Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dance with me- pfSense load banlancing 10 lines ADSL with 2 network card

    Routing and Multi WAN
    5
    10
    9837
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chinhd-vn last edited by

      the title tells it all

      Lan <===> pfSense <===> Switch <===> ADSL1,ADSL2,..ADSL10

      all my jod is editing the  code

      ===================================

      1. /usr/local/www/load_balancer_pool_edit.php
        how we add new router IP to a pool
      • line : 87 :check the input of router IP
        find==> if(!is_ipaddr($split_ip[1]))
        $input_errors[] = "{$split_ip[1]} is not a valid IP address.";
        add==> if(isset($split_ip[2]) && !is_ipaddr($split_ip[2]) )
        $input_errors[] = "{$split_ip[2]} is not a valid IP address.";
      • line 340: add text box for router :
        find==>

      Note: Some gateways have ping capability disabled.

      add ==>
      Router IP

      Note: This is router IP where packet will be sent to pass internet.
      Only use when you have mutil router connect same interface.

      2. /usr/local/www/pool.js

      +line 52
      find ==>
      var ServerPort = IntOrIp.value;
      if(form.type.selectedIndex == 0)
      var ServerPort = IntOrIp.value;
      else
      replace ==>
      var ServerPort = IntOrIp.value + "|" + form.monitorip.value;
      with ==>
      if ( form.routerip.value) {
      var ServerPort = IntOrIp.value + "|" + form.routerip.value + "|" + form.monitorip.value;
      }
      else
           { var ServerPort = IntOrIp.value + "|" + form.monitorip.value; }

      1. /usr/local/www/load_balancer_pool.php
      • line 143 : repair the display of new pool
        find==> if ($vipent['type'] == "gateway") {
                           foreach ((array) $vipent['servers'] as $server) {
                                           $svr = split("|", $server);
            replace ==> echo "{$svr[1]}
        ";
        with ==>
        if (isset($svr[2])) {echo "{$svr[1]}|{$svr[2]}
        ";}
        else {echo "{$svr[1]}
        ";}
      1. /usr/local/www/status_slbd_pool.php
      • line 90 : repair the display of new pool
        find ==> foreach ((array) $vipent['servers'] as $server) {
                                                $svr = split("|", $server);
                        replace== >             PRINT " {$svr[0]} ";
                        with ==>
        if (isset($svr[2])) {
                                      PRINT " {$svr[0]}|{$svr[1]} ";
                                                }
                                else {PRINT " {$svr[0]} ";};

      • line 109 : repair the IP of monitor . Before : wan|222.222.222.222 and now : wan|192.168.1.1|222.222.222.222 so we need fix it
        find ==> foreach ((array) $vipent['servers'] as $server) {
        $lastchange = "";
                                $svr = split("|", $server);
                        replace ==> $monitorip = $svr[1];
                        with ==>
        if(isset($svr[2])){
        $monitorip = $svr[2];
        } else {$monitorip = $svr[1];};

      1. /etc/inc/vslb.inc
      • line 120 :
        find ==>
        foreach ($vspool['servers'] as $lbsvr) {
        $lbsvr_split=split("|", $lbsvr);
        add ==>
        if (isset($lbsvr_split[2])) {
        $lbsvr_split_1_copy=$lbsvr_split[2];
        }
        else {$lbsvr_split_1_copy=$lbsvr_split[1];};
      • line l30
        find ==>
        /* Add static routes to the monitor IPs */
        $int = convert_friendly_interface_to_real_interface_name($lbsvr_split[0]);
        $gateway = get_interface_gateway($int);
        add ==> if (isset($lbsvr_split[2])) {
        $gateway = $lbsvr_split[1];
        }
      • line 141
        find ==>
        mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1");
        mwexec("/sbin/route add -host {$lbsvr_split[1]} 127.0.0.1 1> /dev/null 2>&1");
        } else {
        mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1");
        mwexec("/sbin/route add -host {$lbsvr_split[1]} {$gateway} 1> /dev/null 2>&1");
        }
        edit ==> */
        mwexec("/sbin/route delete -host {$lbsvr_split_1_copy} 1>/dev/null 2>&1");
        mwexec("/sbin/route add -host {$lbsvr_split_1_copy} 127.0.0.1 1> /dev/null 2>&1");
        } else {
        mwexec("/sbin/route delete -host {$lbsvr_split_1_copy} 1>/dev/null 2>&1");
        mwexec("/sbin/route add -host {$lbsvr_split_1_copy} {$gateway} 1> /dev/null 2>&1");
        }
      1. /etc/inc/filter.inc : the most impotance
      • line 1620
        find ==> if($g['debug'])
        log_error("There are no servers found in the status file, using XML config settings!");
        foreach ($lb['servers'] as $lbsvr) {
        $lbsvr_split = split("|", $lbsvr);
        replace ==> $lbs[] = $lbsvr_split[1];
        with ==>
        if(isset($lbsvr_split[2])){
        $lbs[] = $lbsvr_split[2];
        } else {$lbs[] = $lbsvr_split[1];};

