Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Code changes to mostly support inferface alias CARP in 1.2.2 - Dumb?

    Scheduled Pinned Locked Moved Development
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cloverleaf
      last edited by

      Sorry for the lengthy subject.  Basically, I need the "one interface, multiple subnets" setup, can't use VLANs, and need to use CARP (need failover and L2 responsiveness), and can't wait for 2.0.  The shellcmd fix in http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf got the alias in place, but the CARP "Are you in a valid subnet?" check only checks against the subnets in the interface section of the $config.

      So… I made changes to deal with this... and I'd like to know if these are dumb, or if I'm being reasonable.

      Using the PHP Shell, I added:

      $GLOBALS['config']['interfaces']['wan']['ifalias'] = 'xx.xx.xx.xx/27';

      and then in /usr/local/www/firewall_virtual_ip_edit.php, and in /etc/inc/interfaces.inc added code like:

      if (array_key_exists('ifalias', $config['interfaces'][$if])) {
          $ww_alias = $config['interfaces'][$if]['ifalias'];
          list($ww_alias_ip,$ww_alias_bits) = explode("/",$ww_alias);
          if (ip_in_subnet($vip['subnet'], gen_subnet($ww_alias_ip, $ww_alias_bits) . "/" . $ww_alias_bits))
                $found = true;
      }

      Though it's $_POST and not $vip in /usr/local/www/firewall_virtual_ip_edit.php.

      So, if this is non-dumb, I'd probably change the ['ifalias'] to ['alias'] since the system explodes that into an array, letting me add multiple aliases to an interface and change the above code snip to loop through the aliases.  Obviously this is not ideal, as it's a hack, but is there something I'm missing here?  At the very least, this allows me to create CARP VIPs in the WAN like I need, and they seem addressable, etc.  I'm a little nervous messing with the core files and am looking for validation for my totally unsupported change. :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.