QoS and Port Forwarding Speedtouch 510v4

Disclaimer: I am not a QoS expert, but it works for me.

If like me you have a Thomsom / Alcatel Speedtouch 510 router that predates 2005, you've probably been a little frustrated at configuing the thing to work with Asterisk, or any SIP device for that matter.

The test configuration:

I have a single public static IP address, with several Windows PCs and Linux boxes behind NAT, an Asterisk server and a handful of Snom and Sipura devices. 2Mbps/256Kbps ADSL Demon Internet connection in the UK.

The problem:

Firmware versions up to 4.2.7 of the Speedtouch only seem to support up to 64 NAPT port forwards. It also doesn't allow you to forward port ranges. This causes huge problems in trying to have enough port forwards for the RTP ports for the Asterisk server.

The solution:

QoS Enabled Firmware version 4.3.2 - You can download it here: Speedtouch 510 Firmware

Warning


Make sure that you back up yor router configuration file before you proceed, because you are about to lose all your configuration and have to start from scratch, if the installation goes anything like mine. Have you got some other means of connecting to the web if the upgrade goes wrong? Firmware upgrades can and DO fail sometimes. I chose to test this on a spare router. Get a download of your old firmware version as well if you can, then at least you might have another chance to back out if something goes wrong.


Checklist

  • Router username and password
  • Connection usernames and passwords
  • Protocol Type - PPPoA or PPPoE ( PPPoA for me )
  • VPI / VCI Settings? ( 0,38 for me )
  • Internal IP ranges and Addresses
  • DHCP server?
  • NAPT Port forwards
  • user.ini router configuration file
  • have you printed out this page? You're going to be offline for a while!

Why upgrade?

Quite simply, the end result is exactly what I was looking for but could not find. The Speedtouch now supports IP QoS and port forwarding ranges - I can simultaneously make big downloads, run an FTP server and play online games without any major disruptions to VoIP traffic.

Configuration (needs more detail adding):


After making sure that you have a couple of spare hours ahead and an escape route to the internet if it all fails
  1. Add additional IP addresses to your workstation in the 10.0.0.0/24 subnet or 192.168.1.0/24 subnet if that's not what you're already using - the router will revert to this but more about that later.
  2. Install the upgrade to the router. You will probably lose your IP addresses.
  3. DO NOT POWER DOWN THE ROUTER UNTIL THE UPGRADE IS COMPLETE - you will destroy it if you do.
  4. Use the web browser of your choice to navigate to the router at 192.168.1.254 or 10.0.0.138 - whichever suits you.
  5. The username is Administrator and the password is blank.
  6. The user interface has all changed - take a few minutes to get to know the new layout. The new interface is slower, but we're going to take a few shortcuts by hacking the user.ini file.
  7. Select the Speedtouch tab on the left and go to "Configuration". There is a link at the bottom "Set Up" to get you going. You need the VPI/VCI settings and connection details.
  8. Once you have reconected to the net, go to the Toolbox tab->User management and change the Admin username password back to your remembered ones.
  9. Go back to Speedtouch->Configuration and Select "Save or restore Configuration" taking care not to overwrite your backup of the 4.2 firmware settings.
  10. If your NAT subnet is not the default then open the file in notepad and do a global search and replace of 192.168.1 for x.y.z where x.y.z your /24 subnet.
  11. Save the file again, browse to it in the UI and hit "Restore Configuration Now...". The IP address of the router will change and the browser will display "Page could not be displayed" or something like that. If the router is powered down at this stage it will go back to the default IP address and discard the changes made.
  12. Open up a command window and telnet into the NEW IP address of the router. Type "config save" and enter user.ini when prompted for the filename. Type exit and power down the router. Repower it after a few seconds.

By this stage you should have a working Speedtouch 510 with the new 4.3 firmware and your original IP addresses. You may now remove the extra IP addresses from your workstation.

If you're interested in the CLI interface for this look here for something very.. very.... similar (but not quite the same): Speedtouch v5 CLI Guide
Now for the QoS and port forwarding.

