Policy Based Routing on Ubuntu Server

This is an example of how to set up Internet traffic routing in your network.

You have to match the settings, i.e. the parameters, with your network.

Multi WAN

POLICY BASED ROUTING CONFIGURATION

Gateway 1 ip address – 192.168.1.1 enp1s0 WAN1 --- following Gateway

Gateway 2 ip address – 192.168.2.1 enp4s0 WAN2 --- default Gateway

LAN local interface bridge0 ip – 10.0.0.0/24 (enp5s0 enp6s0)

Split the local network into two parts ...

01 The first group 10.0.0.0/25 which means 10.0.0.1-10.0.0.127 --- default Gateway
02 The second group 10.0.0.128/25 which means 10.0.0.128-10.0.0.254 --- following Gateway

In order to configure the Policy Based Routing, it is necessary to install and configure the following packages...

  1. Network Manager
  2. Cockpit Interface
  3. BIND (DNS Server)
  4. UFW Firewall and Forward Masquerade
  5. DHCP Server
  6. Now you can configure Policy Based Routing

(You should set it up first UFW Forward Masquerade)

Edit the following file in: sudo nano /etc/default/ufw set up ACCEPT

DEFAULT_FORWARD_POLICY="ACCEPT"

Edit the following file in: sudo nano /etc/sysctl.conf add the following line:

net.ipv4.ip_forward=1

Here you need to allow the exit of your local network to the Internet ...

Edit the following file add to the bottom (for example) sudo nano /etc/ufw/before.rules

COMMIT
# Add to the bottom of the file below COMMIT
# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/24 -o enp4s0 -j MASQUERADE
COMMIT

Run the command to refresh the settings:

sudo ufw reload

Step 1 Create routing tables.

Run commands:

echo 200 enp1s0-route >>/etc/iproute2/rt_tables
echo 201 enp4s0-route >>/etc/iproute2/rt_tables
echo 202 bridge0-route >>/etc/iproute2/rt_tables

Or edit the file:

sudo nano /etc/iproute2/rt_tables

Add to bottom next tables:

200 enp1s0-route
201 enp4s0-route
202 bridge0-route

Step 2 Set the default gateway that your server wants to use.

ip route add default via 0.0.0.0 dev enp4s0 metric 0

Step 3 We set default gateways for each interface with tables.

ip route add default via 192.168.1.1 dev enp1s0 table enp3s0-route
ip route add default via 192.168.2.1 dev enp4s0 table enp4s0-route

Step 4  Set ip rules for tables.

ip rule add from 10.0.0.0/25 table enp1s0-route
ip rule add from 10.0.0.128/25 table enp4s0-route

Step 5  Set ip route and rules for lokal lan interfaces.

ip route add 10.0.0.0/24 via 10.0.0.1 table bridge0-route
ip rule add from 10.0.0.0/24 table bridge0-route

If the settings are correct, everything works fine.

Can you make static routes permanent.

The first method is also practical in my opinion

Step 5 Static routes permanent. 

Create own file in 

sudo nano /etc/network/if-up.d/my_route

Add routes txt ...

#!/bin/sh

if [ "$IFACE" = "enp1s0" ]; then
    ip route add default via 192.168.1.1 dev enp1s0 table enp1s0-route
fi

if [ "$IFACE" = "enp4s0" ]; then
    ip route add default via 192.168.2.1 dev enp4s0 table enp4s0-route
fi

if [ "$IFACE" = "bridge0" ]; then
    ip rule add from 10.0.0.0/25 table enp1s0-route
    ip rule add from 10.0.0.128/25 table enp4s0-route
    ip route add 10.0.0.0/24 via 10.0.0.1 table bridge0-route
    ip rule add from 10.0.0.0/24 table bridge0-route
fi

Change permissions to 751 with chmod 751 my_route ...

sudo chmod 751 /etc/network/if-up.d/my_route

Now you can reset your server and make sure it works...

All that can be combined with ppoe pptp vpn etc. connections.

This type of router can have fantastic performance, plus you can run many other applications on it,

such as web server, mail server, samba server, ftp server, dns server, etc...

Tested on Ubuntu Server 22.04.03