      • line 1636
        find ==> if($g['debug'])
        log_error("There is no server status file, using XML config settings!");
        $lbs = array();
        foreach ($lb['servers'] as $lbsvr) {
        $lbsvr_split = split("|", $lbsvr);
        replace==> $lbs[] = $lbsvr_split[1];
        with ==> if(isset($lbsvr_split[2])){
        $lbs[] = $lbsvr_split[2];
        } else {$lbs[] = $lbsvr_split[1];};

      • line 1653
        find ==> foreach ($lb['servers'] as $lbsvr) {
        $lbsvr_split=split("|", $lbsvr);
        $lbconfig['gateway'][$l] = $lbsvr_split[0];
        replace==> $lbconfig['monitor'][$l] = $lbsvr_split[1];
        with ==>
        if(isset($lbsvr_split[2])){
        $lbconfig['monitor'][$l] = $lbsvr_split[2];
        $lbconfig['router'][$l] = $lbsvr_split[1];
        /$lbconfig['gateway'][$l] = $lbsvr_split[1];/
        }
        else {$lbconfig['monitor'][$l] = $lbsvr_split[1];
          $lbconfig['router'][$l] = "";
        };

      • line 1681
        find ==> } else if(interface_has_gateway($lbconfig['gateway'][$l])) {
        $int = convert_friendly_interface_to_real_interface_name($lbconfig['gateway'][$l]);
        replace==> $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
        with ==>
        if ($lbconfig['router'][$l] == "") {
        $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
        } else {
        $gateway = $lbconfig['router'][$l];
        };

      1. /usr/local/wwwfirewall_rules_edit.php
      • line 787
        find ==> foreach($gateways as $gw) {
        if($gw == "")
        continue;
        if($gw == $pconfig['gateway']) {
        $selected = " SELECTED";
        } else {
        $selected = "";
        }
        if ($gw == "default") {
        echo "<option value="&quot;&quot;" {$selected}="">{$gw}</option>\n";
        } else {
        echo "<option value="&quot;{$gw}&quot;" {$selected}="">{$gw}</option>\n";
        }
        }

      add ==>
      if(is_array($config['load_balancer']['lbpool'])) {
      foreach($config['load_balancer']['lbpool'] as $lb) {
      if($lb['name'] == "")
      continue;
      foreach ( $lb['servers'] as $server) {
                                         $svr = split("|", $server);

      if (isset($svr[2])) {
      echo "<option value="&quot;{$svr[1]}&quot;" selected="">{$svr[1]}</option>\n";
      }
      else {
      echo "<option value="&quot;{$svr[0]}&quot;" selected="">{$svr[0]}</option>\n";
      };
      ;}

      }
      }

      1 Reply Last reply Reply Quote 0
      • C
        chinhd-vn last edited by

        sry but i spent only 1 day for learning PHP and editing the pfsense code . It's working now but need test for someday.

        I havent edited the firewall rule jet. Need some one help me for edit gateway for new rule

        Pfsense is great. Thanks so much for development team

        some pics

        1 Reply Last reply Reply Quote 0
        • P
          Perry last edited by

          Hmm… A switch with vlan support sounds much easier to me  ::)

          1 Reply Last reply Reply Quote 0
          • C
            chinhd-vn last edited by

            too bad ….

            why dont you buy a router with LB from Cisco ??

            we only need normal switch , i have a plan with LB 40 lines ADSL . We're testing with 10 lines

            1 Reply Last reply Reply Quote 0
            • GruensFroeschli
              GruensFroeschli last edited by

              There is a much easier way to do this.
              In your screenshot i see that your gateways are all in the same subnet.

              1: Download the config.xml
              2: Find the part in the config.xml which looks a bit like this:

              <load_balancer><lbpool><type>gateway</type>
              <behaviour>balance</behaviour>
              <monitorip>81.221.250.10</monitorip>
              <name>balancer</name>
              <desc>test</desc>

              <servers>192.168.20.2|81.221.250.10</servers>
              <servers>192.168.20.3|81.221.252.10</servers>
              <servers>192.168.20.4|67.208.222.222</servers></lbpool></load_balancer>

              As you can see i modified the <servers>entries.

