PBR PTPT IPIP

From MikroTik Wiki
Revision as of 16:58, 7 February 2013 by Asghari (talk | contribs) (Created page with "Policy Base Routing on IPIP tunnel with PTP Addressing In this article you can know how to configure IPIP tunnel, PTP addressing at the end using Policy base Routing (PBR) on Tun...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Policy Base Routing on IPIP tunnel with PTP Addressing In this article you can know how to configure IPIP tunnel, PTP addressing at the end using Policy base Routing (PBR) on Tunnel (IPIP). Theory about PBR In computer networking, policy-based routing (PBR) is a technique used to make routing decisions based on policies set by the network administrator. When a router receives a packet it normally decides where to forward it based on the destination address in the packet, which is then used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria. For example, a network administrator might want to forward a packet based on the source address, not the destination address. This should not be confused with source routing. Policy-based routing may also be based on the size of the packet, the protocol of the payload, or other information available in a packet header or payload. This permits routing of packets originating from different sources to different networks even when the destinations are the same and can be useful when interconnecting several private networks. In this Example I Want Shown how to configure IPIP Tunnel with PTP addressing and at the end using PBR to bypass filtered Sites form DCI. In my country some website are filtered by DCI so I used PBR to forward my Client's request to another MikroTik in other country. For This Reason I Want When Request Was For Facebook And YouTube Website, The Packets Goes through IPIP Tunnel And Other Normal Connection Goes through Country Internet Connection. Diagram: File:Example.jpg For this Scenario we need configure both side ip addresses, configure IPIP tunnel and at the end mark client's request to forward through IPIP Tunnel. Step one addressing MikroTik 540G: ip address add address=192.168.20.1/24 interface="Ether 2 LAN" disabled=no ip address add address=46.1.1.1 interface="Ether 1 Public" disable=no MikroTik 540G Free Internet: ip address add address=10.10.10.2/32 interface="Ether 1 Public" disable=no Step two Configure IPIP tunnel: MikroTik 540G: interface ipip add name=IPIP local-address=46.1.1.1 remote-address=109.200.5.181 disabled=no MikroTik 540G Free Internet: interface ipip add name=IPIP local-address=109.200.5.181 remote-address=46.1.1.1 disabled=no File:Example.jpg Step three adds IP address for IPIP interfaces(PTP addressing): MikroTik 540G: ip address add address=10.10.10.1 network=10.10.10.2 interface=ipip1 disabled=no MikroTik 540G Free Internet: ip address add address=10.10.10.2 network=10.10.10.1 interface=ipip1 disabled=no File:Example.jpg Step four mark Client's Packet with mark Routing. I have 2 clients so for best working I create one address list with name HASAN and add clients IP address there. ip firewall address-list add address=192.168.20.55 list=HASAN ip firewall address-list add address=192.168.20.54 list=HASAN 

I should select my Network for Using PBR to Visit Facebook and YouTube Websites. You can use Content Field (Facebook or YouTube String), Or Use Destination Address of Facebook of YouTube Website (Nslookup), Or You Route Every Connection Trough This Connection.

In this example I use destination address to mark packet so I create another address list then pout destination address there. ip firewall address-list add address=31.13.64.23 list=Sites ip firewall address-list add address=74.125.143.136 list=Sites Then mark connection and set name IPIP PACKET. File:Example.jpg File:Example.jpg File:Example.jpg ip firewall mangle add chain=prerouting src-address-list=HASAN dst-address-list=Sites action=mark-routing new-routing-mark="IPIP PACKET" Step five – Static Route In this Step we need add a static route for That Packets They Are Matched and Marked by Mangle and We Want Route Them to IPIP Connection.

File:Example.jpg ip route add dst-address=0.0.0.0/0 gateway=ipip routing-mark="IPIP PACKET" File:Example.jpg Step sex – Nat For Our Users In this step we use nat for our Users. File:Example.jpg File:Example.jpg File:Example.jpg ip firewall nat add chain=srcnat out-interface=ipip src-address-list=HASAN action=masquerade

Step Seven – Nat For IPIP Tunnel on another side (MikroTik 450G free internet) File:Example.jpg File:Example.jpg ip firewall nat add src-address=10.10.10.2 action=masquerade Summary Exploration : I Marked my packets Their Destination Is IP Or name of Facebook Website ( Filtered ) And Marked For Routing Decision , Then I Setup A IPIP Connection with P2P addressing To use Free Internet ( Without Filter ) And Then Add a New Route For All Packets They Want Use For Free Internet ( Without Filter ) , Then I Nat All Connections Want Goes To IPIP Connection . Notice: You Can Setup This Scenario With Many Way , But This Is A Simple Example . You Can Change Configuration To Advanced Configurations For PBR! (Mangle, Nat, Route)

Retrieved from "https://wiki.mikrotik.com/index.php?title=PBR_PTPT_IPIP&oldid=24912"