How can you run traffic shaping without the firewall enabled?

  • I have a gateway router running PFSense 1.2-RC2 which is multi-homed to 4 upstream ISP via BGP and 3 Internal network with a /24, a /26 and a /27 blocks.

    We have a big VoIP network and I'd fiddled around with static-port/NAT AON but the RTP stream is still not passing properly with the firewall enabled - getting the infamous VoIP 1 Way-Audio on all calls. Port 5060/5061 seems fine i.e. static port maps it correctly.

    firewall setup is really basic -Block RFC1918 and let everything else pass thru b/w all interfaces. We dont need to do NAT since all IPs are public (including the Internal Network) and the servers farm does its own firewalling, so essentially i can do without the FW on the gateway

    But I really want to be able to use ALTQ to shape and police the traffic. Can this be accomplished? Any insight would be much appreciated.


  • ok  ..pretty much figured it out  ..she's up and running