Backup the router config file again as described above.
Edit the file in notepad or vi and change the section label.ini to this


[ label.ini ]
add name=DSCP
add name=Interactive
add name=Management
add name=Video
add name=VoIP
add name=Bulk
add name=Peer2Peer
add name=Gaming
add name=default
modify name=DSCP classification=overwrite def ack
modify name=Interactive classification=increase def ack
modify name=Management classification=increase def ack
modify name=Video classification=increase def ack
modify name=VoIP classification=overwrite def ack bidirectional=enabled inheritance=enabled
modify name=Bulk classification=increase def ack
modify name=Peer2Peer classification=increase def ack
modify name=Gaming classification=increase def ack
modify name=default classification=increase def ack


Change the section expr.ini to this (you need to edit it slightly):

[ expr.ini ]
add name=wan type=intf intfgroup=wan
add name=local type=intf intfgroup=local
add name=lan type=intf intfgroup=lan
add name=tunnel type=intf intfgroup=tunnel
add name=dmz type=intf intfgroup=dmz
add name=guest type=intf intfgroup=guest
add name=private type=ip addr=10.0.0.0/8
add name=private type=ip addr=172.[16-31].*.*
add name=private type=ip addr=192.168.x.0/24 <------Change to your IP range
add name=ssdp_ip type=ip addr=239.255.255.250
add name=mdap_ip type=ip addr=224.0.0.103
add name=icmp type=serv proto=icmp
add name=igmp type=serv proto=igmp
add name=ftp type=serv proto=tcp dstport=ftp
add name=telnet type=serv proto=tcp dstport=telnet
add name=http type=serv proto=tcp dstport=www-http
add name=httpproxy type=serv proto=tcp dstport=httpproxy
add name=https type=serv proto=tcp dstport=443
add name=RPC type=serv proto=tcp dstport=135
add name=NBT type=serv proto=udp dstport=netbios-ns
add name=NBT type=serv proto=udp dstport=netbios-dgm
add name=NBT type=serv proto=tcp dstport=netbios-ssn
add name=SMB type=serv proto=tcp dstport=445
add name=imap type=serv proto=tcp dstport=imap2
add name=imap3 type=serv proto=tcp dstport=imap3
add name=imap4-ssl type=serv proto=tcp dstport=585
add name=imaps type=serv proto=tcp dstport=993
add name=pop2 type=serv proto=tcp dstport=pop2
add name=pop3 type=serv proto=tcp dstport=pop3
add name=pop3s type=serv proto=tcp dstport=995
add name=smtp type=serv proto=tcp dstport=smtp
add name=ssh type=serv proto=tcp dstport=22
add name=dns type=serv proto=tcp dstport=dns
add name=dns type=serv proto=udp dstport=dns
add name=nntp type=serv proto=tcp dstport=nntp
add name=ipsec type=serv proto=ah
add name=ipsec type=serv proto=esp
add name=ipsec type=serv proto=udp dstport=ike
add name=ipsec type=serv proto=udp dstport=4500
add name=esp type=serv proto=esp
add name=ah type=serv proto=ah
add name=ike type=serv proto=udp dstport=ike
add name=DiffServ type=serv dscp=!cs0
add name=h323 type=serv proto=tcp dstport=h323
add name=h323 type=serv proto=udp dstport=h323
add name=h323 type=serv proto=tcp dstport=1718
add name=h323 type=serv proto=udp dstport=1718
add name=h323 type=serv proto=tcp dstport=1719
add name=h323 type=serv proto=udp dstport=1719
add name=dhcp type=serv proto=udp dstport=bootpc
add name=dhcp type=serv proto=udp dstport=bootps
add name=rtsp type=serv proto=udp dstport=rtsp
add name=rtsp type=serv proto=tcp dstport=rtsp
add name=ssdp_serv type=serv proto=udp dstport=1900
add name=mdap_serv type=serv proto=udp dstport=3235
add name=syslog type=serv proto=udp dstport=syslog
add name=sip type=serv proto=udp dstport=sip <--------- Sipura fallback
add name=sip type=serv proto=tcp dstport=sip
add name=sip_Asterisk type=serv proto=tcp dstport=5080 <--------- Asterisk
add name=sip_Asterisk type=serv proto=udp dstport=5080
add name=RTP_Asterisk type=serv proto=udp dstport=17000 dstportend=17999 <--------- Asterisk
add name=RTP_Sipura type=serv proto=udp dstport=16384 dstportend=16482
add name=VNC type=serv proto=udp dstport=5900 dstportend=5999
add name=BitTorrent type=serve proto=tcp dstport=6881 dstportend=6889
add name=sntp type=serve proto=tcp dstport=123 dstportend=123
add name=Steam1 type=serve proto=udp dstport=27000 dstportend=27015
add name=Steam2 type=serve proto=tcp dstport=27030 dstportend=27039
add name=Steam3 type=serve proto=udp dstport=1200

