[Policy Based Route 2] Mapping Paths with Mangle

This article is a continuation of the previous article. In the previous article, we discussed “Mapping paths with Route Rules” so in this article we will discuss [Policy Based Route 2] Mapping Paths with Mangle.

Mangle is one of the features found on the firewall menu. Mangle itself has a function to mark a connection or data packet, which passes through the router, into the router, or exits the router.

Network Topology
Network Topology

In yesterday’s case, we can map LAN-A connections using ISP-A and LAN-B using ISP-B using Routing Mark, but if we want more specific configurations such as mapping Browsing connections (HTTP, HTTPS) through ISP-A then connections FTP, E-mail using ISP-B then we can use additional configuration using Mangle – Routing Mark.
For more or less the same topology as last week, only, in this case, we will map the Browsing (HTTP, HTTPS), FTPand E-mail connections.

Configuration

We need to do a “basic-config” on the router so that the router can connect to the internet. More or less basic configuration as in the previous article. Friends can see the previous article on the following page: [Policy Based Route 1] Mapping Paths with Route Rules.
Before mapping, we can group Wlan1 and Wlan2 interfaces with the name “LAN” using the “Interface List” feature,

Interface List
Interface List

Interface List

 

After successfully doing the basic configuration and LAN grouping interface, then the next step we can mark the browsing package (HTTP, HTTPS) using ISP-A and FTP, Email using ISP-B.
Mangle feature can be found on the IP menu >> Firewall >> Mangle. We can define the ports and protocols used, namely the HTTP, HTTPS, FTP and E-Mail ports.

 

Mangle Rule
Mangle Rule

Perform the same steps for FTP and Email connections, so that in Firewall Mangle we have 2 Mangle rules with Routing Mark “Browsing” and “FTP – Email”.

Firewall
Firewall

After marking the packet using Mangle, then the next step we can specify for Browsing packages (HTTP, HTTPS) using ISP-1 while the FTP connection, E-MAIL uses ISP-2 in the “Routing Mark” parameter for each Default Route.

Route List
Route List

Perform the same steps for the FTP and Email connection. So we have two Default Routes with FTP-Email and Browsing Mark Routing

Route List
Route List

Testing Phase

  • Browsing Test: With the above configuration the following results are obtained when the client is browsing and opening the Youtube.com (HTTPS) page:
Interface List
Interface List
  • Email Testing: Testing Email we can do monitoring with the torch tool to see whether the path used is appropriate or not. And the following results are obtained:

 

email test
email test

With the above configuration, we can map connections based on the port and protocol used. But for the above configuration, there are still a few configurations that are lacking, namely when the client wants to connect, for example, PING (ICMP), the client cannot do PING because on Mangle we do not define an ICMP connection.

As a solution for connections other than HTTP, HTTPS, FTP and E-MAIL, a “Default Route” is created with the destination 0.0.0.0/0 and using the ISP-1 gateway. That way when there is traffic other than what is defined on the mangle, it will be missed on ISP-1.

Route List
Route List

I hope it has been a useful article.