Hi, I am looking for a way to detect RTP traffic. Currently I asked some SIP providers to tell me their networks and set up some rules in tcrules. But I would like a more generic version, where I am provider independent. My router is a border router and connects PPPoE customers with the internet. What I want to achieve is to detect SIP/RTP and do QoS/DSCP on these packets. The default ploicy is to allow trafic between WAN and PPPoE and vice versa. All public IPs. No NATing. This is, how I currently did it: /params: DWNET=193.239.104.0/22 SIPGATE1=217.10.64.0/20 SIPGATE2=217.116.117.0/24 SIPGATE3=212.9.32.0/19 EASYBELL=212.172.97.112/28 /tcrules: COMMENT Copy connmark to packet mark RESTORE/0x00FF:T \ - - all COMMENT VoIP SIP DSCP(CS3):T - - udp 5060:5076 \ - - 0x1 DSCP(CS3):T - - udp - 5060:5076 \ - 0x1 CONTINUE:T - - udp 5060:5076 \ - - 0x1 CONTINUE:T - - udp - 5060:5076 \ - 0x1 COMMENT VoIP RTP DSCP(CS5):T - - udp - - - 0x1 CONTINUE:T - - udp - - - 0x1 COMMENT Sipgate 0x1:T $DWNET $SIPGATE1 udp COMMENT Sipgate 0x1:T $DWNET $SIPGATE2 udp COMMENT Sipgate 0x1:T $DWNET $SIPGATE3 udp COMMENT Easybell 0x1:T $DWNET $EASYBELL udp COMMENT SAVE/0x00FF:T - - udp - - - 0x1 CONTINUE:T - - udp - - - 0x1 … I tried to understand the use of „helpers“, but I did not get it to work. It seems, helpers are for NATed firewalls, are they? Can I also use it to detect the RTP packets somehow even if I am not NATing? Can you help me fixing the above rules, so I am independent of Sipgate/Easybell? I guess SIP is always controlled over 5060UDP/TCP, is it? I really spent a lot of time of googleing, but don’t know how to do things here. I really would be happy, if someone could help me a bit :) 0x1 is a mark for a class for ppp-devices - fast, interactive traffic with tc hfsc. Thanks a lot in advance -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein ------------------------------------------------------------------------------