VoIP and IPFW

[Michael W. Oliver]

On 2004-09-08T16:29:50-0400, Forrest Aldrich wrote:
> Hi there,
> 
> I'm considering testing the Vonage service, with my FreeBSD-4.10 system 
> (maybe 5 or 6).  
> 
> I wonder if anyone here has a configuration they can share, or if there 
> are any pages out there that detail the proper (and secure) setup.

Sure!  I am using IPFW2+NATD and the following (partial) configuration
works well for me...

--8<---------------
vonage_ata="10.0.0.192"

ipfw pipe 2 config bw "200Kbit/s"
ipfw pipe 4 config bw "200Kbit/s"
ipfw pipe 6 config bw "99800Kbit/s"
ipfw pipe 8 config bw "384Kbit/s"

ipfw queue 20 config weight 100 pipe 2
ipfw queue 40 config weight 100 pipe 4
ipfw queue 60 config weight 5 pipe 6
ipfw queue 80 config weight 5 pipe 8

${fwcmd} add pass udp from ${vonage_ata} to any in recv ${lan_if}
${fwcmd} add queue 40 udp from ${wan_ip} to any src-port 5060-5061 out xmit ${wan_if}
${fwcmd} add queue 40 udp from ${wan_ip} to any src-port 10000-20000 out xmit ${wan_if}
${fwcmd} add pass udp from any to ${vonage_ata} in recv ${wan_if}
${fwcmd} add queue 20 udp from any to ${vonage_ata} out xmit ${lan_if}
#
${fwcmd} add pass udp from ${vonage_ata} to any dst-port 53 in recv ${lan_if}
${fwcmd} add queue 80 udp from ${wan_ip} to any dst-port 53 out xmit ${wan_if}
${fwcmd} add pass udp from any to ${vonage_ata} src-port 53 in recv ${wan_if}
${fwcmd} add queue 60 udp from any to ${vonage_ata} src-port 53 out xmit ${lan_if}
#
${fwcmd} add pass udp from ${vonage_ata} to any dst-port 69 in recv ${lan_if}
${fwcmd} add queue 80 udp from ${wan_ip} to any dst-port 69 out xmit ${wan_if}
${fwcmd} add pass udp from any to ${vonage_ata} src-port 69 in recv ${wan_if}
${fwcmd} add queue 60 udp from any to ${vonage_ata} src-port 69 out xmit ${lan_if}
--8<---------------

I am using this with RoadRunner, which gives me 2Mb/s down and 384kb/s
up, which is why the pipes are configured the way that they are.
Naturally, you would want to change those values to match your up/down
speed.  In addition, you need to make sure that you are queueing your
other traffic as well, using queues 60 and 80 for non-VoIP traffic.

I hope that this helps.

-- 
Mike
perl -e 'print unpack("u","88V]N=&%C=\"!I;F9O(&EN(&AE861E<G,*");'

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20040909/b23c6ed0/attachment.bin