It's important to set your own IP range above. You must remove the <-------- comments above. Note that you'll see my Asterisk RTP ports as defined in rtp.conf are 17000-17999 and that my server listens on port 5080 instead of the usual 5060. Change these to suit. You may have also noticed that I play Couterstrike Source sometimes.

Next, go to the section labelrule.ini and replace it with this:


[ labelrule.ini ]
chain add chain=rt_user_labels
chain add chain=rt_default_labels
chain add chain=qos_user_labels
chain add chain=qos_default_labels
rule add chain=qos_default_labels index=1 serv=DiffServ log=disabled state=enabled label=DSCP
rule add chain=qos_default_labels index=2 serv=h323 log=disabled state=enabled label=VoIP
rule add chain=qos_default_labels index=3 serv=sip log=disabled state=enabled label=VoIP
rule add chain=qos_default_labels index=4 serv=sip_Asterisk log=disabled state=enabled label=VoIP
rule add chain=qos_default_labels index=5 serv=RTP_Asterisk log=disabled state=enabled label=VoIP
rule add chain=qos_default_labels index=6 serv=RTP_Sipura log=disabled state=enabled label=VoIP
rule add chain=qos_default_labels index=7 serv=ah log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=8 serv=esp log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=9 serv=http log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=10 serv=httpproxy log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=11 serv=https log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=12 serv=imap log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=13 serv=imap3 log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=14 serv=imap4-ssl log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=15 serv=imaps log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=16 serv=pop2 log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=17 serv=pop3 log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=18 serv=pop3s log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=19 serv=smtp log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=20 serv=telnet log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=21 serv=dns log=disabled state=enabled label=Management
rule add chain=qos_default_labels index=22 serv=icmp log=disabled state=enabled label=Management
rule add chain=qos_default_labels index=23 serv=ike log=disabled state=enabled label=Management
rule add chain=qos_default_labels index=24 serv=igmp log=disabled state=enabled label=Video
rule add chain=qos_default_labels index=25 serv=rtsp log=disabled state=enabled label=Video
rule add chain=qos_default_labels index=26 serv=VNC log=disabled state=enabled label=Interactive
rule add chain=qos_default_labels index=27 serv=ftp log=disabled state=enabled label=Bulk
rule add chain=qos_default_labels index=28 serv=BitTorrent log=disabled state=enabled label=Peer2Peer
rule add chain=qos_default_labels index=29 serv=sntp log=disabled state=enabled label=Management
rule add chain=qos_default_labels index=30 serv=Steam1 log=disabled state=enabled label=Gaming
rule add chain=qos_default_labels index=31 serv=Steam2 log=disabled state=enabled label=Gaming
rule add chain=qos_default_labels index=32 serv=Steam3 log=disabled state=enabled label=Gaming
rule add chain=qos_default_labels index=33 name=default srcintf=!wan log=disabled state=enabled label=default


You might want to add this too, it makes the event logs easier to figure out.

[ sntpc.ini ]
add name=ntp1.yourisp.co.uk version=3
add name=ntp2.yourisp.co.uk version=3
config poll=60 pollpresync=60
config state=enabled

after changing yourisp to something appropriate

IMPORTANT
You must REMOVE this line from connection.ini otherwise it tries to redirect SIP to a FXS port that the router does not have (the FXS port exists only in the Speedtouch 716)

bind application=SIP port=5060-5060


Devices on your LAN


Next,

If you don't want to wait half an hour for your router to detect all the devices on the network then go to hostmgr.ini and add any devices the router has not yet found on your network, e.g.


