PF/ALTQ/Bridge Question
Hi,
I have a group of static ips and on one of my static ips I am running
an OpenBSD 4.2 firewall with pf using nat and altq. Behind the OpenBSD
firewall I have an asterisk server.
So in order for me to implement QoS, I have set up a non-transparent
bridge between my ISP router and the OpenBSD firewall. Everything is
working fine except I can not get my outgoing VOIP traffic to be placed
onto the correct queue.
Using pftop, I can see that packets are being passed out using the
rules that specify the queue "ovoip". But if I look at the queue view
inside pftop, no data was sent out using the queue. The queue "ivoip"
is being used for incoming traffic. Below are my pf rules.
WANIF=external bridge interface
PUBIF=internal bridge interface (also has assigned static ip)
PRIVIF=internal private network
VOIP=private ip address for my asterisk server
altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
queue idata bandwidth 98% priority 2 hfsc(default)
altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
queue odata bandwidth 85% priority 3 hfsc(default)
nat on $PUBIF from $PRIVIF:network to any -> $PUBIF:0
block in all
pass out all
pass in on $WANIF from any to $PUBIF:network
pass in on $PUBIF from $PUBIF:network to any
pass in on $PRIVIF
pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
pass in quick on $PUBIF proto udp from any to any port {5060:5063,
1:2} queue ivoip
pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
pass in quick proto udp from $VOIP to any port {5060:5063,
1:2} queue ovoip
Does anyone have any ideas on how I can get this to work? Any
information or examples of pf/altq rules with a bridge would be
greatly appreciated.
Thanks,
Mike Siers
Raw Audio Question
Hi, I am running OpenBSD 4.1 with a SoundBlaster PCI 128 audio card. This card uses the "eap" driver. Does anyone have a recommended way and/or application that could directly play out the raw audio that is coming into card? Is this possible? I see in the FAQ there is a way to record input audio data to a file but I would just like to be able to listen to the raw audio stream without having to record it. Thanks in advance, Mike
Re: 3.9 Make Release Fails
Hi, Here is a little more information. After "make release" fails, I type in the following commands and get the output below the command: df -h /mnt === FileSystem SizeUsed Avail CapMount On /dev/svnd0a 1.7M 1.3M 338K 80% /mnt umount /mnt = umount: /mnt: not currently mounted. vnconfig -u vnd0 === vnconfig: /dev/rvnd0c: Device busy. On 5/19/06, Michael Siers <[EMAIL PROTECTED]> wrote: > > Hi, > Yes, I verified that /mnt is empty. Anything else you can think of that > I am doing wrong? > > Thanks, > Mike > > > On 5/19/06, Alexander Belikov <[EMAIL PROTECTED]> wrote: > > > > MS> Hi, > > MS> I have an i386 3.9 system and I am trying to do my own i386 > > release. I have > > > > MS> followed the FAQ directions for building the kernel and compiling > > the source > > MS> tree. > > MS> However, when I do the "make release" command, it runs for awhile > > and > > MS> then aborts on the "umount /mnt" command. > > > > Is your /mnt directory *empty* before you run "make release" > > > > -- > > Best regards, > > Alexandermailto: [EMAIL PROTECTED]
Re: 3.9 Make Release Fails
Hi, Yes, I verified that /mnt is empty. Anything else you can think of that I am doing wrong? Thanks, Mike On 5/19/06, Alexander Belikov <[EMAIL PROTECTED]> wrote: > > MS> Hi, > MS> I have an i386 3.9 system and I am trying to do my own i386 > release. I have > > MS> followed the FAQ directions for building the kernel and compiling the > source > MS> tree. > MS> However, when I do the "make release" command, it runs for awhile and > MS> then aborts on the "umount /mnt" command. > > Is your /mnt directory *empty* before you run "make release" > > -- > Best regards, > Alexandermailto:[EMAIL PROTECTED]
3.9 Make Release Fails
Hi, I have an i386 3.9 system and I am trying to do my own i386 release. I have followed the FAQ directions for building the kernel and compiling the source tree. However, when I do the "make release" command, it runs for awhile and then aborts on the "umount /mnt" command. It looks like the cdrom image file has been mounted on the svnd0 device and files have been copied to the /mnt location. The vnconfig command says the device is busy but for some reason the umount command is failing. I have tried this several times and I am just using the standard generic kernel. Any information on how I get past this problem would be greatly appreciated. Thanks, Mike
Increasing Maximum Number of Groups per User
Hi, I have an OpenBSD 3.8 system that I have reached the default maximum number of groups allowed per user (16). I need to increase this amount which I believe is controlled by the constant value NGROUPS_MAX in the sys/syslimits.h include file. So I have increased the NGROUPS_MAX value and rebuilt the kernel but it seems like this kernel has problems mounting the different hard drive partitiions. In order for me to increase the maximum number of groups allowed per user, do I also need to rebuild the "world"? Do I need to make any other changes beside NGROUPS_MAX? Or is there an alternative way to accomplish this? Any recommendations or procedures on how to do this would be greatly appreciated. Thanks Mike
