[pfSense Support] RE: Static Routes
I have a 1.2.3-RELEASE box with 32 static routes on it. No issues! Nathan From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, July 19, 2011 11:16 AM To: 'support@pfsense.com' Subject: [pfSense Support] Static Routes Afternoon all. We am running pfsense 1.2.3-RELEASE and having issues with a couple remote sites. We have a few static route statements. Each of them are actually part of the same subnet and go to the same gateway. We prefer to have each subnet routed individually because it is easier to track in the event of a security related incident, BOTS, etc Does this release have any issues with the amount of static routes it can handle at one time? Are there issues with a /20 subnet being routed out a specific interface? Thank you Dwane
[pfSense Support] RE: Static Routes
Thank you. Guess that answers that theory. From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sent: Tuesday, July 19, 2011 1:25 PM To: support@pfsense.com Subject: [pfSense Support] RE: Static Routes I have a 1.2.3-RELEASE box with 32 static routes on it. No issues! Nathan From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, July 19, 2011 11:16 AM To: 'support@pfsense.com' Subject: [pfSense Support] Static Routes Afternoon all. We am running pfsense 1.2.3-RELEASE and having issues with a couple remote sites. We have a few static route statements. Each of them are actually part of the same subnet and go to the same gateway. We prefer to have each subnet routed individually because it is easier to track in the event of a security related incident, BOTS, etc Does this release have any issues with the amount of static routes it can handle at one time? Are there issues with a /20 subnet being routed out a specific interface? Thank you Dwane
Re: [pfSense Support] Re: Static routes
Hello, On Thu, Oct 8, 2009 at 17:16, Scott Ullrich sullr...@gmail.com wrote: On Thu, Oct 8, 2009 at 11:13 AM, Aarno Aukia aarnoau...@gmail.com wrote: On Thu, Oct 8, 2009 at 16:21, Aarno Aukia aarnoau...@gmail.com wrote: I would propose to compare the old {$g['vardb_path']}/routes.db to the current set of configured static routes and route delete the superfluous routes. Any comments/objections ? On a closer look, all previous static routes are removed if they are found in the current routing table. Altough I could rewrite that to use route get, why not try to remove all previous routes and ignoring failure to do so to achieve the same effect ? You are probably the first person to run into this, that is why. We will happily accept patches for this considering its a bug for 1.2.3. However we also need to fix it in 2.0. Attached is a patch against 1.2.3-rc1 which is running in production since friday. I wanted to start sending merge-requests instead, but my git repo (mainline clone at https://rcs.pfsense.org/projects/pfsense/repos/arska-clone) has not been created yet... -Aarno -- Aarno Aukia Atrila GmbH Switzerland --- system.inc.orig 2009-10-08 16:23:17.0 +0200 +++ system.inc 2009-10-09 15:47:44.0 +0200 @@ -231,9 +231,6 @@ mwexec(/sbin/sysctl net.inet.ip.fastforwarding=1); /* clear out old routes, if necessary */ - exec(/usr/bin/netstat -rn, $route_arr, $retval); - $route_str = implode(\n, $route_arr); - if (file_exists({$g['vardb_path']}/routes.db)) { $fd = fopen({$g['vardb_path']}/routes.db, r); if (!$fd) { @@ -242,13 +239,16 @@ } while (!feof($fd)) { $oldrt = trim(fgets($fd)); - if (($oldrt) (stristr($route_str, $oldrt))) -mwexec(/sbin/route delete . escapeshellarg($oldrt)); + if ($oldrt) { +// try to delete the old route, ignoring if it's not there anymore +mwexec(/sbin/route delete . escapeshellarg($oldrt),true); + } } fclose($fd); unlink({$g['vardb_path']}/routes.db); } + /* add the static routes to the routing table */ if (is_array($config['staticroutes']['route'])) { $fd = fopen({$g['vardb_path']}/routes.db, w); @@ -273,13 +273,9 @@ } /* Make sure default gateway is present */ - $result = `/usr/bin/netstat -rn | grep default`; - if(!$result) { - if(is_ipaddr($config['interfaces']['wan']['gateway'])) { - log_error(No default gateway detected, adding {$config['interfaces']['wan']['gateway']}); - mwexec(/sbin/route add default . escapeshellarg($config['interfaces']['wan']['gateway'])); - } - } + $retval = mwexec(/sbin/route add default . escapeshellarg($config['interfaces']['wan']['gateway']),true); + if ($retval == 0) log_error(No default gateway detected, adding {$config['interfaces']['wan']['gateway']}); + return 0; } @@ -1280,4 +1276,4 @@ } } -? \ No newline at end of file +? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Static routes
Replying to myself, sorry. On Thu, Oct 8, 2009 at 16:21, Aarno Aukia aarnoau...@gmail.com wrote: I would propose to compare the old {$g['vardb_path']}/routes.db to the current set of configured static routes and route delete the superfluous routes. Any comments/objections ? On a closer look, all previous static routes are removed if they are found in the current routing table. Altough I could rewrite that to use route get, why not try to remove all previous routes and ignoring failure to do so to achieve the same effect ? -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Static routes
On Thu, Oct 8, 2009 at 11:13 AM, Aarno Aukia aarnoau...@gmail.com wrote: Replying to myself, sorry. On Thu, Oct 8, 2009 at 16:21, Aarno Aukia aarnoau...@gmail.com wrote: I would propose to compare the old {$g['vardb_path']}/routes.db to the current set of configured static routes and route delete the superfluous routes. Any comments/objections ? On a closer look, all previous static routes are removed if they are found in the current routing table. Altough I could rewrite that to use route get, why not try to remove all previous routes and ignoring failure to do so to achieve the same effect ? -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You are probably the first person to run into this, that is why.We will happily accept patches for this considering its a bug for 1.2.3. However we also need to fix it in 2.0. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org