Bandwidthd with postgresql & Multiple Interfaces.. Sanity check please
I'm a newbie here so I hope I'm not posting this out of turn, if so please forgive and be nice.
I'm also quite new to both pfsense and the whole open source software thing. That's one of the many reasons I'm looking for a bit of a sanity check on some work I've done.
In a test system (vmware server) I have Bandwidthd running with postgresql support monitoring multiple interfaces in pfSense. It seems to be working and stable but I'm none to keen to replicate this on my internet facing device without some feedback from someone who knows the product considerably better than I do just in case I have somehow compromised security.
How ? A very long story cut short (I'd be happy to share detail with anyone interested).
Built a donor virtual FreeBSD 7.2 server and installed pre-requisites to enable me to compile Bandwidthd with postgresql support.
Built a virtual pfSense 1.2.3-Release box and installed the Bandwidthd package
Copied the compiled binary (bandwidthd) to the pfSense box. Tried to run it and it complained about missing libraries. Copied each one of those from the donor FreeBSD machine to the pfSense box until Bandwidthd ran. I have all the detail but I'm trying to keep this post short.
Tested it and it works, writing data captured on the pfSense machine to postgresql on the donor FreeBSD machine.
Multiple interfaces seems to require multiple copies of bandwidthd to be running in different locations with their own config files, not much of an issue as when it is writing to postgresql and not creating local html it doesn't seem to take too much system resource. The only challenge is that to have a uniqe pid file for each copy you need to make small changes to the source and compile different binaries as it doesn't seem to accept an argument for pidfile on startup.
The above combined with a couple of startup scripts all seems to hang together on the face of it.
Have I broken anything ?
PS.. pfSense is the best free software I've ever had the pleasure to use, thanks to the creators/maintainers.
Looks like you did most of the hard stuff already. You might consider trying to compile Bandwidthd statically so that it doesn't have the extra library requirements. Beyond that, the major considerations are:
Be aware of resource consumption on your firewall. I don't know how many interfaces you're running on each firewall or how busy those firewalls are, but bandwidthd could easily start using up a lot of resources if you're on a super busy network. Nothing here should be deal breaker, but definitely keep an eye on it.
Consider how much data you may end up writing to your Postgres box under heavy load. I rather doubt this is a huge deal because you're bound to have bandwidth to spare on your LAN, but again, just something to watch out for under heavy load.
Consider adding patches to the existing pfSense package to enabled postgres (or mysql) offloading so that more people can use and enhance your solution. The added value to this is that you may not have to re-invent the wheel when 2.0 comes out.
I look forward to seeing how this goes. Great job!
Thanks for taking the time to respond.
Working on your suggestions.
Watch this space