Port based routing?

Hi,
My Mac connects to Internet through ADSL router, and to a PPTP-VPN host through this connection.
And I want to FORCE all my http/https connections(that use destination port 80, 443, and perhaps some more) to use the VPN, while keep anything else go through the ADSL router directly.
Is this possible?

Did you find any solution?
I'm trying to find a way to do this too.. on linux port based routing can be done with iptables. Mac OS X uses ipfw but:
The fwd action does not change the contents of the packet at all.
In particular, the destination address remains unmodified, so
packets forwarded to another system will usually be rejected by
that system unless there is a matching rule on that system to
capture them.
Then there is natd? I'm not sure if this can be used..
And another one is /etc/pf.conf which has this openbsd guide but fails with "PF ERROR! No ALTQ support in kernel. ALTQ related functions disabled".

Similar Messages

ASA 5505 interface based routing?

Hi,
I got an ASA 5505 in my lab and got it working fine with one IP and various NAT and other scenarios (I'm currently refreshing my skills after a longer break on the job).
Now, from my ISP I can get up to 5 public IPs. However, those IPs are assigned via DHCP and they are pretty random and not all in the same subnet. For testing, I created an interface outside2 on e0/1 and connected that to one of the ports of the cable gateway. The interface does get an IP and INCOMING packets go to the right place via static PAT, BUT the replies don't arrive at the client. I strongly suspect that the ASA is sending the reply packets through the other public IP on outside (e0/0) which would make sense because that's where the default route points.
Is it possible to configure some kind of interface base routing, i.e. if a packet comes in via outside2, the corresponsing reply goes through outside2 and through the gateway outside2 receives via DHCP?
-Stefan

Hi Stefan,
As I understand the traffic is coming in from outside2 going to a host-A behind the ASA.
Host-A will reply back, but this traffic will exit out through the outside 0/0 interface since there is where you have configured the default gateway.
In order to send the replies to client over outside2, you need to setup specific routes on the ASA through outside2 interface.
Also remember that ASA doesn´t support Policy Based Routing(PRB), because ASA routes the traffic based on destination:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/route_static.html#wp1121567
Harvey.
Please rate if this is the correct answer.

Policy based routing on a Layer 3 switch

I am doing some lab testing on policy based routing. I am having some issues that I can't see to get working right.
Here is the config:
ip local policy route-map Test-map
ip access-list extended icmp
permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
permit icmp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255
ip access-list extended telnet
permit tcp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet
permit tcp 192.168.2.0 0.0.0.255 192.168.200.0 0.0.0.255 eq telnet
ip access-list extended test
permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255
route-map Test-map permit 10
match ip address icmp
set ip next-hop 192.168.1.3
route-map Test-map permit 20
match ip address telnet
set ip next-hop 192.168.1.2
The first thing I did was I only had 1 network on this box the 192.168.1.x and when I plugged a pc into a port on the switch and tried to ping the remote network of 192.168.200.1 it will not hit on my access-lists for my policy based routes.
If I do a ping from the switches IOS interface directly the access-lists get hits and the policy based routes work fine.
So I was puzzled by this and figured maybe policy based routes only work if they come from one network to another network. So I setup a 2nd vlan called 192.168.2.x and put my pc in that vlan. I then proceed to ping 192.168.200.1 and still was unable to get any hits on the access-lits or policy based routes.
So what am I doing wrong or am I trying to use policy based routing wrong here?

I've done that command but then when I do a "show run" I don't see it in the configuration and it doesn't seem to be working.
Also if everything is on the same vlan 100 will the pbr work? or does this require that I use two different vlans? (one for inside and one for outside) so that I have a interface from where the packets are coming from?

SRP527-U Policy Based Routing To Squid?

Hi,
I have a SRP527-U running 1.2.6.
I have a simple setup, a ADSL connection to the Internet and a bunch of PC's behind that with Internet access.
I've setup a host on the same VLAN as the other devices and I've set it up running squid.
What I'd like to do is use the Policy Based Routing function to force all users trying to browse the Internet through that squid instance.
That is
Source of 192.168.0.20/32 Port 80 -> Policy Based Route to Destination of 192.168.0.50 port 3128
Is that possible with this device, or is that outside of its capabilities? I've looked at the PBR section, but it seems to imply forcing all traffic out through a WAN Interface which isn't what I want to achieve.
Kind Regards,
Tim

Scott
If the destination IP is in the same subnet as source IP then it won't be routed it will be L2 switched so it would never use the default gateway ie.
src IP 172.21.1.10 255.255.255.0
dst IP 172.21.1.237 255.255.255.0
src compares it's own IP with it's subnet mask and sees it is on the 172.21.1.x network. src then compares the destination IP with it's own subnet mask and sees it is also on the 172.21.1.x network so it simply arps out for that address and when it gets the mac address it sends it direct to the destination. It would only use the default gateway if the destination IP was on a different network.
So i don't see how you will be able to do this and i'm not sure why you are seeing hits in your PBR acl for the host in the 172.21.1.x network.
Edit - what exactly do you mean when you say -
However when im in vlan 802 my host traffic never gets to 172.21.1.237 when pointed at the gateway 172.21.1.1.
How are you doing this ie. pointing it to the default gateway because as i say it should always be able to communicate with 172.21.1.237 as it is in the same subnet.
Jon

Does the SLM224G switch support port-based VLAN's?

