Feature #3859
openMake it possible to set the source IP address for gateway monitoring
0%
Description
In some cases pfsense does not configure the correct source ip address for apinger checks.
One such scenario is when you have 2 IP addresses on an Interface (a main IP address and an IP Alias). When you defined a gateway on the IP alias subnet, apinger is configured to monitor it using the main interface IP address.
For example:
WAN Link has address a.a.a.a/24, default gateway is a.a.a.x
on the WAN Link there is also the IP alias b.b.b.b/24, and a router on b.b.b.y
apinger configuration will look like this:
target "a.a.a.x" {
description "GW_WAN"
srcip "a.a.a.a"
alarms override "loss","delay","down";
rrd file "/var/db/rrd/GW_WAN-quality.rrd"
}
target "b.b.b.y" {
description "GW_ALIAS"
srcip "a.a.a.a"
alarms override "loss","delay","down";
rrd file "/var/db/rrd/GW_ALIAS-quality.rrd"
}
When instead it should look like this:
target "b.b.b.y" {
description "GW_ALIAS"
srcip "b.b.b.b"
alarms override "loss","delay","down";
rrd file "/var/db/rrd/GW_ALIAS-quality.rrd"
}
A simple solution I implemented on pfSense 2.1.5 is to add a new parameter for the gateway object to specify the source IP address for the monitoring purposes. This patch works fine but lets the user configure totally bogus IP addresses as the source IP. A better solution would be to offer a drop-down list of all the IP addresses available on the specified interface. (although I have not spent the time required for that solution).
The 2 modified files are:
/etc/inc/gwlb.php
/usr/local/www/system_gateways_edit.php
Files
Updated by Phillip Davis about 10 years ago
I would think this can be automated to meet [most|all] use cases. The gateway has a gateway IP address. So the code that generates the apinger conf can simply pick an IP (normal, alias, whatever) that is on the interface concerned and whose netmask will contain the gateway IP address (i.e. is in the same subnet) and use that as the source IP. Using the first one that matches this condition probably covers all use cases? And that would mean no need to add anything to the UI.
It should not matter if the gateway has a different monitor IP specified (8.8.8.8 8.8.4.4 and the like), it would be the actual gateway IP address that is used to find the corresponding local interface IP.
Updated by Patrick Bihan-Faou about 10 years ago
You are right in saying that in most cases the correct IP can be easily deduced from the gateway IP address. However, consider the case where you have a IP Alias and a CARP IP Address in the IP Alias subnet (my scenario). Which one should you pick ? The IP Alias or the CARP IP Address ?
That's why I think letting the user pick the IP address he prefers is not useless. (Although I would be really happy with a correct automatic source IP).
If you can point me in the right direction w.r.t to finding out what IPs are available on an interface, I could probably implement that automatic IP selection quickly.
Updated by Ermal Luçi about 10 years ago
Normally this should be fixed on gateways page to show the ip aliases as source interface rather than apinger itself.
Updated by Chris Buechler almost 9 years ago
- Subject changed from Make it possible to set the source IP address for apinger to Make it possible to set the source IP address for gateway monitoring
- Category changed from Gateways to Gateway Monitoring
- Priority changed from Normal to Low
can be done via source NAT.
Updated by Nicolas Canceill over 8 years ago
I just encountered this issue in another use-case: using CARP with a single WAN IP, as explained here => http://serverfault.com/a/686360
In this setup my WAN interface has a private IP like 192.168.0.1, but is using a public IP as CARP IP to reach the ISP's gateway. However, apinger uses the private IP as source instead of the CARP IP, and therefore cannot ping the gateway and marks it offline.
I know I can manually edit apinger config to set the correct source IP, but restarting apinger from the GUI actually regenerates its config.
How can I make apinger use the correct source IP?
Updated by Chris Buechler over 8 years ago
Nicolas Canceill wrote:
How can I make apinger use the correct source IP?
With source NAT, but that can't work for the backup system if sourcing from a CARP IP. Please post to the forum if you'd like to discuss further.
Updated by Patrick Bihan-Faou over 8 years ago
Source NAT may be a solution. However in my case the router is not doing any NAT at all. I find it a bit messy to add some special NAT rules to work around something that can be fixed directly in the config in the first place.
Updated by Nicolas Canceill over 8 years ago
Thank you Chris, it works indeed. It feels messy to add a NAT rule just for that, but I can see how adding this option would be confusing for the vast majority of users, who would not use it anyway.
So I do not know what to suggest for this feature request...
Updated by david stievenard about 8 years ago
is there any updates on this feature ?
With lack of ipv4, being able to use only one public ip is a pretty common constrains that make this feature quite compelling