[ hostmgr.ini ]
config state=enabled scantime=30 autosave=disabled trace=disabled
add mac_addr=00:04:13:xx:xx:xx ip_addr=192.168.123.66 name=Snom-190 type=phone ipintf=LocalNetwork
add mac_addr=00:0e:08:xx:xx:xx ip_addr=192.168.123.31 name=Sipura-SPA-3000 type=phone ipintf=LocalNetwork
add mac_addr=00:0e:08:xx:xx:xx ip_addr=192.168.123.64 name=Sipura-SPA-841 type=phone ipintf=LocalNetwork
add mac_addr=00:10:xx:xx:xx:xx ip_addr=192.168.123.30 name=Axgate type=desktop_computer ipintf=LocalNetwork
add mac_addr=00:11:xx:xx:xx:xx ip_addr=192.168.123.1 name=Eldborg type=desktop_computer ipintf=LocalNetwork
add mac_addr=00:30:xx:xx:xx:xx ip_addr=192.168.123.65 name=Hekla type=desktop_computer ipintf=LocalNetwork


tip: you can find out the MAC address of any device by pinging it and then typing arp -a at the command prompt.

Upload the newly edited file back into your router and wait for it to reboot.

We're nearly done.


Use the web browser to connect to your router again and go to the "Home Network" tab and choose "Create a new game or application".

tip: the Web Console does not allow spaces in application names.
Choose "Manual Entry of Ports" and hit "Next"
Type in Asterisk and key in your ports
e.g.

ANY 5060 to 5060......... Add
UDP 17000 to 17999........ Add (change to your RTP ports as defined in rtp.conf and RTP_Asterisk above)

Go to the toolbox tab and choose "Game and Application Sharing". Click on Asterisk. Choose Asterisk from the dropdown and simply point it at your server.

(Repeat the above application sharing for any standalone phones not running through your server and games etc).

That's it!


Now you too should be able to have three calls in the queue whilst playing CSS online ;)

To prove that it works


telnet into the router

type "ipqos queue stats"
and you'll see something like this:

Name Queue # packets # packets # packets # packets # packets Marking
added marked removed dropped replaced
pvc_Internet 0 833 0 833 0 0 0%
1 0 0 0 0 0 0%
2 251 0 251 0 0 0%
3 2 0 2 0 0 0%
4 183 0 183 0 0 0%
5 30 0 30 0 0 0%



Make a call to your incoming SIP account and type the command again:


Name Queue # packets # packets # packets # packets # packets Marking
added marked removed dropped replaced
pvc_Internet 0 1398 0 1398 0 0 0%
1 0 0 0 0 0 0%
2 251 0 251 0 0 0%
3 7 0 7 0 0 0%
4 187 0 187 0 0 0%
5 386 0 386 0 0 0%


You'll notice that Queue 5 takes most of the RTP packets. Those that escape through other queues are probably because you've forgotten to disable UPnP.

and after a day

Name Queue # packets # packets # packets # packets # packets Marking
added marked removed dropped replaced
pvc_Internet 0 179859 0 179859 485 25 0%
1 23856 0 23743 115 2 0%
2 15834 0 15834 2 1 0%
3 198 0 198 0 0 0%
4 17745 0 17745 0 0 0%
5 1967385 0 1967385 0 0 0%


You may want to experiment with the "ipqos config" command to change the QoS level from "wfq" to "strict" if this isn't good enough, but everything so far should give you a working QoS implementation. Now, what about the Linux iptables......

Good Luck!

P.S. In case you're wondering why I have mappings for my Sipura SPA-3000 separate to the Asterisk server, it also simultaneously logs on to sipgate.co.uk in case my Asterisk server fails or is being reconfigured. It rings once on the SPA-3000, and then if Asterisk is running it goes into my ACD agent queues. It continues to ring if Asterisk is not running.

Potential Problems

I came across another Speedtouch 510 that continually rebooted after adding several port mappings. The problem seems to be that the 4.3 version of the firmware uses too much of the router's memory. Delete some of the unnecessary game definitions from the service.ini section of the user.ini file to cure the problem.

Related Routers

Speedtouch 716 / 716 v5 WL
BT Home Hub as FXS
Created by: birdwes, Last modification: Thu 27 of Nov, 2008 (08:48 UTC)


Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+

Page Changes | Comments

 

Featured -

Search: