RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper

From:	"Chris Bagnall" <m0n0wall at minotaur dot cc>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Asterisk behind DMZ w/ traffic shaper
Date:	Mon, 22 Aug 2005 00:50:54 +0100
Here's the traffic shaper config I'm running at home. In this instance, rhea
is the asterisk server:

Pipes:
1	240 Kbit/s	Total Upload
2	960 Kbit/s	Total Download

Queues:
1	Total Upload	60	High Priority #1 Upload
2	Total Upload	30	High Priority #2 Upload
3	Total Upload	7	Default Upload
4	Total Upload	2	Hated Upload
5	Total Upload	1	Despised Upload
6	Total Download	75	High Priority Download
7	Total Download	22	Default Download
8	Total Download	2	Hated Download
9	Total Download	1	Despised Download

Rules (everything acts on the WAN interface):
Proto	Src	Port		Dest	Port	Queue		Desc
------	----	-----		------	------	-------		------
TCP	Artemis	Port: 1181	*		Despised Upload	DC Upload
TCP	Artemis	Port: 6881 - 6999	*		Hated Upload
BitTorrent Upload
TCP	Artemis	Port: 20 - 21	*		Hated Upload	FTP Upload
TCP 	Artemis	Port: 23580 - 23590	*	*	Hated Upload	FTP
Upload
ICMP	*			*		High Priority #1 Upload	ICMP
Upload
UDP 	* 			*		Port: 53 (DNS)	High
Priority #1 Upload	Outbound DNS Query
UDP 	Rhea 	Port: 4569 	*	*	High Priority #1 Upload
IAX Upload
TCP/UDP	Rhea 	Port: 5060 	*	*	High Priority #1 Upload
SIP Upload
UDP 	Rhea 	Port: 8000 - 10000 	*	*	High Priority #1
Upload 	RTP Upload
AH 	* 	* 	High Priority #2 Upload 	AH Upload   
ESP 	* 	* 	High Priority #2 Upload 	ESP Upload   
GRE 	* 	* 	High Priority #2 Upload 	GRE Upload   
* 	* 	* 	High Priority #2 Upload 	Small Pkt Upload   
* 	* 	* 	Default Upload 	Default Upload

TCP 	* 	Artemis	Port: 6881 - 6999 	Despised Download
BitTorrent Download
TCP 	*	Port: 80 (HTTP)	Artemis	Hated Download	HTTP Download
TCP 	* 	Artemis	Port: 20 - 21 	Hated Download 	FTP Download
TCP 	* 	Artemis	Port: 1181 	Hated Download 	DC Download
TCP 	* 	Artemis	Port: 23580 - 23590 	Hated Download 	FTP Download
ICMP 	* 	* 	High Priority Download 	ICMP Download
AH 	* 	* 	High Priority Download 	AH Download
ESP 	* 	* 	High Priority Download 	ESP Download
GRE 	* 	* 	High Priority Download 	GRE Download
* 	* 	* 	High Priority Download 	Small Pkt Download
UDP 	* 	Rhea	Port: 4569	High Priority Download 	IAX Download
TCP/UDP 	*	Rhea	Port: 5060	High Priority Download 	SIP
Download
UDP 	* 	Rhea	Port: 8000 - 10000	High Priority Download	RTP
Download
* 	* 	* 	Default Download 	Default Download

Artemis is my P2P/downloading machine at home.

As a general rule, even with BitTorrent running full whack I can make quite
acceptable IAX/g729 calls. The key (at least, I found) to an effective
traffic shaper config is getting your upstream bandwidth pipe size perfect.
Use an online speed test utility to find out exactly what throughput you're
getting - do *not* use the figure your ISP tells you you're getting.

You will need to edit your rtp.conf and define the port range to be used for
RTP streams, then modify the RTP upstream and downstream rules as required.

Regards,

Chris
-- 
C.M. Bagnall, Director, Minotaur I.T. Limited
Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: Minotaur_Chris
This email is made from 100% recycled electrons