Re: PF/ALTQ/Bridge Question

2007-11-15 Thread Lord Sporkton 
May i ask why you are using a bridge between ISP and OpenBSD firewall?
why not just implement QoS on the firewall if its OpenBSD anyway?

Have you verified ports for your voip? it looks like you are expecting
your outbound voip connection to be connection control=5060 and
media=1-2, i usually dont see that sort of uniformity on
clients behind nat(assumeing your clients are behind nat)

Hope that helps


On 07/11/2007, Michael Siers [EMAIL PROTECTED] wrote:
 Hi,
 I have a group of static ips and on one of my static ips I am running
 an OpenBSD 4.2 firewall with pf using nat and altq.  Behind the OpenBSD
 firewall I have an asterisk server.

 So in order for me to implement QoS, I have set up a non-transparent
 bridge between my ISP router and the OpenBSD firewall.  Everything is
 working fine except I can not get my outgoing VOIP traffic to be placed
 onto the correct queue.

 Using pftop, I can see that packets are being passed out using the
 rules that specify the queue ovoip.  But if I look at the queue view
 inside pftop, no data was sent out using the queue.  The queue ivoip
 is being used for incoming traffic.  Below are my pf rules.

 
 WANIF=external bridge interface
 PUBIF=internal bridge interface (also has assigned static ip)
 PRIVIF=internal private network
 VOIP=private ip address for my asterisk server

 altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
 queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
 queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
 queue idata bandwidth 98% priority 2 hfsc(default)

 altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
 queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
 queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
 queue odata bandwidth 85% priority 3 hfsc(default)

 nat on $PUBIF from $PRIVIF:network to any - $PUBIF:0

 block in all
 pass out all
 pass in on $WANIF from any to $PUBIF:network
 pass in on $PUBIF from $PUBIF:network to any
 pass in on $PRIVIF

 pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
 pass in quick on $PUBIF proto udp from any to any port {5060:5063,
 1:2} queue ivoip
 pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
 pass in quick proto udp from $VOIP to any port {5060:5063,
 1:2} queue ovoip
 

 Does anyone have any ideas on how I can get this to work?  Any
 information or examples of pf/altq rules with a bridge would be
 greatly appreciated.

 Thanks,
 Mike Siers




-- 
-Lawrence
-Student ID 1028219

PF/ALTQ/Bridge Question

2007-11-07 Thread Michael Siers 
Hi,
I have a group of static ips and on one of my static ips I am running
an OpenBSD 4.2 firewall with pf using nat and altq.  Behind the OpenBSD
firewall I have an asterisk server.

So in order for me to implement QoS, I have set up a non-transparent
bridge between my ISP router and the OpenBSD firewall.  Everything is
working fine except I can not get my outgoing VOIP traffic to be placed
onto the correct queue.

Using pftop, I can see that packets are being passed out using the
rules that specify the queue ovoip.  But if I look at the queue view
inside pftop, no data was sent out using the queue.  The queue ivoip
is being used for incoming traffic.  Below are my pf rules.


WANIF=external bridge interface
PUBIF=internal bridge interface (also has assigned static ip)
PRIVIF=internal private network
VOIP=private ip address for my asterisk server

altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
queue idata bandwidth 98% priority 2 hfsc(default)

altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
queue odata bandwidth 85% priority 3 hfsc(default)

nat on $PUBIF from $PRIVIF:network to any - $PUBIF:0

block in all
pass out all
pass in on $WANIF from any to $PUBIF:network
pass in on $PUBIF from $PUBIF:network to any
pass in on $PRIVIF

pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
pass in quick on $PUBIF proto udp from any to any port {5060:5063,
1:2} queue ivoip
pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
pass in quick proto udp from $VOIP to any port {5060:5063,
1:2} queue ovoip


Does anyone have any ideas on how I can get this to work?  Any
information or examples of pf/altq rules with a bridge would be
greatly appreciated.

Thanks,
Mike Siers