I am looking for a simple solution to create two LAN's. One for my own and one for my customers, who will be able to use desktop PC's with internet access. I have only one internet connection (DSL over ISDN) and wil not getting another just for my customers.
My own network should not be accessible or visible to users who are using the customers-PC's. The other way around is allowed, but not really necessary. My setup requires me to hook up the switch to the (ISP) router, and that router just has one LAN port not able to do anything related to VLAN's.
I read about port-based VLAN's here, where it is stated that creating seperate LAN's is just putting ports into VLAN's on the switch, nothing else needs to be done... However, they used a NetGear smart switch.
I checked out Cisco's SLM224G as it is affordable, has 24 ports (instead of 8 for the NetGear) and should support VLAN's. I have read a lot about VLAN's, including:
"- Port-based VLAN's means that you can reconfigure ports to be in different VLAN's. Port-based VLAN's do not confirm 802.1q VLAN support.
- 802.1q VLAN's means that you can tag VLAN's with 802.1q headers to create a trunk between two devices that carries frames for multiple VLAN's. 802.1q VLAN's confirm that there is also Port-based VLAN support."
I known from the spec sheets that the SLM224G supports 802.1q (tagged) trunking. So it should, given found text above, also support port-based VLAN's.
My question is whether it indeed will support port-based VLAN's?
Am I able to use it directly behind my ISP's router and create two seperate LAN's?
If so, one extra question: how are the PC's behind the switch (inside the two VLAN's) get their IP-adresses from the ISP-router? Or will it service only one of the two LAN's and should I install a DHCP-server in the other LAN?
Any information is very welcome!
Thank you.

Thanks for your responce, mr. Carr.
I have read more about vlan's and their setup. I think the article about port based vlan's was lacking some information about the router/firewall. May be it was set up to work with different vlan's from the start. Strangely, in the text it is said that nothing needs to be set up besides the (Netgear) vlan-capable switch.
So, from your response and other texts I learned I needed a vlan-capable router. I have to say that I need to be able to manage a server on the LAN from the outside (internet). I already tried to set up a Cisco/Linksys WRT54G router behind the ISP's (ZyXel) single LAN-ported router and that would not work at all (even when the Linksys was set in router-mode). I lost the connection to internet setting it up that way. I even tried to setup the Linksys in the DMZ of the ZyXel, with no luck. I was unable to set that up with working internet-access form the LAN. So I was not too happy with the suggestion to set up a (second) vlan-capable gigabit router behind the ISP's router....
Eventually, I bridged the ZyXel to get rid of the double NAT/gateway mode of the two routers as routing mode did not work on the Linksys. The Linksys is now getting the WAN-ip from the ISP on it's WAN port and I furthermore used DD-WRT's firmware to enable the build-in vlan-capabilities of the Linksys.
Now I have set up the Linksys with two vlan's and I bought the SLM224G as an inexpensive manageable 24-port vlan-capable switch to provide the number of ports I needed. I devided the SLM in two vlan's and used two wires from the Linksys to the SLM. So the SLM does support port-based vlan's by simply setting up two ranges of ports with different PVID settings. Trunking and 802.1q tagging isn't needed that way. I know I could have used two dumb switches to get two separate subnetted networks, but this way I get just enough ports in a single device where I have ample space to put it.
Anyway, thanks for helping me understanding the way vlan-capable switches work.

I am having trouble viewing iStore. It appears as if its a Flash issue, as several minutes after logging in to iStore I get a non-flash page of iStore in my iTunes window. I have re-installed everything and tried opening all ports in router....any ideas?

I am having trouble viewing iStore. It appears as if its a Flash issue, as several minutes after logging in to iStore I get a non-flash page of iStore in my iTunes window. I have re-installed everything and tried opening all ports in router, and used msconfig to bring up each service individually to see if there is an effect.Flash and iTunes have been re-installed ...any ideas?

I agree. I don't rely on iCloud as a backup, that is what I have my portable hard drive for. Its 500 GB so I can hold my entire iTunes library several times over on it. I have all my movies on my hard drive, but somehow "The Mist" got deleted off of my hard drive, so I figured "Well, the option to redownload an already purchased movie is available through iCloud, I'll just do that!"
And permissions and download availability have nothing to do with it, the movie's still there, it still allows me to redownload it. The only problem is when I click download, I get that message.
And nobody else uses my computer, but I do have multiple accounts authorized on it. Even still though, I am attepmpting to download it through the account I purchased it under. :/

Has anyone successfully used a "WD My Book for Mac" via NAS (plugged into USB port on router) as a Time Machine back-up drive?

