Feature #1181
closed
Allow a way to add protocols (such as udp) to a load balancer
0%
Description
I've been trying to configure load balanced DNS with pfsense 2.0. It occurred to me fairly quickly that this might not be obviously possible considering I see no mention of UDP anywhere in the load balancer config. But I proceeded looking into it anyway.
So I created a pool:
Name: DNS
Mode: Load Balance
Desc: Load Balanced DNS
Port: 53
Monitor: TCP (Yeah, I know actual requests are generally UDP, but checking TCP port is available is a nice simple way to do it without doing real lookups)
Servers in pool: 192.168.120.11, 192.168.120.12
I then configured a virtual server:
Name: DNS
Desc: Load Balanced DNS
IP Address: 192.168.120.254 (one of my VIPs)
Port: 53
Virtual Server Pool: DNS
Fail Back Pool: None
After realising i'd forgotten a few firewall rules I tried to DNS from one of my hosts... And failed, not really unexpected.
However, I could telnet to port 53 of my load balancer (ie. a tcp connection) and it worked.
Further investigation suggests that the relayd.conf created by the above is:
table <DNS> { 192.168.120.11, 192.168.120.12 }
redirect "DNS" {
listen on 192.168.120.254 port 53
forward to <DNS> port 53 check tcp timeout 1000
}
That's pretty simple. Reading the relayd.conf man page redirection section suggests:
listen on address [ip-proto] port port [interface name] Specify an address and a port to listen on. pf(4) will redirect incoming connections for the specified target to the hosts in the main or backup table. The port argument can optionally specify a port range instead of a single port; the format is min-port:max- port. The optional argument ip-proto can be used to specify an IP protocol like tcp or udp; it defaults to tcp. The rule can be optionally restricted to a given interface name.
So that explains why my load balancer doesn't work. The rule created by default will default to tcp.
An example on the same man page suggests that:
redirect "dns" {
listen on dns.example.com tcp port 53
listen on dns.example.com udp port 53
forward to <dnshosts> port 53 check tcp
}
Is a simple way to load balance DNS with relayd... so what i'm trying to do it ALMOST there, I just have no way to make pfsense also listen for udp on port 53. Everything else is already seemingly in place.
So my feature request is simply, can a way be added to select additional protocols (or even just other protocols) to listen on within a load balancer? Perhaps in some sort of initially hidden advanced section like some of the firewall rules advanced options.
This seems like a fairly trivial addition, however I did look at the code and realised that I haven't touched PHP for a while and it scared me so I closed it again.
Updated by 
Updated by