Base Operating System Configuration
Essentially all of the basic configuration of the OS can be accomplished by editing /etc/rc.conf, which is referenced at boot time to establish many operational settings. If you’re using Astlinux as your router, then the setup options for PPPoE, IP address, net mask, DHCP, DNS, NTP and traffic shaping are all in this one file. Early in my experiments with Asterisk, I used vi to edit config files by hand; I’m now in the habit of editing the config files from my Windows desktop using SSH and SFTP clients. The base config in rc.conf can easily be handled using either approach.
Astlinux provides two basic operating modes: one in which it provides a bundled routing and firewall solution, and a second “Asterisk-Only” mode that disables the router and firewall functions. The mode is selected through the use of the variable INTIF in the file /etc/rc.conf. If this variable is defined, then the system starts all the services necessary to support the routing and firewall capabilities; if it’s removed or remarked out, then these services are not started. The core services of SSH, HHTPd, NTPd, FTP, TFTP and of course Asterisk itself always remain fully functional.
Astlinux versions prior to 0.29 default to enabling the router and firewall capability, while from 0.29 onward the default configuration is the Asterisk-Only mode. This change in default reflects the fact that Kristian listens closely to the user community. Non-technical users will find that the firewall and router included along side the Asterisk installation provide an efficient bundle of capabilities with minimal hardware and administrative requirements. More technical users typically find that they need deeper or more convenient administrative control of the firewall.
The heart of Astlinux routing capabilities is the Linux iptables firewall. The basic setup of the router is established in /etc/rc.conf through the following variables:
When IP set via DHCP from ISP:
EXTIF=eth0 #defines the physical Ethernet interface
INTIF=eth1 #enables the router & firewall
PPPOEUSERfirstname.lastname@example.org #PPP username for your ISP
PPPOEPASS=”mypassword” #PPP password
INTIP=192.168.101.1 #IP address of the internal NIC
INTNM=255.255.255.0 #Netmask for internal LAN
DOMAIN=”astlinux” #Domain name for the server
HOSTNAME=”pbx” #Hostname for the server
When IP is static: #setting that should be rem’d out when EXTIP set via DHCP
EXTIP=”your.ip.address.x” #External IP address presented to ISP
EXTNM=”255.255.255.0″ #External netmask
EXTGW=”your.default.gw.ip” #External default gateway
DNS=”your.isps.dns.svr” #DNS server
Quality Of Service
In Astlinux, the author makes no attempt to provide a user interface to iptables. He does, however, provide a traffic shaping script for iptables, which provides a routing and firewall solution with a “quality of service” (QoS) scheme designed to address the VoIP application. Management of network QoS is critical in any VoIP installation, as the voice packets must receive top priority network passage; otherwise, phone calls will cough and stutter unacceptably. The QoS scheme is based upon the following two configuration variables in /etc/rc.conf:
EXTUP=”540″ #90% of the measured upload speed in kbps
EXTDOWN=”2200″ #90% of the measured download speed in kbps
The QoS scheme in Astlinux is based upon the “DiffServ” standard. This involves setting a “type of service” priority tag in all IP traffic. Routers can then assign priority to packets by evaluating the tags present in the data streams. The Astlinux QoS script works in conjunction with the Asterisk configurations to pass at the highest priority all traffic with the QoS tag set to tos=0x18.This is established in the Asterisk config files SIP.CONF and IAX.CONF. The 0x18 setting denotes “low delay” and “high throughput.”
In practice, QoS is especially critical on asymmetrical data circuits such as my ADSL service. Without careful QoS management, any uploads (such as FTP) that were going on could completely consume the available outbound bandwidth. If this occurred, then any call would sound crackly and broken up to the other party. With QoS correctly managed, the data rate available to the FTP upload is automatically slowed down when a call occurs, and the other party never knows that I use an IP based phone system at all.
For more details about QoS please visit the VoIP Wiki.
In my office, I decided to stick with my trusty m0nowall router running on a Soekris Net4501. As such, I kept Astlinux in Asterisk-only mode and beyond some simple testing, did not make use of its routing or QoS capabilities.