Has anyone successfully used a "WD My Book for Mac" via NAS (plugged into USB port on router) as a Time Machine back-up drive? Apple support tech tried to tell me it wasn't possible and that the only NAS Time Machine could back up to is the Time Capsule, but I'm not buying it. I know it's doable, but I'm having a hard time figuring out which External HDDs will work and which ones won't. If not My Book for Mac, is there an External HDD that will work? (Running OS X 10.9.1 - Mavericks, btw...)

Given the nature of backups, my recommendation has always been to use a strategy that is unequivocally supported by Apple. As you already determined Apple Support unequivocally informed you that your proposal will not work, unless your router is an Apple AirPort Extreme or Time Capsule.
The exhaustive list of devices supported by Time Machine amounts to the following:
AirPort Time Capsule's built-in hard disk (any model)
External USB hard disk drive connected to a Time Capsule (any model)
External USB hard disk drive connected to an AirPort Extreme (current model only)
A hard disk drive directly connected to your Mac
That is all.
Use whatever backup device you want, but you should be aware that this site is full of reports of misery from hapless individuals who had been using NAS devices for Time Machine backups, only to find that they were incomplete, corrupted, or useless when they were required. Apple won't care if you lose your data while using a Time Machine configuration specifically excluded from their technical support documents.

Sender SMTP Adapter / Content Based Routing / Mapping of an attachement

Hi all,
I'm still working on my SMTP --> PI --> Proxy scenario (asynchronous). I've tried several different properties of my sender communication channel (type = mail), but I didn't find the correct configuration. Hopefully it exists.
I'm working with PI 7.0 SP10.
I get an inbound message via Mail using sender SOAP Adapter. The message payload itself is an attachement. Now I'd like to do the following:
a) Content Based Routing in Receiver Determination based on the message subject
b) Mapping of the Attachement XML message to my inbound proxy interface
Now, trying to do so, I didn't get it work. When I use XIPAYLOAD with keep attachements, I get two attachements in my inbound message (one in XI mail package format having the subject within, one with the IDoc structure I'd like to map). How can I assign the second attachement to be used for my message mapping?
When I use XIALL instead of XIPAYLOAD, I think the mapping will work but my subject for content based routing will be lost, right? That one I didn't get running because of another failure, so I don't know the exact behaviour of the adapter for that configuration.
Anybody out there who know the correct configuration for the sender mail adapter for my small scenario above?
BR
Holger

Hi Stefan,
sorry for misunderstanding, for sure I'm using the mail adapter, not the SOAP Adapter. I'm actually on the same direction. I'm using XIPAYLOAD as message protocoll (having the attachement as the content for the mapping --> correct). Furthermore I've also found the predefined context objects for the content based routing receiver determination.
What I missed was setting the following properties in the communication channel:
To store adapter attributes in the message header of the XI message, set the Set Adapter-Specific Message Attributes indicator.
The following attributes are added to the XI message header if the sender makes them available, and if the Variable Transport Binding indicator is set.
Now it's working
BR
Holger

Any solutions for URL based routing

Hi,
I have an ASA 5505 that has 2 route (1 route connecting to MPLS VPN to HK branch office and 1 route connecting to Internet service provider). As you know, ISP in China blocking many web sites (such as facebook, youtube or etc.). So , I would like to route the traffic when the user in China office would like to browse facebook.com or youtube.com to HK ASA and egress to the internet by NAT. However, all other traffic remain to route to ISP in China, so that the Internet traffic in HK office will not be overload and the user in China can browse facebook.com or youtube.com.
I have researched a topic of regular expression with Modular Policy Framework (MPF). I expected that if the ASA can match the traffic, I can set next hop to HK office's ASA. However, this feature does not support https so that my expectation failed. Because the login page and sometime these web site using https for encryption. I hope URL based routing work on both http and https can work.
Do anyone have any solutions to resolve this situation? Please kindly provide it to me. I would appreiciate it if you could also provide configuration example with commands. I look forward to hearing from anyone soon. Thank you.
Regards,
Lapson Wong

What you are trying to do is policy-based routing which is not supported on the ASA. MPF is used only for inspection and QoS type serverices.
If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network. another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.

Content based Routing?