              3: restore the config.xml
              4: ???
              5: profit

              I'm not sure what exactly you did.
              But from the screeenshot it seems you did something wrong.
              In the "gateway-column": The first entry is the gateway. The second entry is the monitoring IP.
              As it is right now you have multiple times the same gateway with different monitor IP's.
              Your monitoring IP's have to be behind the next/past the next hop.
              I suspect you've set the monitoring IP's to the IP of your routers. Like this you cannot detect if a link goes down.


              </servers>

              1 Reply Last reply Reply Quote 0
              • C
                chinhd-vn last edited by

                @GruensFroeschli:

                There is a much easier way to do this.
                In your screenshot i see that your gateways are all in the same subnet.

                1: Download the config.xml
                2: Find the part in the config.xml which looks a bit like this:

                <load_balancer><lbpool><type>gateway</type>
                <behaviour>balance</behaviour>
                <monitorip>81.221.250.10</monitorip>
                <name>balancer</name>
                <desc>test</desc>

                <servers>192.168.20.2|81.221.250.10</servers>
                <servers>192.168.20.3|81.221.252.10</servers>
                <servers>192.168.20.4|67.208.222.222</servers></lbpool></load_balancer>

                As you can see i modified the <servers>entries.

                3: restore the config.xml
                4: ???
                5: profit

                I'm not sure what exactly you did.
                But from the screeenshot it seems you did something wrong.
                In the "gateway-column": The first entry is the gateway. The second entry is the monitoring IP.
                As it is right now you have multiple times the same gateway with different monitor IP's.
                Your monitoring IP's have to be behind the next/past the next hop.
                I suspect you've set the monitoring IP's to the IP of your routers. Like this you cannot detect if a link goes down.</servers>

                boss , plz check my code .Let's setup a VM and test my code .

                LAN net<==> 10.0.0.125<pfsense>10.10.0.25<===> switch| 10.10.0.24 |10.10.0.48….......

                because i have only 2 network card  , i think i can setup virtual network card for LB but fail. So i read your code and find that the way we routing packet  by pf firewall , the line firewall linke "route-to( (xl0 192.168.1.2 ) , ( xl1 192.168.2.2 ) "

                so why not "route-to( (xl0 192.168.1.2 ) , ( xl0 192.168.1.3 ) "

                i tested and it worked . So great !!

                so let me do something more route-to( (xl0 192.168.1.2 ) , ( xl0 192.168.1.3 ) (xl0 192.168.1.4 ) , ( xl0 192.168.1.5)

                at now, i'm testing with 10 lines adsl. This code i sent to the forum is make change for rule firewall . I dont edit config.xml because whenever mem reintalls pfSense, it will not working well. Plz check my code , i think it'll be so great for pfSense. We only need 2 network card and make LB for max 47 Line (witch a switch 48 ports). None like us can do it. Cisco have max 7 line LB adsl . We are no maxmium .</pfsense>

                1 Reply Last reply Reply Quote 0
                • GruensFroeschli
                  GruensFroeschli last edited by

                  I'm not a PHP programmer so i wont check your code.

                  But i'm telling you:
                  You're using your gateway as monitor IP at the same time.

                  pfSense wont find out if the link goes down! <<<<
                  –> If a link goes down pfSense will try to send traffic over this line which will fail.

                  at now, i'm testing with 10 lines adsl. This code i sent to the forum is make change for rule firewall . I dont edit config.xml because whenever mem reintalls pfSense, it will not working well. Plz check my code , i think it'll be so great for pfSense. We only need 2 network card and make LB for max 47 Line (witch a switch 48 ports). None like us can do it. Cisco have max 7 line LB adsl . We are no maxmium .

                  Editing the config.xml will survive a reboot.
                  It will even survive reinstalling and restoring the config.
                  It just wont survive someone pressing save on the balancer config page ;)

                  Your code does nothing new.
                  Older versions of pfSense had a field to put the gateway in instead of the dropdown today.

                  I dont say your code doesnt work.
                  It's just easier to edit the config.xml manually.

                  1 Reply Last reply Reply Quote 0
                  • C
                    chinhd-vn last edited by

                    okie  ;D no problem

                    i'm not using router IP for monitor. I use Yahoo, google, oracle for IP monitor

                    my code is so great  :D :D :D :D . Let's read it.

                    dont see the pic and think . Read my code again.

                    and you cant do like it by edit config.xml

                    1 Reply Last reply Reply Quote 0
                    • J
                      jhendra last edited by

                      That's interesting…but im a newbie an not a PHP programmer, so how to edit the code?

                      1 Reply Last reply Reply Quote 0
                      • T
                        tucson last edited by

                        Yeah this is extremely badass if it works. I like that it won't reset on reboot.

                        Hopefully I'll get a chance to look into this. Others feedback is appreciated.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense Plus
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy