Policy Base Routing
In this article you can know what is PBR ( Policy Base Routing ) and how it work with One Example .
In your network you may need to get a Strategy for Routing and Setup your Routing In Some Varios Reasons Such as Security , Load Balancing , Routing Decision , Monitoring And etc …
With PBR you can get your Policy to route Packet From a Source To a Destination And Select Which of one Path Used for Communications .
In this Example I Want Shown To you how you can use PBR to Route Your Request To Internet And Route Your Request To Facebook Website To VPN Client Connection .
In My Country Some Social Websites Are Filtered By DCI Office ( Data Communication ) And Best And better way to Visit These Website Is Setup VPN Connection To Other Country And Get Internet From Them .
Use VPN Connection To Visit Have Free Internet have Some Problems , Such as Delay , Low Speed And Etc …
For This Reason I Want When Request Was For Facebook And Youtube Website , The Packets Goes through VPN Connection And Other Normal Connection Goes through Country Internet Connection .
Diagram :
For This Scenario We Need Mark All Packets They Want Go To Facebook Or Youtube Servers . Because We Want To Use Policy Base Routing , Our Mark Action Must Be Mark Routing .
Step One – Mark Packet With Mark Routing Action .
In First Step I should Select my Network For Using PBR To Visit Facebook And Youtube Websites . You Can use Content Field ( Facebbok Or Youtube String ) , Or Use Destination Address Of Facebook Of Youtube Website ( Nslookup ) , Or You Route Every Connection Trough This Connection
Mangle Code :
ip firewall Mangle add chain=prerouting src-address=192.168.150.0/24 content=facebook action=mark-routing new-routing-mark=Through_VPN
Step Two – Setup VPN Connection
In This Step I connect my VPN Connection With PPTP Client With Name "My VPN"
Note : Don’t Check Add Default Route , Because We Don’t Want All Packet Goes Through This Connection .
PPTP Client Code :
interface pptp-client add connect-to=My VPN Connection allow=pap,chap,mschap1,mschap2 name="My VPN" user=Reza Moghadam password=Reza Moghadam add-default-route=no
Step Three – Static Route
In this Step we need add a static route for That Packets They Are Matched and Marked By Mangle And We Want Route Them To VPN Connection .
Note : Because We Use A PPTP Client Connection To Get Internet , Our PPTP Client Connection Is a Point To Point Connection , For This Reason We Can Use That Connection AS Gateway . In Routing Mark Field , We Choose Packet Marked For PBR .
IP Route Code :
Ip Route Add Dst-Address=0.0.0.0/0 Gateway="My VPN" Routing-Mark=Through_VPN
Step Four – Nat For Our Users
In this step we use nat for our Users , Notice that , if VPN Connection , Connected By Router , Free Internet ( VPN ) Is In Router , For This Reason We Need Nat Our Local Users To That IP We Get By PPTP Client .
I Use Nat Rule For That Packets They Want Goes Out Through VPN Client Interface ( Out Interface ) With Masquerade Action .
Nat Code :
ip firewall nat chain=srcnat src-address=192.168.150.0/24 out-interface="My VPN" action=masquerade
Summary Exploration :
I Marked my packets Their Destination Is IP Or name of Facebook Website ( Filtered ) And Marked For Routing Decision , Then I Setup A PPTP-Client Connection To use Free Internet ( Without Filter ) And Then Add a New Route For All Packets They Want Use For Free Internet ( Without Filter ) , Then I Nat All Connections Want Goes To My VPN Connection .
Notice : You Can Setup This Scenario With Many Way , But This Is A Simple Example .
You Can Change Configuration To Advanced Configurations For PBR ! ( Mangle , Nat , Route )
For more example about PBR see the following site.
Policy Base Routing on IPIP tunnel with PTP Addressing By Reza Moghadam & Hasan Asghari.
http://wiki.mikrotik.com/wiki/PBR_PTP_IPIP
