On Mon, 2009-12-21 at 07:20 -0800, Tom Eastep wrote: > > Probably 'prio'.
That could be it. It rings a bell. It was so long ago though. But a short bit of googlin' came up with this: http://www.voip-info.org/wiki/view/QoS+with+Linux+using+PRIO+and+HTB This is exactly my position on QOS with VOIP. I don't think I even bothered with an HTB in the second class. But seeing this, pfifo was the mechanism I used. That allowed what I wanted, which the writer of the above page describes exactly: The problem is that they [wondershaper] all use fair queing schemes where one connection cannot steal all the bandwidth, but this is exactly what I want. When I use VoIP I don't want any other traffic sent out on my link when there is VoIP data that wants to go out. I tend to think that this is what most people using VOIP want. > Which is impossible to decode without knowing the setting of > MARK_IN_FORWARD_CHAIN -- I'll assume that option is set. Good assumption: shorewall.conf:MARK_IN_FORWARD_CHAIN=Yes > The PBX rules can be encoded in the route_rules file. But only because I have a dedicated IP for the PBX, yes? That is more a product of simplicity (in the Shorewall TC configuration) than necessity. > Anything having > to do with specific protocols must be done using firewall rules. It may be that a lot of people can simply say that an IP address is VOIP. In my case, I set up an alias and binded Asterisk to it. Others though may be in a simpler, SIP client only situation with an ATA, but they are also in the "entire IP address is VIOP" situation. The people who don't fall into that are people doing VOIP on their workstations that also browse and do other bandwidth intensive things. So I think ultimately we need both. > I don't know why you are using RESTORE in your rules above. You never > SAVE or mark any connections so that appears superfluous. Yeah, more than likely historical. I do note some commented out: # Bitorrent #RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 #CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 #4 0.0.0.0/0 0.0.0.0/0 ipp2p:all bit #SAVE:P 0.0.0.0/0 0.0.0.0/0 tcp - - - 1 That was at the top of the file, prior to what I sent previously > The 'track' > option hides all of the 'CONTINUE, RESTORE goop' for multi-ISP. Do you > set TC_EXPERT=Yes for some reason? Nope: shorewall.conf:TC_EXPERT=No Which is good, because I am a far cry from it. :-) > That's a very convoluted way of writing this tcrule: > > 1 0.0.0.0/0 0.0.0.0/0 - - - - - - - - sip Ahhh. Sweet. Seems this is new in 4.2.0. I will have to make use of that. > I agree and I'll do what I can.... Great! You are the compiler man after-all, doing a wonderful job of taking a working config and turning into configuration and compiler code! > ... but when I had the inspiration for Shorewall 9 years ago, it was > with respect to iptables. Absolutely understood. > I've had no such flashes of insight when it > comes to policy routing and especially traffic shaping. I have a very fuzzy picture in my mind. Nothing I can put to paper yet of how I think the configuration could look. I've scratched the surface on describing it here, but it's just a seed of an idea yet. Likely it will evolve as we find out way through this quagmire. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
