Filter.inc error to build route-to gateway on rules

DeepKnowledge · Feb 11, 2009, 6:39 PM

Hi,

For me the line 1317 of filter.inc of pfsense 2009 Feb 08 01:49:12 it is bad.
It put the pfsense's interface name into the pf rule.

A better code is:
$int = get_real_interface($GatewaysList[$gateway]['interface']);

The gatewayGroup on rules is bad too.

Fix it!
Thanks

sullrich · Feb 14, 2009, 9:50 PM

Should be fixed in next snapshot. Thanks

nocer · Feb 15, 2009, 4:10 AM

Hello,

@sullrich:

Should be fixed in next snapshot. Thanks

Same here, and waiting for next snap, however, snap server again doesn't seems to be working. I don't know how much about snap server but it's been something different than it used to be.

So, when is the next snap available? I know your tell me it's available when it's ready, but it's not the point.

cheers,

DeepKnowledge · Feb 19, 2009, 10:53 AM

I upgrade to

2.0-ALPHA-ALPHA
built on Wed Feb 18 19:10:34 EST 2009
FreeBSD 7.1-RELEASE-p2

but it is not fixed.

eri-- · Feb 19, 2009, 11:12 PM

The error please.

DeepKnowledge · Feb 20, 2009, 8:34 AM

Filter.inc build this route-to pf rule:
pass …. route-to ( wan ip.ip.ip.ip ) ...

with this pf doesn't work.

I changed the filter.inc's sintax so the pf's rule becomes:
pass .... route-to ( re3 ip.ip.ip.ip ) ...

and then pf work.

my filter.inc code is this
/* if user has selected a custom gateway, lets work with it /
else if($rule['gateway'] <> "") {
$routeto = " route-to { ";
$gateway = $rule['gateway'];
update_filter_reload_status("Creating gateway group item…");
if(is_array($GatewayGroupsList[$gateway])) {
/ $gateway = $rule['gateway']; /
$members = $GatewayGroupsList[$gateway];
$member_count = count($members);
foreach($members as $member) {
$int = get_real_interface($member['int']);
$gatewayip = $member['gwip'];
if (($int <> "") && is_ipaddr($gatewayip)) {
if($g['debug'])
log_error("Setting up route with {$gatewayip} om $int");
if($foundlb == 1)
$routeto .= ", ";
$routeto .= "( {$int} {$gatewayip} ) ";
$foundlb = 1;
} else {
log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added.");
}
}
/ If we want failover just use route-to else round-robin /
if($member_count == 1) {
$routeto .= "} ";
} else {
$routeto .= "} round-robin ";
if(isset($config['system']['lb_use_sticky']))
$routeto .= " sticky-address ";
}
/ Add the load balanced gateways /
if ($foundlb == 1) {
$aline['route'] = $routeto;
}
}
/ we're not using load balancing, just setup gateway /
if($foundlb == 0) {
/ $gateway = $rule['gateway']; */
if(!is_ipaddr($gateway)) {
$gwip = $GatewaysList[$gateway]['gateway'];
if ($GatewaysList[$gateway]['interface'])
$int = get_real_interface($GatewaysList[$gateway]['interface']);
else
$int = "";
} else {
$gwip = $gateway;
$int = guess_interface_from_ip($gateway);
}
if ((is_ipaddr($gwip)) && ($int <> "")) {
$aline['route'] = " route-to ( {$int} {$gwip} ) ";
} else {
log_error("Could not find gateway ({$gateway}) for rule {$rule['descr']} - {$rule['interface']}.");
}
}
}

eri-- · Feb 28, 2009, 11:45 PM

Can you retry with the newest snapshots again?

DeepKnowledge · Mar 10, 2009, 9:06 AM

2.0-ALPHA-ALPHA
built on Mon Mar 9 15:36:02 EDT 2009
FreeBSD 7.1-RELEASE-p3

Not work.

The gateway route-to into the rules.debug is wrong.

I am quite disappointed.

eri-- · Mar 10, 2009, 8:47 PM

Well since the hackathon is in place -> hackathon.pfsense.org it will be reviewed and i think next week it should be functional.