Dance with me- pfSense load banlancing 10 lines ADSL with 2 network card

chinhd-vn

the title tells it all

Lan <===> pfSense <===> Switch <===> ADSL1,ADSL2,..ADSL10

all my jod is editing the  code

===================================

1. /usr/local/www/load_balancer_pool_edit.php
   how we add new router IP to a pool

• line : 87 :check the input of router IP
  find==> if(!is_ipaddr($split_ip[1]))
  $input_errors[] = "{$split_ip[1]} is not a valid IP address.";
  add==> if(isset($split_ip[2]) && !is_ipaddr($split_ip[2]) )
  $input_errors[] = "{$split_ip[2]} is not a valid IP address.";
• line 340: add text box for router :
  find==>

Note: Some gateways have ping capability disabled.

add ==>
Router IP

Note: This is router IP where packet will be sent to pass internet.
Only use when you have mutil router connect same interface.

2. /usr/local/www/pool.js

+line 52
find ==>
var ServerPort = IntOrIp.value;
if(form.type.selectedIndex == 0)
var ServerPort = IntOrIp.value;
else
replace ==>
var ServerPort = IntOrIp.value + "|" + form.monitorip.value;
with ==>
if ( form.routerip.value) {
var ServerPort = IntOrIp.value + "|" + form.routerip.value + "|" + form.monitorip.value;
}
else
     { var ServerPort = IntOrIp.value + "|" + form.monitorip.value; }

3. /usr/local/www/load_balancer_pool.php

• line 143 : repair the display of new pool
  find==> if ($vipent['type'] == "gateway") {
                     foreach ((array) $vipent['servers'] as $server) {
                                     $svr = split("|", $server);
      replace ==> echo "{$svr[1]}
  ";
  with ==>
  if (isset($svr[2])) {echo "{$svr[1]}|{$svr[2]}
  ";}
  else {echo "{$svr[1]}
  ";}

4. /usr/local/www/status_slbd_pool.php

• line 90 : repair the display of new pool
  find ==> foreach ((array) $vipent['servers'] as $server) {
                                          $svr = split("|", $server);
                  replace== >             PRINT " {$svr[0]} ";
                  with ==>
  if (isset($svr[2])) {
                                PRINT " {$svr[0]}|{$svr[1]} ";
                                          }
                          else {PRINT " {$svr[0]} ";};

• line 109 : repair the IP of monitor . Before : wan|222.222.222.222 and now : wan|192.168.1.1|222.222.222.222 so we need fix it
  find ==> foreach ((array) $vipent['servers'] as $server) {
  $lastchange = "";
                          $svr = split("|", $server);
                  replace ==> $monitorip = $svr[1];
                  with ==>
  if(isset($svr[2])){
  $monitorip = $svr[2];
  } else {$monitorip = $svr[1];};

5. /etc/inc/vslb.inc

• line 120 :
  find ==>
  foreach ($vspool['servers'] as $lbsvr) {
  $lbsvr_split=split("|", $lbsvr);
  add ==>
  if (isset($lbsvr_split[2])) {
  $lbsvr_split_1_copy=$lbsvr_split[2];
  }
  else {$lbsvr_split_1_copy=$lbsvr_split[1];};
• line l30
  find ==>
  /* Add static routes to the monitor IPs */
  $int = convert_friendly_interface_to_real_interface_name($lbsvr_split[0]);
  $gateway = get_interface_gateway($int);
  add ==> if (isset($lbsvr_split[2])) {
  $gateway = $lbsvr_split[1];
  }
• line 141
  find ==>
  mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1");
  mwexec("/sbin/route add -host {$lbsvr_split[1]} 127.0.0.1 1> /dev/null 2>&1");
  } else {
  mwexec("/sbin/route delete -host {$lbsvr_split[1]} 1>/dev/null 2>&1");
  mwexec("/sbin/route add -host {$lbsvr_split[1]} {$gateway} 1> /dev/null 2>&1");
  }
  edit ==> */
  mwexec("/sbin/route delete -host {$lbsvr_split_1_copy} 1>/dev/null 2>&1");
  mwexec("/sbin/route add -host {$lbsvr_split_1_copy} 127.0.0.1 1> /dev/null 2>&1");
  } else {
  mwexec("/sbin/route delete -host {$lbsvr_split_1_copy} 1>/dev/null 2>&1");
  mwexec("/sbin/route add -host {$lbsvr_split_1_copy} {$gateway} 1> /dev/null 2>&1");
  }

