Version am running:
Linux KPAHQPBX01 2.6.9-78.0.8.EL #1 Wed Nov 19 19:43:32 EST 2008 i686 i686 i386 GNU/Linux
CentOS release 4.7 (Final)
iptables v1.2.11
I have not used WEBMIN iptables gui to enter these rules and do not know how but when i manually edit /etc/sysconfig/iptables with the following :
-A OUTPUT -t mangle -p udp -m udp --sport 4569 -j DSCP --set-dscp-class ef
-A OUTPUT -t mangle -p udp -m udp --sport 10000:20000 -j DSCP --set-dscp-class ef
-A OUTPUT -t mangle -p udp -m udp --sport 5060 -j DSCP --set-dscp-class ef
I get this error:
"Applying iptables firewall rules: iptables-restore v1.2.11: Line 36 seems to have a -t table option."
and iptables fails to start.
So i then tried to add to SIP.conf like so :
[general]
tos_sip=cs3 ;
tos_audio=ef ;
tos_video=af41 ;
It doesnt error on me but when sniffing the packets with ethereal to verify that it is set in the header it is not there.I would prefer to set it via asterisk but if thats not possible, using iptables is no biggie. Has anyone ran into this before and or see the mistakes am making. I am sure the problem is between the chair and keyboard :)
Thank you,
Brandon Bowlby
KPA
for starters if you are
for starters if you are running 1.4 you need
tos_sip=cs3 ;
tos_audio=ef ;
tos_video=af41 ;
secondly if you installed from ISO you got screwed. The iso was written with complete disregard to QOS.
you need to re-install asterisk removing the /etc/init.d startup script that came with the iso and use the one that gets installed with 'make config' .. once you confirm asterisk is running as root then your QOS will work correctly. The internet is FULL of brainless people that are unaware that only root can alter the TOS headers of an IP packet.
after your reinstall you'll need to re-set directory permissions on /etc/asterisk /var/spool/asterisk /usr/lib/asterisk /var/lib/asterisk and /var/log/asterisk
Well that sucks
I have known about the permissions issue but i thought that was resolved in 1.4 or is it just how Thirdlane complied it? At this point am looking for the easiest non-destructive way possible. I am going to see if iptables will work or another option would to possibly use another appliance such as a Q1300 and have it sit in between. Do you have any thoughts on either of those two methods ?
i would just run asterisk as
i would just run asterisk as root and let it set the TOS headers. you should be able to re-edit /etc/init.d/asterisk and change the username/password there and 'chown -R root.root' for each of those directories.
I hate to ask this but
Erik,
Can you give me a step by step on how to do this, i get the idea and am pretty sure but since this is a live system it makes me very nervous and unsure. Also do you have a pay-pal address where i could send you a tip for all this help?
So instead of using :
tos_sip=cs3 ;
tos_audio=ef ;
tos_video=af41
I went to the old way with :
tos=0xB8
Now when I look at the capture lets say my pbx is 1.1.1.1 and my phone is 2.2.2.2. Looking at the capture for source 1.1.1.1.1 (my pbx) to 2.2.2.2 (my phone) the packet is untagged or 0x00. Then when i look at source 2.2.2.2 (my phone) to 1.1.1.1 (my pbx) I do see 0xb8 or EF, the correct tag.
My question now is should it be coming the reverse way or is this correct for setting a QoS network up based on Diffserv? I have all interconnecting switches and firewalls tagged with 46 the decimal value and then assigned 46 the highest priority.
Any thoughts or flaws with my logic on this one? or am i ok?