I've talked until blue in the face with those guys. The shaping is very broken. I like where they are going, but the coding is just not appealing "yet".
You can, however do rate limiting (cps) in both 1.2.3 and 2.0 for now based on destination port. That does a lot to help. On Wed, Apr 6, 2011 at 2:11 PM, Tony Graziano <tgrazi...@myitdepartment.net> wrote: > On Wed, Apr 6, 2011 at 2:05 PM, Tim Byng <t...@missioninc.com> wrote: >> Hi Tony, >> Thanks for the feedback. I thought you would be the one replying to this >> question. :) >> >> On Tue, Apr 5, 2011 at 5:02 PM, Tony Graziano <tgrazi...@myitdepartment.net> >> wrote: >>> >>> Your outbound nat type for the sip server should be Manual But not for the >>> whole subnet Which should be automatic. >> >> I think I understand what you're saying. I'm new to pfSense and was >> wondering if you wouldn't mind clearing up a couple of questions I have. >> First of all, here's how I originally set up pfSense: >> >> On the Firewall: NAT: Outbound page, I selected "Manual Outbound NAT rule >> generation (AON - Advanced Outbound NAT)" and clicked Save. Two Outbound NAT >> mappings were automatically added. >> I edited the "Auto created rule for LAN to WAN" mapping, selected Static >> Port and clicked Save. >> On the Firewall: NAT: Port Forward page, I added the required mappings and >> rules for sipXecs (this is pretty straight forward, so I will not go into >> the details). >> >> Based on your response, I believe I need to change steps one and two. Please >> let me know if this is correct: >> >> On the Firewall: NAT: Outbound page, ensure "Automatic outbound NAT rule >> generation (IPsec passthrough included)" is selected (i.e. don't change the >> default). >> Add an Outband NAT mapping, set the source to the sipXecs server and select >> Static Port. >> >> The available source types on an Outbound NAT mapping are "any" and >> "Network". I do not have my sipXecs box in a different subnet than the rest >> of my network (I only have a handful of phones and rarely add or replace >> phones). Can I set the source to just one IP address? Let's say my sipXecs >> box has an IP address of 192.168.1.10 with a subnet mask of 255.255.255.0. >> Can I set the source of the Outbound NAT mapping to 192.168.1.10/32? >> I appologize for asking what are probably pretty basic networking questions. >> This isn't in my area of expertise. >> Thanks, >> Tim > > Sure Tim. > > 192.168.1.10/32 Manual/Static > If you PC's and phones are on DHCP and the DHCP range is definable... > > 192.168.1.129-254 (dhcp range), then do 192.168.1.128/25 "automatic" > and thusly > 192.168.1.0/25 manual (split the difference) > > I think you get the general idea though. > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: tgrazi...@voice.myitdepartment.net > Fax: 434.326.5325 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: helpd...@voice.myitdepartment.net > > Helpdesk Contract Customers: > http://support.myitdepartment.net > Blog: > http://blog.myitdepartment.net > > Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.326.5325 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
