We have would need to set up four interfaces including WAN, LAN, and two more to loop the packets out to the Squid box and back into the router. Suppose we have a transparent Squid proxy set up for content filtering in our network. Now, let’s set up routing marks based on the address lists above:Īdd action=mark-routing chain=prerouting comment=ISP1 disabled=no new-routing-mark=ISP1 passthrough=yes src-address-list=patronĪdd action=mark-routing chain=prerouting comment=ISP2 disabled=no new-routing-mark=ISP2 passthrough=yes src-address-list=staffįinally, we add default routes based on the routing mark of the packets:Īdd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.25.1 routing-mark=ISP1 scope=30 target-scope=10Īdd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.50.1 routing-mark=ISP2 scope=30 target-scope=10Īnother way we could use policy-based routing would be for routing packets through a filtering proxy.
Here is a simple diagram we can reference: As an example in our library environments, we may have situations where we want staff machines to use one ISP and patron machines use another. Suppose we have two WAN (Internet) connections that our LAN clients could potentially use, and that we wish to split the usage such that one range of IP addresses use WAN1 and another range use WAN2. With this option, we can perform what is called policy-based routing. One of the more interesting features within the RouterOS mangle (packet marking) facility is the ability to mark packets in the pre-routing chain.
0 kommentar(er)