Hi Forum,
I've looked through the messages regarding content based routing or similar's but the answers did not satisfy my needs. I have an XSLT mapping from a flat file structure to an IDOC. To qualify the receiving system I have to do a database lookup in my XSLT mapping by a Java extension function with combining some of the inputfields. The result of this database lookup is the Receiver System. How can I use this result in the condition Editor for the receiver determination. I can only use here the Nodes from the inputmessage. Are there other ways to have access to a "global Container" where I can store the results from the databaselookup to use them here?
Thanks for you patience
Manfred Schmidt-Voigt

Hi,
If the outbound adapter is a j2ee adapter, you can write a module which performs the lookup in a database or what ever. Then alter the message and add the information looked up.
The easy way would be to add an extra attribute on the root node and add the content of the lookup in this field.
I whould though prefere to use add the information to my root node.
If you are not that keen on adapter development, the send the message into a bpm where you perform a lookup. This could probably be performed useing one of SP13's lookup functions. The BPM should only consist of a recieve and a send step. When sending the message you should be able to perform the routing.
/daniel

Content based routing in PI 7.1?

Hi Guys,
For the normal content based routing in PI 7.1 in the receiver determination step once i select the conditin and in the condition editor to choose the filed, i dont see any interface under the xpath.
I dont have any search help option in the xpath column
any help or suggestions would be appreciated
Thanks,
Raj

Hi Raj,
Try the steps which I am giving below, although it's a workaround and don't know the exact reason why it is failing.
1. Open your Outbound Message Interface (which you are using in your Receiver Determination) in IR, edit it and change the Interface pattern (which is there just below the category "Outbound") to "Stateless (XI30 - Compatible)" , save it activate it.
2. Follow the same step for your Inbound Message Interface. Change the Interface Pattern from "Sateless" to "Stateless (XI30 - Compatible)" .
3. Go to ID. Remove your Outbound and Inbound Message Interface from their respective Business Service/Comp and add it again.
4. Create your your receiver determination again using the Outbound and Inbound MI you have changed.
5. Open condition editor of your receiver determination.You should be able to see your Message Interface and can choose the XPath.
Follow the above steps carefully. It took me an hour to find this workaround. Let me know if it works.
Thanks
Amit

Oracle ESB - Message routing support & content based routing

Hi Friends,
Can anyone please let me know how message routing and content based routing is happening in Oracle ESB.

Check this...
http://docs.oracle.com/cd/E23943_01/dev.1111/e15866/tasks.htm#i1116351
And this...
https://forums.oracle.com/forums/ann.jspa?annID=893

Content based routing and XML with multiple objects

I have some structure:
<contracts>
<contract>
     <department>1</department>
</contract>
<contract>
     <department>1</department>
   </contract>
<contract>
     <department>2</department>
   </contract>
</contracts>
I need to route contract to 2 system based on <department> value:
contracts/department = 1 --> System1
contracts/department = 2 --> System2
Will XI split my XML (based on Content Routing rules in ID) into 2 structures (with departmet=1 and department=2 accordingly) ?
Or I have to perform 1ToN mapping? I don't like it bacause it will be diffucult to monitor hundred of messages.

Alternatively if you donot like 1:n mapping and BPM.
Create two message mappings in the IR
1.Source :<contracts>
<contract>
<department>1</department>
</contract>
<contract>
<department>1</department>
</contract>
<contract>
<department>2</department>
</contract>
</contracts>
Target:
<contracts>
<contract>
<department>1</department>
</contract>
<contract>
<department>1</department>
</contract>
Basically mapping generates a target structure which has only department 1.
2.Same like step1 but the mapping should generate the XML with department = 2.
Once requires steps are done in the ID , do the content based routing in the reciever determination and give the appropraite message mapping in the interface determination.
That should your problem and also you will like doing it as it does not involve any split level mapping..:)

Content Based Routing in ESB

Hi All ,
I needed some help on the content based routing feature in ESB .
I have an ESB Process in which Data is extracted from a Database(using Select operation) and I have a column X based on whose content I want to invoke the next set of target services . I had assumed having 3 different routing rules with the Filter expression based on the content of X will do the work .This works only when I have one record for a batch of records it doesnot work .
Wanted to know how does it evaluate for a scenario where we have multiple records in a payload with the value of the column on which we are doing content based routing varrying across the payload ?
Thanks in advance.

Hi,
As James stated esb is processing the incomming recordset as one message so it applies your xpath expression to that message as a whole. Anyway, in your case, if you want to process records from a database table one record at the time i would go for the db polling mechanism and change my database model to include a logical delete column (eg a column processed which contains a Y or a N). You can not split a multiple record message in esb itself into separate messages for each record.
Kind Regards,
Andre

Content based routing in receiver determination.

hi,
how to do content based routing in receiver determination based on value of of a variable of target structure?
Miten.

ths is what you are looking for
/people/shabarish.vijayakumar/blog/2006/06/07/customise-your-xpath-expressions-in-receiver-determination
/people/shabarish.vijayakumar/blog/2005/08/03/xpath-to-show-the-path-multiple-receivers

Port based routing?

Similar Messages

Maybe you are looking for