Disconnecting call for lack of RTP activity

Yes, you need to do this with all the traffic so you can mark it for the queues.

Prerouting is for when traffic is coming in to the interface to go through the router. Postrouting is for when traffic is leaving the router out an interface. This is done before any other routing / rules are processed such as going through queues.

No, you just need to mark the packet…

/ip firewall mangle
add action=mark-packet chain=prerouting comment="SIP Queue - QoS" in-interface=LAN01 new-packet-mark=SIP_IN passthrough=no src-address=192.168.88.252
add action=mark-packet chain=postrouting dst-address=192.168.88.252 new-packet-mark=SIP_OUT out-interface=LAN01 passthrough=no
add action=mark-packet chain=prerouting comment="All Traffic" src-address=!192.168.88.252 in-interface=LAN01 new-packet-mark=ALL_IN passthrough=no
add action=mark-packet chain=postrouting dst-address=!192.168.88.252 new-packet-mark=ALL_OUT out-interface=LAN01 passthrough=no

So that is a very simple example. The PBX is 192.168.88.252 and there are two prerouting and post routing rules for this. First prerouting rule is for any traffic sourcing from the PBX IP in to the router through LAN01. It marks all that traffic SIP_IN. The other prerouting rule is !192.168.88.252 (which means “NOT THIS”) so any traffic that is not the PBX IP will be marked as ALL_IN.

Same applies for the postrouting but the opposite. It will mark the packets destined for the PBX IP with SIP_OUT and all other traffic leaving the router over LAN01 as ALL_OUT.

Thanks for your help with this. I am going to disabled all my mangle rules as for now, so I can apply the rules you have suggested.

I had a question regarding this mangle, so your only marks are the PBX and other traffic. You don’t bother marking http, tcp-ack, dns, etc, correct?

My other question would be, what did you do as far as queues? A Queue tree, or a simple queue?

here are the changes that I did today, per your recommendations. I did queues as well, not sure if they’re correct though.

add action=mark-packet chain=prerouting in-interface=bridge-wan \
new-packet-mark=PBX_SIP_IN passthrough=no src-address=192.168.1.200
add action=mark-packet chain=prerouting in-interface=bridge-wan \
new-packet-mark=ALL_TRAFFIC_IN passthrough=no src-address=!192.168.1.200
add action=mark-packet chain=postrouting dst-address=192.168.1.1200 \
new-packet-mark=PBX_SIP_OUT out-interface=bridge-wan passthrough=no
add action=mark-packet chain=postrouting dst-address=!192.168.1.200 \
new-packet-mark=ALL_TRAFFIC_OUT out-interface=bridge-wan passthrough=no

31991×94 2.42 KB

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.