Policy Base Routing

-
Policy Base Routing
In this article you can know what is PBR ( Policy Base Routing ) and how it work with One Example .
In your network you may need to get a Strategy for Routing and Setup your Routing In Some Varios Reasons Such as Security , Load Balancing , Routing Decision , Monitoring And etc …
With PBR you can get your Policy to route Packet From a Source To a Destination And Select Which of one Path Used for Communications .
In this Example I Want Shown To you how you can use PBR to Route Your Request To Internet And Route Your Request To Facebook Website To VPN Client Connection .
In My Country Some Social Websites Are Filtered By DCI Office ( Data Communication ) And Best And better way to Visit These Website Is Setup VPN Connection To Other Country And Get Internet From Them .
Use VPN Connection To Visit Have Free Internet have Some Problems , Such as Delay , Low Speed And Etc …
For This Reason I Want When Request Was For Facebook And Youtube Website , The Packets Goes through VPN Connection And Other Normal Connection Goes through Country Internet Connection .

Diagram :







For This Scenario We Need Mark All Packets They Want Go To Facebook Or Youtube Servers . Because We Want To Use Policy Base Routing , Our Mark Action Must Be Mark Routing .

Step One – Mark Packet With Mark Routing Action .
In First Step I should Select my Network For Using PBR To Visit Facebook And Youtube Websites . You Can use Content Field ( Facebbok Or Youtube String ) , Or Use Destination Address Of Facebook Of Youtube Website ( Nslookup ) , Or You Route Every Connection Trough This Connection
Pbr1.jpg
Pbr2.jpg
Pbr3.jpg
Mangle Code :
ip firewall Mangle add chain=prerouting src-address=192.168.150.0/24 content=facebook action=mark-routing new-routing-mark=Through_VPN




Step Two – Setup VPN Connection
In This Step I connect my VPN Connection With PPTP Client With Name "My VPN"

Pbr4.jpg

Note : Don’t Check Add Default Route , Because We Don’t Want All Packet Goes Through This Connection .

PPTP Client Code :
interface pptp-client add connect-to=My VPN Connection allow=pap,chap,mschap1,mschap2 name="My VPN" user=Reza Moghadam password=Reza Moghadam add-default-route=no





Step Three – Static Route
In this Step we need add a static route for That Packets They Are Matched and Marked By Mangle And We Want Route Them To VPN Connection .
Pbr5.jpg

Note : Because We Use A PPTP Client Connection To Get Internet , Our PPTP Client Connection Is a Point To Point Connection , For This Reason We Can Use That Connection AS Gateway . In Routing Mark Field , We Choose Packet Marked For PBR .
IP Route Code :
Ip Route Add Dst-Address=0.0.0.0/0 Gateway="My VPN" Routing-Mark=Through_VPN





Step Four – Nat For Our Users
In this step we use nat for our Users , Notice that , if VPN Connection , Connected By Router , Free Internet ( VPN ) Is In Router , For This Reason We Need Nat Our Local Users To That IP We Get By PPTP Client .
Pbr6.jpg
Pbr7.jpg
I Use Nat Rule For That Packets They Want Goes Out Through VPN Client Interface ( Out Interface ) With Masquerade Action .

Nat Code :
ip firewall nat chain=srcnat src-address=192.168.150.0/24 out-interface="My VPN" action=masquerade
Summary Exploration :
I Marked my packets Their Destination Is IP Or name of Facebook Website ( Filtered ) And Marked For Routing Decision , Then I Setup A PPTP-Client Connection To use Free Internet ( Without Filter ) And Then Add a New Route For All Packets They Want Use For Free Internet ( Without Filter ) , Then I Nat All Connections Want Goes To My VPN Connection .
Notice : You Can Setup This Scenario With Many Way , But This Is A Simple Example .
You Can Change Configuration To Advanced Configurations For PBR ! ( Mangle , Nat , Route ) 

Comments

Post a Comment