[Shorewall-users] How to detect RTP traffic

[Christian Rößner]

Hi,

I am looking for a way to detect RTP traffic. Currently I asked some SIP 
providers to tell me their networks and set up some rules in tcrules. But I 
would like a more generic version, where I am provider independent.

My router is a border router and connects PPPoE customers with the internet. 
What I want to achieve is to detect SIP/RTP and do QoS/DSCP on these packets.

The default ploicy is to allow trafic between WAN and PPPoE and vice versa. All 
public IPs. No NATing.

This is, how I currently did it:


/params:
DWNET=193.239.104.0/22
SIPGATE1=217.10.64.0/20
SIPGATE2=217.116.117.0/24
SIPGATE3=212.9.32.0/19
EASYBELL=212.172.97.112/28


/tcrules:
COMMENT Copy connmark to packet mark
RESTORE/0x00FF:T \
                -               -               all
COMMENT VoIP SIP
DSCP(CS3):T     -               -               udp     5060:5076 \
                                                                -       -       
0x1
DSCP(CS3):T     -               -               udp     -       5060:5076 \
                                                                        -       
0x1
CONTINUE:T      -               -               udp     5060:5076 \
                                                                -       -       
0x1
CONTINUE:T      -               -               udp     -       5060:5076 \
                                                                        -       
0x1
COMMENT VoIP RTP
DSCP(CS5):T     -               -               udp     -       -       -       
0x1
CONTINUE:T      -               -               udp     -       -       -       
0x1
COMMENT Sipgate
0x1:T           $DWNET          $SIPGATE1       udp
COMMENT Sipgate
0x1:T           $DWNET          $SIPGATE2       udp
COMMENT Sipgate
0x1:T           $DWNET          $SIPGATE3       udp
COMMENT Easybell
0x1:T           $DWNET          $EASYBELL       udp
COMMENT
SAVE/0x00FF:T   -               -               udp     -       -       -       
0x1
CONTINUE:T      -               -               udp     -       -       -       
0x1
…


I tried to understand the use of „helpers“, but I did not get it to work. It 
seems, helpers are for NATed firewalls, are they? Can I also use it to detect 
the RTP packets somehow even if I am not NATing?

Can you help me fixing the above rules, so I am independent of 
Sipgate/Easybell? I guess SIP is always controlled over 5060UDP/TCP, is it?

I really spent a lot of time of googleing, but don’t know how to do things here.

I really would be happy, if someone could help me a bit :)

0x1 is a mark for a class for ppp-devices - fast, interactive traffic with tc 
hfsc.

Thanks a lot in advance

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

signature.asc
Description: Message signed with OpenPGP using GPGMail

------------------------------------------------------------------------------

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users