5. /etc/inc/filter.inc : the most impotance

• line 1620
  find ==> if($g['debug'])
  log_error("There are no servers found in the status file, using XML config settings!");
  foreach ($lb['servers'] as $lbsvr) {
  $lbsvr_split = split("|", $lbsvr);
  replace ==> $lbs[] = $lbsvr_split[1];
  with ==>
  if(isset($lbsvr_split[2])){
  $lbs[] = $lbsvr_split[2];
  } else {$lbs[] = $lbsvr_split[1];};

• line 1636
  find ==> if($g['debug'])
  log_error("There is no server status file, using XML config settings!");
  $lbs = array();
  foreach ($lb['servers'] as $lbsvr) {
  $lbsvr_split = split("|", $lbsvr);
  replace==> $lbs[] = $lbsvr_split[1];
  with ==> if(isset($lbsvr_split[2])){
  $lbs[] = $lbsvr_split[2];
  } else {$lbs[] = $lbsvr_split[1];};

• line 1653
  find ==> foreach ($lb['servers'] as $lbsvr) {
  $lbsvr_split=split("|", $lbsvr);
  $lbconfig['gateway'][$l] = $lbsvr_split[0];
  replace==> $lbconfig['monitor'][$l] = $lbsvr_split[1];
  with ==>
  if(isset($lbsvr_split[2])){
  $lbconfig['monitor'][$l] = $lbsvr_split[2];
  $lbconfig['router'][$l] = $lbsvr_split[1];
  /$lbconfig['gateway'][$l] = $lbsvr_split[1];/
  }
  else {$lbconfig['monitor'][$l] = $lbsvr_split[1];
    $lbconfig['router'][$l] = "";
  };

• line 1681
  find ==> } else if(interface_has_gateway($lbconfig['gateway'][$l])) {
  $int = convert_friendly_interface_to_real_interface_name($lbconfig['gateway'][$l]);
  replace==> $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
  with ==>
  if ($lbconfig['router'][$l] == "") {
  $gateway = get_interface_gateway($lbconfig['gateway'][$l]);
  } else {
  $gateway = $lbconfig['router'][$l];
  };

7. /usr/local/wwwfirewall_rules_edit.php

• line 787
  find ==> foreach($gateways as $gw) {
  if($gw == "")
  continue;
  if($gw == $pconfig['gateway']) {
  $selected = " SELECTED";
  } else {
  $selected = "";
  }
  if ($gw == "default") {
  echo "<option value="&quot;&quot;" {$selected}="">{$gw}</option>\n";
  } else {
  echo "<option value="&quot;{$gw}&quot;" {$selected}="">{$gw}</option>\n";
  }
  }

add ==>
if(is_array($config['load_balancer']['lbpool'])) {
foreach($config['load_balancer']['lbpool'] as $lb) {
if($lb['name'] == "")
continue;
foreach ( $lb['servers'] as $server) {
                                   $svr = split("|", $server);

if (isset($svr[2])) {
echo "<option value="&quot;{$svr[1]}&quot;" selected="">{$svr[1]}</option>\n";
}
else {
echo "<option value="&quot;{$svr[0]}&quot;" selected="">{$svr[0]}</option>\n";
};
;}

}
}

chinhd-vn

sry but i spent only 1 day for learning PHP and editing the pfsense code . It's working now but need test for someday.

I havent edited the firewall rule jet. Need some one help me for edit gateway for new rule

Pfsense is great. Thanks so much for development team

some pics

Perry

Hmm… A switch with vlan support sounds much easier to me  ::)

chinhd-vn

too bad ….

why dont you buy a router with LB from Cisco ??

we only need normal switch , i have a plan with LB 40 lines ADSL . We're testing with 10 lines

GruensFroeschli

There is a much easier way to do this.
In your screenshot i see that your gateways are all in the same subnet.

1: Download the config.xml
2: Find the part in the config.xml which looks a bit like this:

<load_balancer><lbpool><type>gateway</type>
<behaviour>balance</behaviour>
<monitorip>81.221.250.10</monitorip>
<name>balancer</name>
<desc>test</desc>

<servers>192.168.20.2|81.221.250.10</servers>
<servers>192.168.20.3|81.221.252.10</servers>
<servers>192.168.20.4|67.208.222.222</servers></lbpool></load_balancer>

As you can see i modified the <servers>entries.

