Hi,
I have a group of static ips and on one of my static ips I am running
an OpenBSD 4.2 firewall with pf using nat and altq. Behind the OpenBSD
firewall I have an asterisk server.
So in order for me to implement QoS, I have set up a non-transparent
bridge between my ISP router and the OpenBSD firewall. Everything is
working fine except I can not get my outgoing VOIP traffic to be placed
onto the correct queue.
Using pftop, I can see that packets are being passed out using the
rules that specify the queue "ovoip". But if I look at the queue view
inside pftop, no data was sent out using the queue. The queue "ivoip"
is being used for incoming traffic. Below are my pf rules.
--------------------------------------------------------------------------------------------
WANIF=external bridge interface
PUBIF=internal bridge interface (also has assigned static ip)
PRIVIF=internal private network
VOIP=private ip address for my asterisk server
altq on $WANIF hfsc bandwidth 7168Kb queue {iroot}
queue iroot bandwidth 95% priority 0 hfsc {ivoip, idata}
queue ivoip bandwidth 2% priority 5 hfsc(realtime 112Kb)
queue idata bandwidth 98% priority 2 hfsc(default)
altq on $PUBIF hfsc bandwidth 896Kb queue {oroot}
queue oroot bandwidth 95% priority 0 hfsc {ovoip, odata}
queue ovoip bandwidth 15% priority 6 hfsc(realtime 112Kb)
queue odata bandwidth 85% priority 3 hfsc(default)
nat on $PUBIF from $PRIVIF:network to any -> $PUBIF:0
block in all
pass out all
pass in on $WANIF from any to $PUBIF:network
pass in on $PUBIF from $PUBIF:network to any
pass in on $PRIVIF
pass in quick on $PUBIF proto tcp from any to any port {5060} queue ivoip
pass in quick on $PUBIF proto udp from any to any port {5060:5063,
10000:20000} queue ivoip
pass in quick proto tcp from $VOIP to any port {5060} queue ovoip
pass in quick proto udp from $VOIP to any port {5060:5063,
10000:20000} queue ovoip
--------------------------------------------------------------------------------------------
Does anyone have any ideas on how I can get this to work? Any
information or examples of pf/altq rules with a bridge would be
greatly appreciated.
Thanks,
Mike Siers
