Code changes to mostly support inferface alias CARP in 1.2.2 - Dumb?



  • Sorry for the lengthy subject.  Basically, I need the "one interface, multiple subnets" setup, can't use VLANs, and need to use CARP (need failover and L2 responsiveness), and can't wait for 2.0.  The shellcmd fix in http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf got the alias in place, but the CARP "Are you in a valid subnet?" check only checks against the subnets in the interface section of the $config.

    So… I made changes to deal with this... and I'd like to know if these are dumb, or if I'm being reasonable.

    Using the PHP Shell, I added:

    $GLOBALS['config']['interfaces']['wan']['ifalias'] = 'xx.xx.xx.xx/27';

    and then in /usr/local/www/firewall_virtual_ip_edit.php, and in /etc/inc/interfaces.inc added code like:

    if (array_key_exists('ifalias', $config['interfaces'][$if])) {
        $ww_alias = $config['interfaces'][$if]['ifalias'];
        list($ww_alias_ip,$ww_alias_bits) = explode("/",$ww_alias);
        if (ip_in_subnet($vip['subnet'], gen_subnet($ww_alias_ip, $ww_alias_bits) . "/" . $ww_alias_bits))
              $found = true;
    }

    Though it's $_POST and not $vip in /usr/local/www/firewall_virtual_ip_edit.php.

    So, if this is non-dumb, I'd probably change the ['ifalias'] to ['alias'] since the system explodes that into an array, letting me add multiple aliases to an interface and change the above code snip to loop through the aliases.  Obviously this is not ideal, as it's a hack, but is there something I'm missing here?  At the very least, this allows me to create CARP VIPs in the WAN like I need, and they seem addressable, etc.  I'm a little nervous messing with the core files and am looking for validation for my totally unsupported change. :)


Log in to reply