3: restore the config.xml
4: ???
5: profit

I'm not sure what exactly you did.
But from the screeenshot it seems you did something wrong.
In the "gateway-column": The first entry is the gateway. The second entry is the monitoring IP.
As it is right now you have multiple times the same gateway with different monitor IP's.
Your monitoring IP's have to be behind the next/past the next hop.
I suspect you've set the monitoring IP's to the IP of your routers. Like this you cannot detect if a link goes down.

</servers>

chinhd-vn

@GruensFroeschli:

There is a much easier way to do this.
In your screenshot i see that your gateways are all in the same subnet.

1: Download the config.xml
2: Find the part in the config.xml which looks a bit like this:

<load_balancer><lbpool><type>gateway</type>
<behaviour>balance</behaviour>
<monitorip>81.221.250.10</monitorip>
<name>balancer</name>
<desc>test</desc>

<servers>192.168.20.2|81.221.250.10</servers>
<servers>192.168.20.3|81.221.252.10</servers>
<servers>192.168.20.4|67.208.222.222</servers></lbpool></load_balancer>

As you can see i modified the <servers>entries.

3: restore the config.xml
4: ???
5: profit

I'm not sure what exactly you did.
But from the screeenshot it seems you did something wrong.
In the "gateway-column": The first entry is the gateway. The second entry is the monitoring IP.
As it is right now you have multiple times the same gateway with different monitor IP's.
Your monitoring IP's have to be behind the next/past the next hop.
I suspect you've set the monitoring IP's to the IP of your routers. Like this you cannot detect if a link goes down.</servers>

boss , plz check my code .Let's setup a VM and test my code .

LAN net<==> 10.0.0.125<pfsense>10.10.0.25<===> switch| 10.10.0.24 |10.10.0.48….......

because i have only 2 network card  , i think i can setup virtual network card for LB but fail. So i read your code and find that the way we routing packet  by pf firewall , the line firewall linke "route-to( (xl0 192.168.1.2 ) , ( xl1 192.168.2.2 ) "

so why not "route-to( (xl0 192.168.1.2 ) , ( xl0 192.168.1.3 ) "

i tested and it worked . So great !!

so let me do something more route-to( (xl0 192.168.1.2 ) , ( xl0 192.168.1.3 ) (xl0 192.168.1.4 ) , ( xl0 192.168.1.5)

at now, i'm testing with 10 lines adsl. This code i sent to the forum is make change for rule firewall . I dont edit config.xml because whenever mem reintalls pfSense, it will not working well. Plz check my code , i think it'll be so great for pfSense. We only need 2 network card and make LB for max 47 Line (witch a switch 48 ports). None like us can do it. Cisco have max 7 line LB adsl . We are no maxmium .</pfsense>

GruensFroeschli

I'm not a PHP programmer so i wont check your code.

But i'm telling you:
You're using your gateway as monitor IP at the same time.

pfSense wont find out if the link goes down! <<<<
–> If a link goes down pfSense will try to send traffic over this line which will fail.

at now, i'm testing with 10 lines adsl. This code i sent to the forum is make change for rule firewall . I dont edit config.xml because whenever mem reintalls pfSense, it will not working well. Plz check my code , i think it'll be so great for pfSense. We only need 2 network card and make LB for max 47 Line (witch a switch 48 ports). None like us can do it. Cisco have max 7 line LB adsl . We are no maxmium .

Editing the config.xml will survive a reboot.
It will even survive reinstalling and restoring the config.
It just wont survive someone pressing save on the balancer config page ;)

Your code does nothing new.
Older versions of pfSense had a field to put the gateway in instead of the dropdown today.

I dont say your code doesnt work.
It's just easier to edit the config.xml manually.

chinhd-vn

okie  ;D no problem

i'm not using router IP for monitor. I use Yahoo, google, oracle for IP monitor

my code is so great  :D :D :D :D . Let's read it.

dont see the pic and think . Read my code again.

and you cant do like it by edit config.xml

jhendra

That's interesting…but im a newbie an not a PHP programmer, so how to edit the code?

tucson

Yeah this is extremely badass if it works. I like that it won't reset on reboot.

Hopefully I'll get a chance to look into this. Others feedback is appreciated.