lawrence
-Student ID 1028219
