<

Policy based routing on Windows with freeware tools

Published on
17,425 Points
11,425 Views
Last Modified:
Approved
Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools.

The situation when you might need it is very rare, especially on Windows machines, but still it might happen. For example your user might be connected to external VPN and IP addresses of DNS servers will change. Also there might be some resource that is accessible from the Internet and from corporate network.

From the Internet, it is accessible from external IP 1.1.1.1 and from a corporate network it is accessible from 192.168.2.1 IP (for example). So while connected to VPN name of this site will always resolve to external IP. Also there might be some resource that is accessible only from corporate network and is accessible on the same DNS name, but on a different port.

So you might want to forward all traffic destined to this port to internal IP 192.168.2.1 and all traffic destined to default port to external IP. Forwarding of traffic to different IPs based on destination IP and port number is called policy based routing. It is easily implemented on Linux/ Unix systems and on Cisco routers, but is unavailable on Windows systems. Here I want to tell you about the trick that can implement policy based routing on Windows and this solution is completely free.

First you need to install Microsoft loopback Adapter (reboot will be required).
Steps on Windows XP will be:

Go to Control Panel
Choose “add hardware”
Chose “Yes, I have already connected the hardware”
From the list chose “Add a new hardware device”
Chose “Install the hardware that I manually select from a list (Advanced)
Chose “Network adapters”
from Manufacturer column chose “Microsoft”, from Network Adapter column chose “Microsoft Loopback Adapter”
Click next and install will start
click finish and restart your system

Then you need to assign any IP to Microsoft loopback adapter. This IP will not be discoverable on your local area network, because Microsoft loopback adapter is connected only to host machine. For example, assign to adapter 10.10.10.10 IP.

Next you need to associate a DNS name that you want policy based routing to apply to with IP address of your loopback adapter. For this you need to edit the hosts file and flush DNS cache:

Open notepad by clicking start>run>type ‘notepad’ (without quotes)>hit enter
Click File>open and in the “Files of type” drop down list chose “All Files”
While Open dialog box is open navigate to c:\windows\system32\drivers\etc and chose hosts file.
Navigate to the end of the file and type in the new line: “10.10.10.10” then hit Tab and type the DNS name of the site that you want policy based routing to be enabled to (for example testsite1.com)
Save the file
Next you need to flush the DNS cache so that entries from hosts file will be loaded to it:

Click start>run>type cmd and hit enter
Type ‘ipconfig /flushdns’ (without quotes) and hit enter
Type exit
Next you need to download and install some port forwarding software, for example http://sourceforge.net/projects/pjs-passport/. This utility will install as a Service and configure itself to automatic start up.

The last thing that you need to do is define forwarding rules. For instance, if you need that all traffic that is assigned to testsite1.com:80 will be forwarded to 1.1.1.1 and all traffic that is assigned to testsite1.com:8080 has to be forwarded to 2.2.2.2 you need to configure rules as follows:

Source port: 10.10.10.10 port:80 	Target port 1.1.1.1 port 80
Source port: 10.10.10.10 port:8080	Target port 2.2.2.2 port 8080

Open in new window

You can choose whatever combination of source ports and destination IP addresses and ports. If you need traffic forwarding to more than one IP address, all you need to do is install another Microsoft loopback adapter, assign it another IP and associate destination dns name with this IP.

However this method has a serious limitation.  If you need to make policy routing based not on DNS name, but on IP address – you need to substitute another IP address instead of destination. You cannot assign destination IP address to loopback adapter. This configuration will not work. I assume that in most software you can substitute some other IP, instead of destination or you can use dns name. But if you cannot unfortunately this method is not for you.  

I hope this helps someone and I'm looking forward to any feedback from readers.
0
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free