[Asterisk-Users] Asterisk and Monwall - comments
Colin Anderson
ColinA at landmarkmasterbuilder.com
Wed May 25 07:55:28 MST 2005
Yes I do. Works fine. It's important to let Monowall create the forwarding
rules for you after you create the NAT entries. If you create it manually,
it is hit-and-miss. My config is:
NAT:
WAN > UDP > FROM: > 4569 > NAT IP: ASTERISK IP > LOCAL PORT 4569 (IAX)
WAN > UDP > FROM: > 5060 > NAT IP: ASTERISK IP > LOCAL PORT 5060 (SIP)
WAN > UDP > FROM: > 10000-20000 > NAT IP: ASTERISK IP > LOCAL PORT 10000
(SIP MEDIA STREAM)
TRAFFIC SHAPING:
Run the shaper wizard, then:
Change the m_Total Download and m_Total Upload pipes to values approxmating
the peak bandwidth of your Internet connection -5% or so. If you set it to
an arbitrarily high value, shaping will not work.
Assign WAN > Source (ALL *) > Destination > ASTERISK IP/Port Number > Target
to m_Total Download pipe NOT queue!
Assign LAN > ASTERISK IP/Port Number > Destination > Source (ALL *) > Target
to m_Total Upload pipe NOT queue!
This gives Asterisk control of the entire pipe, forcing other applications
to queue.
Calculate the total number of expected Asterisk sessions (SIP & IAX) through
the firewall X the expected amount of bandwidth. For example, I give my
salespeople full access to my PRI so I expect a maximum of 23 sessions X
~100 kilobits/sec, so 2.3 mbit/sec peak. I have a burstable E10 with about
5.5 mbit sustained, so I have 3.2 mbit left over.
Create another pipe that is the size of the remainder of the bandwidth you
have calculated above. Assign every other queue that the shaper wizard
creates that has nothing to do with Asterisk, this pipe you have created. In
the queue, give it weights as you see fit. For example, I hate email, so I
assign SMTP a weight of 4.
Another critical factor is what your ISP works best with in terms of the WAN
interface. In our case, we had extremely poor perfomance until they
mentioned that their connection works best at 10baseT, full duplex. WTF? OK,
if you go to:
http://my-monowall-ip/exec.php
and execute the command:
ifconfig fxp1 media 10baseT/UTP mediaopt full-duplex
adjust according to what your ISP works best with. What sucks for me is I
boot off CD so if I have to reboot the firewall I have to re enter the
command. You can set this permanently if you boot of of CF or HD.
I am using IAX--MONOWALL--IAX so this probably won't apply to you but the
Wondershaper script helped immensely. On my Asterisk server on the LAN, I
set Wondershaper to the max bandwidth of my E10, and for remote IAX users,
768K up / 1.5 down for DSL, and 1.5 up and 1.5 down for cable. Wondershaper
+ traffic shaping works perfect for me.
Last hint: To see what is happening, it's important to enable logging for
the port forwarding rule so you can determine if your phones are hitting the
Asterisk server. Turn it off afterward as it just creates overhead.
hth
-----Original Message-----
From: Chris Mason (Lists) [mailto:lists at masonc.com]
Sent: Wednesday, May 25, 2005 6:09 AM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: [Asterisk-Users] Asterisk and Monwall - comments
Just got a net4501 board, installed cf card/Monowall. Does anyone have a
monowall firewall with Asterisk behind it, any problems, can external SIP
phones work?
What firewall rules are you using?
Chris Mason
Int: (305) 704-7249 Fax: (815)301-9759
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list