I called AT&T and they said that the VoIP TA uses ports 2427, 2727, and
30000 thru 31000. All of them are UDP. From what I've found on the
internet it doesn't use SIP. Below is my pf ruleset. I haven't had a
chance to try the ruleset out because I have to get a new switch.
The fxp0 NIC is for the 10.4.20.0/24 network which is just my machine.
The sis0 NIC is for the 10.10.220.0/24 network is for VoIP and any
computers to connect using DHCP. I have a Comcast cable modem and
offically I have 6000mb/s down and 384Mb/s(I think) up. Realistically
it's more like 5700 down and 350 up.
I want to set up the queues so that VoIP gets 50% of the bandwidth and
50% for non-voip. The non-voip queue has 3 sub-queues. 50% goes to my
system, 25% for computers connecting using DHCP, and 25% for work, with
a lower priority. Work has 2 sub-queues. I probably set up the queues
wrong. Any help is greatly appreciated.
-----------------------------------------------------------------------
ext_if = "dc0"
int_if1 = "fxp0"
int_if2 = "sis0"
$da_puter = 10.4.20.2
$voip_addr = 10.10.220.2
altq on $ext_if cbq bandwidth 100% queue { voip, nonvoip }
queue voip bandwidth 50% priority 1 cbq(borrow)
queue nonvoip bandwidth 50% { nonvoip_daputer, nonvoip_dhcp \
nonvoip_work } priority 1 (borrow)
queue nonvoip_daputer bandwidth 50% priority 2 cbq(borrow)
queue nonvoip_dhcp bandwidth 25% priority 2 cbq(borrow)
queue nonvoip_work bandwidth 25% { nonvoip_work_1, \
nonvoip_work_2 } priority 1 (borrow)
queue nonvoip_work_1 bandwidth 50% priority 1 cbq(borrow)
queue nonvoip_work_2 bandwidth 50% priority 1 cbq(borrow)
# scrub incoming packets
scrub in all
# nat
nat on $ext_if from $int_if1 to any -> ($ext_if)
nat on $ext_if from $int_if2 to any -> ($ext_if)
# redirect for work app #1
rdr on $ext_if proto tcp from any to any port 10000 -> $da_puter
rdr on $ext_if proto udp from any to any port 10001 -> $da_puter
# redirect for work app #2
rdr on $ext_if proto tcp from any to any port 11000 -> $da_puter
#redirect for VoIP
rdr on $ext_if proto udp from any to any port 2427 -> $voip_addr
rdr on $ext_if proto udp from any to any port 2727 -> $voip_addr
rdr on $ext_if proto udp from any to any port 30000:31000 -> $voip_addr
# setup a default deny policy
block all
# pass traffic on the loopback interface in either direction
pass quick on lo0 all
# activate spoofing protection for the internal interface.
antispoof quick for $int_if1 inet
antispoof quick for $int_if2 inet
# pass all traffic to and from the local network
# keep state on udp and modulate state on tcp.
pass in quick on $int_if1 from any proto tcp port 10000 to any \
modulate state nonvoip_work_1
pass in quick on $int_if1 from any proto udp port 10001 to any keep
state nonvoip_work_1
pass in quick on $int_if1 from any proto tcp port 11000 to any \
modulate state queue nonvoip_work_2
pass in quick on $int_if1 from any to any modulate state queue \
nonvoip_daputer
pass in quick on $int_if2 from any proto udp port 2427 to any keep \
state queue voip
pass in quick on $int_if2 from any proto udp port 2727 to any keep \
state queue voip
pass in quick on $int_if2 from any proto udp port 30000:31000 to any \
keep state queue voip
pass in quick on $int_if2 from any to any modulate state queue \
nonvoip_dhcp
pass out on $int_if1 from any to any modulate state
pass out on $int_if2 from any to any modulate state
# pass tcp and udp out on the external (Internet) interface.
# keep state on udp and modulate state on tcp.
pass out on $ext_if proto tcp all modulate state
pass out on $ext_if proto udp all keep state
_____________________________________________________________
Sign up for FREE email from www.swissmail.net at http://www.swissmail.net
