Filter.inc error to build route-to gateway on rules



  • Hi,

    For me the line 1317 of filter.inc of pfsense 2009 Feb 08 01:49:12 it is bad.
    It put the pfsense's interface name into the pf rule.

    A better code is:
    $int = get_real_interface($GatewaysList[$gateway]['interface']);

    The gatewayGroup on rules is bad too.

    Fix it!
    Thanks



  • Should be fixed in next snapshot.  Thanks



  • Hello,

    @sullrich:

    Should be fixed in next snapshot.  Thanks

    Same here, and waiting for next snap, however, snap server again doesn't seems to be working. I don't know how much about snap server but it's been something different than it used to be.

    So, when is the next snap available? I know your tell me it's available when it's ready, but it's not the point.

    cheers,



  • I upgrade to

    2.0-ALPHA-ALPHA
    built on Wed Feb 18 19:10:34 EST 2009
    FreeBSD 7.1-RELEASE-p2

    but it is not fixed.



  • The error please.



  • Filter.inc build this route-to pf rule:
    pass …. route-to ( wan ip.ip.ip.ip ) ...

    with this pf doesn't work.

    I changed the filter.inc's sintax so the pf's rule becomes:
    pass .... route-to ( re3 ip.ip.ip.ip ) ...

    and then pf work.

    my filter.inc code is this
    /* if user has selected a custom gateway, lets work with it /
    else if($rule['gateway'] <> "") {
    $routeto = " route-to { ";
    $gateway = $rule['gateway'];
    update_filter_reload_status("Creating gateway group item…");
    if(is_array($GatewayGroupsList[$gateway])) {
    /
    $gateway = $rule['gateway']; /
    $members = $GatewayGroupsList[$gateway];
    $member_count = count($members);
    foreach($members as $member) {
    $int = get_real_interface($member['int']);
    $gatewayip = $member['gwip'];
    if (($int <> "") && is_ipaddr($gatewayip)) {
    if($g['debug'])
    log_error("Setting up route with {$gatewayip} om $int");
    if($foundlb == 1)
    $routeto .= ", ";
    $routeto .= "( {$int} {$gatewayip} ) ";
    $foundlb = 1;
    } else {
    log_error("An error occurred while trying to find the interface got $gatewayip .  The rule has not been added.");
    }
    }
    /
    If we want failover just use route-to else round-robin /
    if($member_count == 1) {
    $routeto .= "} ";
    } else {
    $routeto .= "} round-robin ";
    if(isset($config['system']['lb_use_sticky']))
    $routeto .= " sticky-address ";
    }
    /
    Add the load balanced gateways /
    if ($foundlb == 1) {
    $aline['route'] = $routeto;
    }
    }
    /
    we're not using load balancing, just setup gateway /
    if($foundlb == 0) {
    /
    $gateway = $rule['gateway']; */
    if(!is_ipaddr($gateway)) {
    $gwip = $GatewaysList[$gateway]['gateway'];
    if ($GatewaysList[$gateway]['interface'])
    $int = get_real_interface($GatewaysList[$gateway]['interface']);
    else
    $int = "";
    } else {
    $gwip = $gateway;
    $int = guess_interface_from_ip($gateway);
    }
    if ((is_ipaddr($gwip)) && ($int <> "")) {
    $aline['route'] = " route-to ( {$int} {$gwip} ) ";
    } else {
    log_error("Could not find gateway ({$gateway}) for rule {$rule['descr']} - {$rule['interface']}.");
    }
    }
    }



  • Can you retry with the newest snapshots again?



  • 2.0-ALPHA-ALPHA
    built on Mon Mar 9 15:36:02 EDT 2009
    FreeBSD 7.1-RELEASE-p3

    Not work.

    The gateway route-to into the rules.debug is wrong.

    I am quite disappointed.



  • Well since the hackathon is in place -> hackathon.pfsense.org it will be reviewed and i think next week it should be functional.


Log in to reply