From 3314bb92ac5fa9d1fa4505cfd84a98bee1e3e08a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sun, 27 Mar 2005 03:05:16 +0000 Subject: Allow outbound load balanancing to work. Thing to keep in mind: 1. If using advanced outbound load balancing, map a subnet for each wan interface --- etc/inc/filter.inc | 32 +++++++++++++++++--------------- etc/inc/pfsense-utils.inc | 16 ++++++++++++++-- 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e54034b..a8bb226 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1000,6 +1000,22 @@ function filter_rules_generate() { $ipfrules .= "pass out quick on " . $wanif . " inet proto tcp from ($wanif) to any port www flags S/SA keep state label \"transparent proxy\"\n"; } + /* Setup outgoing NAT load balancing */ + if (isset($config['nat']['outgoingloadbalancing']['rule'])) { + $tmprules .= "pass in quick on " . $lanif . " route-to { "; + $isfirst = 0; + foreach ($config['nat']['outgoingloadbalancing']['rule'] as $rule) { + if($rule['gatewayip'] <> "") { + if($isfirst == 1) $tmprules .= ", "; + $lbinf = guess_interface_from_ip($rule['gatewayip']); + $tmprules .= " (" . $lbinf . " " . $rule['gatewayip'] . ") "; + $isfirst = 1; + } + } + $tmprules .= "} round-robin from " . $lansa ."/" . $config['interfaces']['lan']['subnet'] . " to any flags S/SA modulate state label \"outgoing nat load balancing\"\n"; + if($isfirst == 1) $ipfrules .= $tmprules; + } + $ipfrules .= << "") { - if(isfirst == 1) $tmprules .= ", "; - $tmprules .= " (" . $wanif . " " . $rule['gatewayip'] . ") "; - $isfirst = 1; - } - } - $tmprules .= "} round-robin proto tcp from " . $lansa ." to any flags S/SA modulate state label \"outgoing nat load balancing\"\n"; - if($isfirst == 1) $ipfrules .= $tmprules; - } - /* pass traffic between statically routed subnets and the subnet on the interface in question to avoid problems with complicated routing topologies */ diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 7183297..5cc1423 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -183,7 +183,6 @@ function link_ip_to_carp_interface($ip) { return $carp_ints; } - /* * exec_command($command): execute command return string of result */ @@ -228,6 +227,19 @@ function find_interface_ip($interface) { return $ip; } +function guess_interface_from_ip($ipaddress) { + $ints = `/sbin/ifconfig -l`; + $ints_split = split(" ", $ints); + $ip_subnet_split = split("\.", $ipaddress); + $ip_subnet = $ip_subnet_split[0] . "." . $ip_subnet_split[1] . "." . $ip_subnet_split[2] . "."; + foreach($ints_split as $int) { + $ip = find_interface_ip($int); + $ip_split = split("\.", $ip); + $ip_tocheck = $ip_split[0] . "." . $ip_split[1] . "." . $ip_split[2] . "."; + if(stristr($ip_tocheck, $ip_subnet) != false) return $int; + } +} + function filter_opt_interface_to_real($opt) { global $config; return $config['interfaces'][$opt]['if']; @@ -931,7 +943,7 @@ function rmdir_recursive($path,$follow_links=false) { foreach($to_do as $workingdir) { // Handle wildcards by foreaching. $dir = opendir($workingdir); while ($entry = readdir($dir)) { - if (is_file("$workingdir/$entry") || ((!$follow_links) && is_link("$workingdir/$entry"))) + if (is_file("$workingdir/$entry") || ((!$follow_links) && is_link("$workingdir/$entry"))) unlink("$workingdir/$entry"); elseif (is_dir("$workingdir/$entry") && $entry!='.' && $entry!='..') rmdir_recursive("$workingdir/$entry"); -- cgit v1.1