Because I have 2 WAN interfaces (1 leased line and one static ADSL) , i would like to configure the policy based routing on the second gateway .
It works if I don't choose a specific service (Service any) in order to route the traffic from the DMZ network to the WAN2 .
It doesn't work if I want to specificaly route a traffic for a specific service .
Based on the knowledgebase for astaro 6 or higher this should work :
Product Version: 6.001 or higher.
Task:
Setting up policy routing based on service(port).
Steps:
1) Create Definitions
A) Create A Default Gateway Definition
a) In the menu on the left hand side of WebAdmin click Definitions >> Networks.
b) Click "New Definition" Button.
c) Name your secondary default gateway.
d) Select the type of "Host".
e) Enter the IP of the secondary Default Gateway.
f) Click the "Add Definition" Button.
B) Create a Definition for the Service
a) In the menu on the left hand side of WebAdmin click Definitions >> Services
b) Click "New Definition" Button.
c) Name your service
d) Select the service type from the drop box.
e) Set the source port to 1024:65535.
f) Set the destination port to the port of the service you require.
g) Click the "Add Definition" Button.
2)Create A Policy Route
A) Create A Policy Route for the service
a)In the menu on the left had side of WebAdmin click on Network >> Routing.
b) Click the "New Policy Route" Button.
c) Select the Network you require for the source.
d) Select the Service Created in step 1A for the Service.
e) Select Any for the Destination.
f) Select the Definition Created in step one for the target.
g) Select The interface of the network you selected for the source interface.
h) Click the "Add Policy Route" Button.
3) Create the SNAT Rule.
A) Create a Source Nat rule for the Network of the origination traffic.
a) In the menu on the left had side of WebAdmin click Network >> NAT/Masquerading.
b) Name the rule.
c) Select rule type "DNAT/SNAT"
d) Select the Network you require for the source.
e) Select the Service Created in step 1A for the Service.
f) Select Any for the Destination.
g) Select the Definition of the Interface(Address) of the secondary connection for the Change Source to Drop Box.
i) Click the "Add" Button.
***Important Note
You cannot policy route HTTP or SMTP traffic if you are using the HTTP or SMTP Proxy. Configure the default gateway on the
interface that you would like the HTTP/SMTP traffic to go out and policy route your other traffic out the other interface as
required. An example is below where the HTTP Proxy and SMTP proxy use one connection and all other traffic goes out the second
Connection.
1) Create Definitions
A) Create A Default Gateway Definition
a) In the menu on the left hand side of WebAdmin click Definitions >> Networks.
b) Click "New Definition" Button.
c) Name your secondary default gateway.
d) Select the type of "Host".
e) Enter the IP of the secondary Default Gateway.
f) Click the "Add Definition" Button.
2)Create A Policy Route
A) Create A Policy Route
a)In the menu on the left had side of WebAdmin click on Network >> Routing.
b) Click the "New Policy Route" Button.
c) Select the Network you require for the source.
d) Select Any for the service.
e) Select Any for the Destination.
f) Select the Definition Created in step one for the target.
g) Select The interface of the network you selected for the source interface.
h) Click the "Add Policy Route" Button.
3) Create the SNAT Rule.
A) Create a Source Nat rule for the Network of the origination traffic.
a) In the menu on the left had side of WebAdmin click Network >> NAT/Masquerading.
b) Name the rule.
c) Select rule type "DNAT/SNAT"
d) Select the Network you require for the source.
e) Select Any as the service
f) Select Any for the Destination.
g) Select the Definition of the Interface(Address) of the secondary connection for the Change Source to Drop Box.
i) Click the "Add" Button.
*** Important Note
In this configuration All proxied traffic will go out the connection with the default gateway and all other traffic will go out
the secondary connection.
This thread was automatically locked due to age.