-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
I have a VoIP phone (Siemens S685IP) with the IP 192.168.1.103. I used the traffic shaper wizard to setup some queues. However, nothing seems to flow into the qVoIP during VoIP calls (the traffic seems to go into qDefault). I tried to modified the rule, using the IP address instead of the alias, enabling the "Quick" option but without success. By the way, if I choose to prioritize DNS in the wizard, the traffic to/from (I didn't look further into this issue) my ISP's DNS servers is blocked!? 2.0-BETA4 (i386) built on Sat Nov 13 03:27:48 EST 2010 FreeBSD 8.1-RELEASE-p1 Thank you. Regards, Cyril Jaquier [2.0-beta4][[email protected]]/root(4): pfctl -sa TRANSLATION RULES: nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on vr1 inet from 192.168.1.0/24 port = isakmp to any port = isakmp - -> 84.74.xxx.yyy port 500 nat on vr1 inet from 192.168.1.0/24 to any -> 84.74.xxx.yyy port 1024:65535 rdr-anchor "relayd/*" all rdr-anchor "tftp-proxy/*" all rdr on vr1 inet proto tcp from any to any port = rwhois -> 192.168.1.102 rdr on vr1 inet proto udp from any to any port = rwhois -> 192.168.1.102 rdr-anchor "miniupnpd" all FILTER RULES: scrub in on vr1 all fragment reassemble scrub in on vr0 all fragment reassemble anchor "relayd/*" all anchor "firewallrules" all block drop in log all label "Default deny rule" block drop out log all label "Default deny rule" block drop in quick inet6 all block drop out quick inet6 all block drop quick proto tcp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any port = 0 to any block drop quick proto udp from any to any port = 0 block drop quick from <snort2c> to any label "Block snort2c hosts" block drop quick from any to <snort2c> label "Block snort2c hosts" anchor "packageearly" all anchor "carp" all block drop in log quick proto tcp from <sshlockout> to any port = ssh label "sshlockout" block drop in quick from <virusprot> to any label "virusprot overload table" anchor "wanbogons" all block drop in log quick on vr1 from <bogons> to any label "block bogon networks from WAN" block drop in on ! vr1 inet from 84.74.24.0/21 to any block drop in inet from 84.74.xxx.yyy to any block drop in on vr1 inet6 from fe80::20d:b9ff:fe15:caf5 to any block drop in log quick on vr1 inet from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block drop in log quick on vr1 inet from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block drop in log quick on vr1 inet from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block drop in log quick on vr1 inet from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" anchor "wandhcp" all pass in on vr1 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN" pass out on vr1 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" block drop in on ! vr0 inet from 192.168.1.0/24 to any block drop in inet from 192.168.1.1 to any block drop in on vr0 inet6 from fe80::20d:b9ff:fe15:caf4 to any anchor "dhcpserverLAN" all pass in on vr0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" pass in on vr0 inet proto udp from any port = bootpc to 192.168.1.1 port = bootps keep state label "allow access to DHCP server" pass out on vr0 inet proto udp from 192.168.1.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server" anchor "spoofing" all anchor "loopback" all pass in on lo0 all flags S/SA keep state label "pass loopback" pass out on lo0 all flags S/SA keep state label "pass loopback" anchor "firewallout" all pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out route-to (vr1 84.74.24.1) inet from 84.74.xxx.yyy to ! 84.74.24.0/21 flags S/SA keep state allow-opts label "let out anything from firewall host itself" anchor "anti-lockout" all pass in quick on vr0 proto tcp from any to (vr0) port = http flags S/SA keep state label "anti-lockout rule" pass in quick on vr0 proto tcp from any to (vr0) port = https flags S/SA keep state label "anti-lockout rule" pass in quick on vr0 proto tcp from any to (vr0) port = ssh flags S/SA keep state label "anti-lockout rule" pass out proto udp from <VoIP> to any keep state label "USER_RULE: VOIP Adapter" queue qVoIP pass out proto tcp from any to any port = http flags S/SA keep state label "USER_RULE: m_Other HTTP outbound" queue(qOthersHigh, qACK) pass out proto tcp from any to any port = https flags S/SA keep state label "USER_RULE: m_Other HTTPS outbound" queue(qOthersHigh, qACK) pass out proto tcp from any to any port = smtp flags S/SA keep state label "USER_RULE: m_Other SMTP outbound" queue(qOthersLow, qACK) pass in quick on vr0 inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Default allow LAN to any rule" anchor "packagelate" all anchor "tftp-proxy/*" all anchor "limitingesr" all anchor "miniupnpd" all ALTQ: queue qACK on vr1 priority 6 priq( red ecn ) queue qDefault on vr1 priority 3 priq( red ecn default ) queue qVoIP on vr1 priority 7 priq( red ecn ) queue qOthersHigh on vr1 priority 4 priq( red ecn ) queue qOthersLow on vr1 priority 2 priq( red ecn ) queue qACK on vr0 priority 6 priq( red ecn ) queue qDefault on vr0 priority 3 priq( red ecn default ) queue qVoIP on vr0 priority 7 priq( red ecn ) queue qOthersHigh on vr0 priority 4 priq( red ecn ) queue qOthersLow on vr0 priority 2 priq( red ecn ) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzgGowACgkQlYy8cEwUMaSlqgCcCWR256H6p3FDV34sbofN8nE0 zb0AniQkun8SgW2IsqyEPTCE8FmPqj8Z =RkPl -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
