RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper

From:	"Quark IT - Hilton Travis" <Hilton at quarkit dot com dot au>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper
Date:	Fri, 19 Aug 2005 10:27:31 +1000
Hi,

There still seems to be a great deal of confusion over the Traffic
Shaper in m0n0wall - and I include myself in that group.  This is a
shame as this is one of the really great features about m0n0wall.

We're seriously considering implementing an Asterisk server ahere at our
office to enable us to utilize various VOIP services (including some SIP
providers) and would **really** like to get a functional Traffic Shaper
running to ensure that our VOIP traffic gets the priority it needs.
Unfortunately, there is no information in the docbook manual about the
Traffic Shaper.  :(

I've noticed a number of questions from Asterisk and SIP VOIP users
about how to configure the Traffic Shaper in m0n0wall to allow their
VOIP to function optimally.  Unfortunately, the answers seem to be rare
and not (that I've seen) complete.

Is there anyone out there who has a m0n0wall Traffic Shaper ruleset for
VOIP usage?  If there's no-one updating the manual with this information
then I am willing to take this on, even though we don't use VOIP here
ourselves yet, and I'll keep updating this section as we start to play
ourselves.

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed. 

> -----Original Message-----
> From: Wizard Man [mailto:wizard1089 at yahoo dot com] 
> Sent: Friday, 12 August 2005 09:46
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Asterisk behind DMZ w/ traffic shaper
> 
> Hello all,
> 
>   I need some advice on how I setup my Monowall
> traffic shaper with my asterisk server running IAX2 to
> Teliax on the DMZ on the Monowall.  Pretty much what
> I'm trying to accomplish is that voice traffic gets
> what ever it needs in terms of bandwidth in either
> direction.  Any suggestions on my configuration below
> or other ways to go about it would be great.  Here is
> an overview of how i got things setup in the network
> and m0n0 wall.
> 
> Asterisk Server - I have two NIC's in the asterisk
> server one to connected via crossover cable to the DMZ
> NIC of the m0n0wall and the other to go to a switch
> dedicated for the cisco ip phones.
> 
> I have traffic shaper setup as following:
> 
> Pipes:
> 
> No. Bandwidth   Delay PLR Queue Mask  Description  
> 1   3500 Kbit/s                      Cox Downstream
> 2   400 Kbit/s                       Cox Upstream
> 
> Queues:
> 
> No. Pipe            Weight  Mask   Description  
> 1   Cox Downstream    100          VoIP Downstream
> 2   Cox Upstream      100          Voip Upstream
> 3   Cox Downstream    50           Inet Downstream 
> 4   Cox Upstream      50           Inet Upstream
> 
> Rules:
> 
> If Proto Source   Destination     Target   
> WAN  *      *     VOIP DMZ net    VoIP Downstream
> 
> WAN  *   vOIPDMZnet   *           Voip Upstream
>     
> WAN TCP     *         *           Inet Downstream 
>     
> WAN TCP     *         *           Inet Upstream
> 
> 
>     So from what I think i'm doing is telling m0n0
> wall to give prority to anything that flowes between
> the DMZ and the net proirty and everything falls
> second.  Thanks for your help and advice.