[Firehol-support] Firehol Problem - Please Help

Andrei Verovski (aka MacGuru) andreil1 at starlett.lv
Wed Sep 23 23:09:49 BST 2009

On Wednesday 23 September 2009 09:12:25 pm you wrote:

Carlos, thanks a LOT, its worked. I have split 
nat to-destination inface "${if_world}" proto tcp 
dport "${client_mygvsv_ports}"

and specified client_mygvsv_ports as "default" instead of port numbers. Second 
option was crucial, without it port forwarding did not worked correctly.

Now I have last task - QoS/traffic shaping setup for SIP VoIP (Asterisk).

I found this solution:

It consist of 2 parts - iptables script and traffic shaping script. I wonder 
if these scripts can be just executed after firehol (after editing interfaces 
according to the real setup)? Or may be its better to paste iptables script 
straight into firehol.conf?

Additionally, there is a very simple script (I think it is packaged by someone 
as wondershaper), but it seems its less effective then first one above.

> On Wed, Sep 23, 2009 at 3:21 PM, Andrei Verovski <andreil1 at starlett.lv> 
> > nat to-destination inface "${if_world}" proto tcp
> > dport "${client_mygvsv_ports}"
> This doesn't look good. I don't think you can specify multiple ports
> as "dport". Try having two commands, one for each of the ports 5548
> and 5549.
> BTW, having those two ports as "client_mygvsv_ports" you are saying
> that clients will initiate connections to the server using only one of
> those two ports on their side. This wouldn't be strange if the
> protocol was UDP, but since it is TCP, try using "default" instead.

More information about the Firehol-support mailing list