From owner-freebsd-net@FreeBSD.ORG Fri Sep 10 17:54:09 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A18C316A4CE for ; Fri, 10 Sep 2004 17:54:09 +0000 (GMT) Received: from phoenix.gargantuan.com (rrcs-24-73-171-238.se.biz.rr.com [24.73.171.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 012E043D55 for ; Fri, 10 Sep 2004 17:54:09 +0000 (GMT) (envelope-from michael@gargantuan.com) Received: from localhost (localhost.gargantuan.com [127.0.0.1]) by spamassassin-injector (Postfix) with SMTP id 5988FF8; Thu, 9 Sep 2004 14:40:50 -0400 (EDT) Received: by phoenix.gargantuan.com (Postfix, from userid 1001) id 025D74A4; Thu, 9 Sep 2004 14:40:13 -0400 (EDT) Date: Thu, 9 Sep 2004 14:40:12 -0400 From: "Michael W. Oliver" To: Forrest Aldrich Message-ID: <20040909184012.GA11503@gargantuan.com> Mail-Followup-To: Forrest Aldrich , freebsd-net@freebsd.org References: <413F6BBE.1050202@forrie.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: <413F6BBE.1050202@forrie.com> X-WWW-Site: http://michael.gargantuan.com X-PGP-Public-Key: $X-WWW-Site/gnupg/pubkey.asc X-PGP-Fingerprint: 2694 0179 AE3F BFAE 0916 0BF5 B16B FBAB C5FA A3C9 X-Home-Phone: +1-863-816-8091 X-Mobile-Phone: +1-863-738-2334 X-Home-Address0: 8008 Apache Lane X-Home-Address1: Lakeland, FL X-Home-Address2: 33810-2172 X-Home-Address3: United States of America X-Good-Question-Guide: http://www.catb.org/~esr/faqs/smart-questions.html X-Netiquette-Guidelines: http://www.ietf.org/rfc/rfc1855.txt User-Agent: Mutt/1.5.6i X-Spam-DCC: : X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on phoenix.gargantuan.com X-Spam-Level: X-Spam-Status: No, hits=-103.4 required=5.0 tests=AWL,BAYES_00, NO_DNS_FOR_FROM,USER_IN_WHITELIST autolearn=no version=2.64 cc: freebsd-net@freebsd.org Subject: Re: VoIP and IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Sep 2004 17:54:09 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2004-09-08T16:29:50-0400, Forrest Aldrich wrote: > Hi there, >=20 > I'm considering testing the Vonage service, with my FreeBSD-4.10 system= =20 > (maybe 5 or 6). =20 >=20 > I wonder if anyone here has a configuration they can share, or if there= =20 > are any pages out there that detail the proper (and secure) setup. Sure! I am using IPFW2+NATD and the following (partial) configuration works well for me... --8<--------------- vonage_ata=3D"10.0.0.192" ipfw pipe 2 config bw "200Kbit/s" ipfw pipe 4 config bw "200Kbit/s" ipfw pipe 6 config bw "99800Kbit/s" ipfw pipe 8 config bw "384Kbit/s" ipfw queue 20 config weight 100 pipe 2 ipfw queue 40 config weight 100 pipe 4 ipfw queue 60 config weight 5 pipe 6 ipfw queue 80 config weight 5 pipe 8 ${fwcmd} add pass udp from ${vonage_ata} to any in recv ${lan_if} ${fwcmd} add queue 40 udp from ${wan_ip} to any src-port 5060-5061 out xmit= ${wan_if} ${fwcmd} add queue 40 udp from ${wan_ip} to any src-port 10000-20000 out xm= it ${wan_if} ${fwcmd} add pass udp from any to ${vonage_ata} in recv ${wan_if} ${fwcmd} add queue 20 udp from any to ${vonage_ata} out xmit ${lan_if} # ${fwcmd} add pass udp from ${vonage_ata} to any dst-port 53 in recv ${lan_i= f} ${fwcmd} add queue 80 udp from ${wan_ip} to any dst-port 53 out xmit ${wan_= if} ${fwcmd} add pass udp from any to ${vonage_ata} src-port 53 in recv ${wan_i= f} ${fwcmd} add queue 60 udp from any to ${vonage_ata} src-port 53 out xmit ${= lan_if} # ${fwcmd} add pass udp from ${vonage_ata} to any dst-port 69 in recv ${lan_i= f} ${fwcmd} add queue 80 udp from ${wan_ip} to any dst-port 69 out xmit ${wan_= if} ${fwcmd} add pass udp from any to ${vonage_ata} src-port 69 in recv ${wan_i= f} ${fwcmd} add queue 60 udp from any to ${vonage_ata} src-port 69 out xmit ${= lan_if} --8<--------------- I am using this with RoadRunner, which gives me 2Mb/s down and 384kb/s up, which is why the pipes are configured the way that they are. Naturally, you would want to change those values to match your up/down speed. In addition, you need to make sure that you are queueing your other traffic as well, using queues 60 and 80 for non-VoIP traffic. I hope that this helps. --=20 Mike perl -e 'print unpack("u","88V]N=3D&%C=3D\"!I;F9O(&EN(&AE861E