I have a box in the lan that sends packets through open vpn.
openvpn is running on the shorewall boxes on both endpoints.
The traffic is being classified, but clipping is occuring.
Does traffic have to be classifed on the openvpn interface as well?
All of the traffic originates in the loc (lan). On one end the voip box is
10.19.227.240 in this <snip>
This rule I have recently tryed but not enough time to see if it has improve
voip
which I was thinking would mark traffic going through open vpn from
10.19.227.18 > 10.192.139.240
1 $FW 10.192.139.240 ALL
pkts bytes target prot opt in out source
destination
1203K 223M CLASSIFY all -- * * 10.19.227.18
0.0.0.0/0 CLASSIFY set 1:11
46 2864 CLASSIFY icmp -- * eth0 0.0.0.0/0
0.0.0.0/0 icmp type 8 CLASSIFY set 1:12
0 0 CLASSIFY icmp -- * eth0 0.0.0.0/0
0.0.0.0/0 icmp type 0 CLASSIFY set 1:12
23 1448 CLASSIFY icmp -- * eth1 0.0.0.0/0
0.0.0.0/0 icmp type 8 CLASSIFY set 1:12
176 10704 CLASSIFY icmp -- * eth1 0.0.0.0/0
0.0.0.0/0 icmp type 0 CLASSIFY set 1:12
0 0 CLASSIFY tcp -- eth1 * 10.194.53.0/24
0.0.0.0/0 multiport dports 23 CLASSIFY set 1:12
0 0 CLASSIFY tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 multiport dports 53 CLASSIFY set 1:13
0 0 CLASSIFY tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:53 CLASSIFY set 1:13
326K 25M CLASSIFY udp -- * eth1 0.0.0.0/0
0.0.0.0/0 multiport dports 53 CLASSIFY set 2:13
0 0 CLASSIFY udp -- * eth1 0.0.0.0/0
0.0.0.0/0 udp spt:53 CLASSIFY set 2:13
5318K 542M CLASSIFY tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 multiport dports 80 CLASSIFY set 1:12
2096 2573K CLASSIFY tcp -- * eth0 0.0.0.0/0
0.0.0.0/0 tcp spt:80 CLASSIFY set 1:12
68144 11M CLASSIFY tcp -- * eth1 0.0.0.0/0
0.0.0.0/0 multiport dports 80 CLASSIFY set 2:12
238K 293M CLASSIFY tcp -- * eth1 0.0.0.0/0
512:P 0.0.0.0/0 64.42.53.203 all
512:P 64.42.53.203 0.0.0.0/0 all
256:P eth3:10.19.227.0/24 0.0.0.0/0 tcp ftp
256:P eth3:10.19.227.0/24 0.0.0.0/0 tcp ftp-data
#2:P:103 eth3:10.19.227.0/24 64.42.53.203 all
#2:P:103 eth3:10.19.227.0/24 0.0.0.0/0 tcp 25
tcrules---------------------------------------------------------------------
#
# Route Arkona to eth0
256 $FW 216.177.224.2 all
512 $FW 216.174.194.53,216.174.194.54 all
256:P eth3:10.19.227.0/24 216.177.224.2 tcp
domain
256:P eth3:10.19.227.0/24 216.177.224.2 udp
domain
512:P 0.0.0.0/0 216.174.194.53,216.174.194.54 tcp
domain
512:P 0.0.0.0/0 216.174.194.53,216.174.194.54 udp
domain
#256:P eth1:10.194.53.0/24 0.0.0.0/0 ESP
#2:F eth0 0.0.0.0/0 ESP
#2 $FW 0.0.0.0/0 ALL
# ************ Maximize priority of VoIP traffic
*******************************************
#
#
1:11 10.19.227.18 0.0.0.0/0 ALL
1 $FW 10.192.139.240 ALL
#
# ************ Prioritize pings with low payload
*******************************************
1:12 0.0.0.0/0 eth0 icmp echo-request
1:12 0.0.0.0/0 eth0 icmp echo-reply
1:12 0.0.0.0/0 eth1 icmp echo-request
1:12 0.0.0.0/0 eth1 icmp echo-reply
1:12 eth1:10.194.53.0/24 0.0.0.0/0 tcp
telnet
# ************ Prioritize services
*********************************************************
# DNS
1:13 0.0.0.0/0 eth0 tcp 53
1:13 0.0.0.0/0 eth0 tcp - 53
2:13 0.0.0.0/0 eth1 udp 53
2:13 0.0.0.0/0 eth1 udp - 53
# HTTP
1:12 0.0.0.0/0 eth0 tcp 80
1:12 0.0.0.0/0 eth0 tcp - 80
2:12 0.0.0.0/0 eth1 tcp 80
2:12 0.0.0.0/0 eth1 tcp - 80
# SMTP/POP3
1:13 0.0.0.0/0 eth0 tcp 25
1:13 0.0.0.0/0 eth0 tcp - 25
2:13 0.0.0.0/0 eth1 tcp 25
2:13 0.0.0.0/0 eth1 tcp - 25
1:13 0.0.0.0/0 eth0 tcp 110
1:13 0.0.0.0/0 eth0 tcp - 110
2:13 0.0.0.0/0 eth1 tcp 110
2:13 0.0.0.0/0 eth1 tcp - 110
# SSH
1:12 0.0.0.0/0 eth0 tcp 22
Thanks
Mike
I thought this might need a dump and above in my post
there is a mistake. Here is the correct addresses of
the voip boxes.
10.19.227.18>10.192.139.240
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for just about anything Open
Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
