I have a linux router that sits between my home LAN and the internet to which is connected via a ADSL modem. I been using Shorewall to manage the firewall rules and I''m now trying to set up QoS for VoIP as well. I''m running on Centos 5.2. I''ve spent a good few hours searching and reading different material, but I''ve found it difficult to get some good, simple Shorewall configurations to use as a sample, and most of the docco sends you off to http://www.shorewall.net/traffic_shaping.htm which has one small sample for VoIP which requires Shorewall 4.2.0 (I''m running 4.0.15). The other problem is that the man pages for tcclasses and tcrules use different examples (rather than using the same scenarios running through them both) so it''s hard to understand what''s really going on. Anyway, I''ve had a stab at things and set my tc files up as follows. Could anyone offer any feedback as to how correct or effective these will be? The intention was to have SSH as top priority, followed by DNS, then VoIP and everything else after that just gets bundled together. This is largely based on http://www.ckollars.org/shaping.html. One thing that''s worrying me a little is that this config doesn''t have anything under the options colum in tcclasses (such as tcp-ack,tos-minimize-delay) and I''m not sure whether there should be for VoIP. /etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH ppp0 2800kbit 600kbit /etc/shorewall/tcclasses #MARK SOURCE DEST PROTO DEST 1 0.0.0.0/0 0.0.0.0/0 tcp 22 1 0.0.0.0/0 0.0.0.0/0 udp 22 2 0.0.0.0/0 0.0.0.0/0 tcp 53 2 0.0.0.0/0 0.0.0.0/0 udp 53 3 0.0.0.0/0 0.0.0.0/0 tcp 5060,5061 3 0.0.0.0/0 0.0.0.0/0 udp 5060,5061 3 0.0.0.0/0 0.0.0.0/0 tcp 16384:16482 3 0.0.0.0/0 0.0.0.0/0 udp 16384:16482 /etc/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS ppp0 1 2*full/100 full 1 ppp0 2 20*full/100 full 2 ppp0 3 78*full/100 full 3 Regards, Phill ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
Robert K Coffman Jr. -Info From Data Corp.
2009-Jul-15 13:02 UTC
Re: Shorewall, VoIP and QoS
Phill, I spent a lot of time with this trying to get usable interactive internet (primarily web browsing) on a DSL line that was hosting email. This is what worked for me, your mileage may vary! Unless you are uploading a lot while using SSH or VOIP, traffic shaping probably won''t do you much good. But I would do it anyway! I would set the in-bandwidth to 0 to not bother traffic shaping inbound traffic. The most critical setting is the out-bandwidth. Using the rated line speed of your connection is probably a bad idea. In my case, it was easy to figure out because I was on a saturated link. If I set this too high, the connection slowed to a halt. If I set it too low, the connection was fine but I wasn''t getting the full potential of the link. So I found that tipping point - and set it a bit lower. In my case, the real value turned out to be only around 70kbps. What I would recommend is to somehow saturate your link on the upload side (multiple FTPs and perhaps some bittorrenting?) until your connection (i.e. web browsing) starts to crawl. Then lower your out-bandwidth, do a shorewall restart, and repeat these steps until web browsing speeds improve. That should get you in the vicinity. Err on the low side. - Bob Coffman ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge