50
28
I'm using multiple network interfaces (LAN and Wireless), and I've noticed that there's a way to change the order of prefered interfaces. How can I use the wired network to do work, check email, and so on (securely), and use the wireless VLAN to access other stuff (otherwise blocked by ports and sometimes websense)?
Kami
Posted 2009-05-02T18:42:45.117
Reputation: 3 108
23
The trick is adjusting the routing tables (which doesn't depend on destination port or source app, but does depend on the destination host). This assumes that you're on Linux or OS X (as the tags show).
Say your default gateway is 1.2.3.4 and you have a vpn which can route traffic on 6.7.8.9. If you want your mail traffic to route over 6.7.8.9, just do
sudo route add mail.myserver.com 6.7.8.9
Some versions of route might require a "gw" keyword between the address and next hop. If you want to make a whole net route over that next hop, just add a netmask in CIDR notation for the destination, like
sudo route add 192.168.0.0/24 6.7.8.9
If you want to view the existing routing table, use
netstat -nrl
or
ip route list
If you're on Windows, "net route" will get you most of the way there, but the syntax is totally different.
6
If you just want to have two NICs active at the same time, you can set the Service Order in System Preferences/Network by choosing the gear below the list of network devices. Drag and drop the order you want them in.
For example, I have Ether and WiFi always active on my MBP with Ether set above Wi-Fi. Since I use Ether at work, I set up that NIC with proxy settings and my Wi-Fi without. When I go home, there is no need to adjust any settings. You can also do this from terminal using/usr/bin/networksetup -ordernetworkservices.
But for having both active and an app use the non-default, I've had luck with a slightly easier spin on @Andor's advice. If I want an app to not use Ether in my case, I set the proxy settings for the app to the IP address of my wi-fi adapter. It will use that interface to get out and that way bypass the company proxy and monitoring servers. So if Ether has an address of 1.2.3.4 and comes before Wi-Fi (5.6.7.8) in the service order, I have my app proxy to 5.6.7.8.
SaxDaddy
Posted 2009-05-02T18:42:45.117
Reputation: 3 181
5
For Mac, there is a simple solution which I use. It's actually an implementation of @Andor's solution. Install a proxy and configure your apps to use it:
I installed SquidMan
In configuration add the following line. You need to specify the ip you will use for your private apps instead of x.x.x.x:
tcp_outgoing_address x.x.x.x
Start SquidMan and configure your app to use it as a proxy.
I spent an hour to find this information in different pages, so I hope it helps others to do it faster.
matrik
Posted 2009-05-02T18:42:45.117
Reputation: 51
Should work the same on Windows and seems to be the only elegant solution! – TJJ – 2017-11-09T10:30:34.943
1
You will probably need to use the low-level IO control functions (ioctl). In particular:
ioctl( socket, SIOCGIFADDR, ... ); // Get network interface address
and
ioctl( socket, SIOCSIFADDR, ... ); // Set network interface address
See this man page for more details.
1
Problem is that you're going to have multiple gateways to your network connection, and that's a bit difficult to manage...
Some server or network related unix and linux tools usually have a flag called "interface", where you can tell which interface you wanna use, like in tcpdump, for example:
tcpdump -i eth0
But as I think you are asking about routing standard desktop software, that gets a bit more difficult...
I can tell you a trick for that anyway... My usual fix for dealing with that problems is using a proxy and only having one gateway. Almost any software that uses Internet this days has options for configuring a proxy, so you can do it on any of this ways:
1.- Setting up a proxy on the "unsecured" (an I mean, where the policies are not enforced) part of your network, and pointing your software to that proxy.
2.- Setting a SSH server on another "unsecured" place, say, your home, or a dedicated server you have on the internet, and opening a connection through a special feature that SSH has that creates a socks proxy server:
ssh -D 1234 user@host
That would create on your computer a socks proxy server on port "1234", that would connect to your "host", using your "user", and go to the Internet through the connection that your "host" has... Then, on your local software, you only need to open the proxy configuration tools, and point to localhost:1234.
Nice tricks for avoiding corporate internet policies :P
:D
Andor
Posted 2009-05-02T18:42:45.117
Reputation: 139
1
I run my business applications inside a virtual machine. I used the instructions above to set WiFi as my preferred connection, then configured the virtual machine to use the ethernet port as a "Bridged" adapter.
Anything running inside the virtual machine now is hard-linked to the ethernet port. WiFi is my preferred connection for all other applications (outside the virtual machine), as long as I have a WiFi connection attached.
I believe there exist utilities that can be used to force the binding of an application to a particular ethernet port, but have not researched it for MacOS.
The routing method previously mentioned is somewhat complex for the "lay person", but seems like a good viable approach as well, especially if you repeatedly get the same IP address on your connections.
Rich
Posted 2009-05-02T18:42:45.117
Reputation: 19
0
Even though this question is for OSX, I'll leave the following here which works on Windows 7 64-bit. This question came up as one of the top results when googling for force applications to go through a specific adapter, so the following might be useful to others.
http://www.howtogeek.com/117890/how-to-force-an-application-to-use-a-specific-network-card/
The above guide uses a utility called ForceBindIp which is advertised to work on Windows NT/2000/XP/2003 but I had no issues getting it to work on Windows 7 - 64 Bit.
Ashutosh Jindal
Posted 2009-05-02T18:42:45.117
Reputation: 322
2@gman: Nothing about this answer is specific to websites. – Lightness Races with Monica – 2016-10-24T15:01:27.413
4The OP wants to choose network interface based on application program. This answer shows how to choose based on destination host. – Bennett McElwee – 2018-06-10T21:40:34.013
I'm not going to downvote this (it is good advice for another question), but I'm certainly not going to upvote this either (for reasons stated by @gman and @bennett-mcelwee). – ratskin – 2018-09-20T12:07:15.083
Per above, this does not answer the question of how to lock a specific app to a specific NIC. – catchdave – 2019-11-03T23:02:49.313
19This isn't really an answer is it? The question is how to force an app not a website. For example what I wanted Safari to go over VPN(ppp0) but Firefox to go over en0 regardless of what site they are accessing? That's the question. – gman – 2013-07-19T04:18:08.207