As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future.
Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set your proper wan port. I use pppoe for mine. This must be used with pre 3.11 Here are detailed instructions on how to commit this to nvram: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=2943&start=0 I used that same script but did some final tweaks to make it work perfect for Asterisk using IAX and SIP! Code: IPT=/usr/sbin/iptables IP=/usr/sbin/ip TC=/usr/sbin/tc # Specify ethernet device, Queue length, and MTU size # ((qlen * mtu) / rate) / 1024 = time DEV=ppp0 OUT_QLEN=30 MTU=1492 # Set to ~80% of tested maximum bandwidth UPLINK=495 # specify class rates - We grant each class at LEAST its "fair share" of # bandwidth. this way no class will ever be starved by another class. UPLINK_1_R=200 # VOIP only UPLINK_2_R=64 # Interactive (low port) traffic and ICMP/ACK UPLINK_3_R=16 # Everything else (ssh) UPLINK_4_R=16 # P2P # Each class is also permitted to consume all of the available bandwidth # if no other classes are in use. UPLINK_1_C=${UPLINK} UPLINK_2_C=${UPLINK} UPLINK_3_C=${UPLINK} UPLINK_4_C=${UPLINK} # remove old qdiscs $TC qdisc del dev $DEV root 2> /dev/null > /dev/null $TC qdisc del dev $DEV ingress 2> /dev/null > /dev/null # reset iptables rules $IPT -t mangle -D POSTROUTING -o $DEV -j MYOUT $IPT -t mangle -F MYOUT $IPT -t mangle -X MYOUT # set outgoing queue length $IP link set dev $DEV qlen ${OUT_QLEN} # lower the MTU to decrease latency #$IP link set dev $DEV mtu $MTU # Create HTB root qdisc with an htb default of 30 $TC qdisc add dev $DEV root handle 1: htb default 40 # create main rate limit class $TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit # create leaf rate limit classes $TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK_1_R}kbit ceil ${UPLINK_1_C}kbit prio 0 $TC class add dev $DEV parent 1:1 classid 1:20 htb rate ${UPLINK_2_R}kbit ceil ${UPLINK_2_C}kbit prio 1 $TC class add dev $DEV parent 1:1 classid 1:30 htb rate ${UPLINK_3_R}kbit ceil ${UPLINK_3_C}kbit prio 2 $TC class add dev $DEV parent 1:1 classid 1:40 htb rate ${UPLINK_4_R}kbit ceil ${UPLINK_4_C}kbit prio 3 # attach qdisc to leaf classes - here we at SFQ to each priority class. SFQ # insures that within each class connections will be treated (almost) fairly. $TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 $TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 $TC qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 $TC qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 # add MYOUT chain to the mangle table in $IPT - this sets up the table # we use to filter and mark packets. $IPT -t mangle -N MYOUT $IPT -t mangle -I POSTROUTING -o $DEV -j MYOUT # add fwmark entries to classify different types of traffic - Set fwmark from # 10-40 according to desired class. 10 is highest prio. # outgoing VOIP rules - trumps everything else $IPT -t mangle -A MYOUT -p udp --sport 5060:5063 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 5060:5063 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --sport 4569:4569 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 4569:4569 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --sport 5036:5036 -j CLASSIFY --set-class 1:10 $IPT -t mangle -A MYOUT -p udp --dport 5036:5036 -j CLASSIFY --set-class 1:10 # default for outgoing interactive ports rules $IPT -t mangle -A MYOUT -p tcp --sport 0:1024 -j CLASSIFY --set-class 1:20 $IPT -t mangle -A MYOUT -p tcp --dport 0:1024 -j CLASSIFY --set-class 1:20 # the ack rule -- for ack packets smaller than 64 bytes --it must be added using # tc filter instead of iptables for now because the length module appears to be # broken and/or missing from the wrt54g iptables $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:10 $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0x60 0xff at 33 flowid 1:10 $TC filter add dev $DEV parent 1:0 prio 1 protocol ip u32 match ip protocol 6 0xff match u16 0x0000 0xffc0 at 2 match u8 0xb8 0xff at 33 flowid 1:10 # outgoing DNS rule $IPT -t mangle -A MYOUT -p udp --dport domain -j CLASSIFY --set-class 1:20 # cheap outgoing ping rule $IPT -t mangle -A MYOUT -p icmp -j CLASSIFY --set-class 1:20 # outgoing ssh connection rule $IPT -t mangle -A MYOUT -p tcp --sport ssh -j CLASSIFY --set-class 1:20 $IPT -t mangle -A MYOUT -p tcp --dport ssh -j CLASSIFY --set-class 1:20 # outgoing P2P rules -- these are close to last b/c they use relatively costly layer 7 matching $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto directconnect -j CLASSIFY --set-class 1:40 $IPT -t mangle -A MYOUT -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto fasttrack -j CLASSIFY --set-class 1:40 # outgoing default rule - unmarked packets get schleped into lowest prio $IPT -t mangle -A MYOUT -m mark --mark 0 -j CLASSIFY --set-class 1:30 # All done, exit ok exit 0 ' _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
