How to configure Mac to route external IP requests to different interfaces?

2

I am currently setting up a Mac at home. It has a static IP of 10.0.1.254.

This Mac has a VPN connection to my workplace via tunnelblick (192.168.1.x and 192.168.2.x). This Mac can also run a few of my VM's (192.168.170.x).

While on another laptop (also a Mac) on the same network (10.0.1.x), I want to be able to connect to my workplace and to VM via this Mac.

On my laptop, I first tried to setup a routing rule:

sudo route -v add 192.168.170.163 10.0.1.254

On the Mac, I tried to enable IP forwarding, and even bridging:

sudo sysctl -w net.inet.ip.forwarding=1
sudo sysctl -w net.inet6.ip6.forwarding=1
sudo sysctl -w net.link.ether.inet.proxyall=1
sudo ifconfig bridge0 create
sudo ifconfig bridge0 addm en0
sudo ifconfig bridge0 addm vmnet2
sudo ifconfig bridge0 up

However, when I tried to access the URL http://192.168.170.163:80/ from my laptop, I don't seem to be routed to the VM on the Mac.

The tunnelblick experiment was worse, as I can't add it to the bridged network.

I could workaround with the VMware Fusion's nat.conf, or port forwarding via SSH, but prefer to avoid those as I want to preserve the IP address I am accessing via, and avoid too much configuration in /etc/hosts.

Is there something wrong with my concept/understanding? Is this not a problem that is solved via bridged network and IP forwarding?

Update:

I have performed a workaround:
1. My Mac (10.0.1.254) hosts a Windows 2003 Std Edition Server VM (10.0.1.253) with Routing Service enabled.
2. The Routing Service Windows VM has two network interfaces, 10.0.1.253 and 192.168.170.253.
3. My other VMs (192.168.170.253) configure the default gateway as 192.168.170.253.
4. My laptop on the network 10.0.1.x performs static routing for from 192.168.170.x to 10.0.1.253.

Kent Lai

Posted 2014-02-16T14:40:07.043

Reputation: 121

Do you have administrative access to the vpn router? – GnP – 2014-02-16T15:10:40.723

Does the route -v add 192.168.170.163 10.0.1.254 command work? I have no OS X here but I expected a different command which also used a netmask. (e.g. route -v add 192.168.170.163/32 10.0.1.254 or a route add -host 192.168.170.163 10.0.1.254). – Hennes – 2014-02-16T15:19:39.877

Nope, i do not have admin access to vpn router, nor the computers on the vpn. If it is not technically possible, then I'm fine. I'm primarily interested more in the routing to the VMs. Changing VMs IP to use bridged mode is an option but I would want to avoid that as I move these VMs around and share with others, so having 192.168.170.x is the preferred IPs. – Kent Lai – 2014-02-17T05:50:23.297

Yes, route -v add 192.168.170.163 10.0.1.254 works as I validate that it is routing properly via traceroute. – Kent Lai – 2014-02-17T05:51:16.410

Answers

2

The route add on your laptop was a step in the right direction, but you only get halfway through with it.

Consider this graph:

NETWORK A___
|          |
|          |
|          |
Laptop     Mac__________
           |            |
           |            |
           |            |
        NETWORK B      NETWORK C

You told your laptop that to get to NETWORK B it has to send the packet to Mac.

Now a computer in NETWORK B gets a packet from Laptop (10.0.1.10), but has no way to reply back, because it doesn't know the 10.0.1.10 IP (or the 10.0.1.0/24 network I assume) is reachable through 192.168.1.10 or whatever applies.

You either need to

  1. do IP Masquerading (so the terminals in NETWORK C and NETWORK B believe they're talking to a member of their own network), or
  2. add a route back to NETWORK A in each of the terminals you need to talk to in NETWORK B and NETWORK C, or
  3. add a route to NETWORK A in NETWORK B and NETWORK C default router... probably with routeback enabled.

I'm assuming OSPF or RIP are unavailable for you.

GnP

Posted 2014-02-16T14:40:07.043

Reputation: 1 266

I understand your explaination, but is curious of the following:a) If I set the Mac as the default gateway for my VMs, wouldn't all their traffic route to the Mac, even though they are on different subnets? Or is return traffic different? b) Isn't the purpose of a network bridge to route between two interfaces? Or am I misconfiguring the bridge on my Mac? – Kent Lai – 2014-02-17T05:51:43.663

@KentLai, yes, if Mac is the default gateway for NETWORK B and NETWORK C the setup should work. If it's setup that way and still doesn't work please add the output of ip route show or route -n or route -p (Linux/OSx/Windows respectivelly) for Laptop, Mac and a host in NETWORK B and NETWORK C to your question. Also a netstat -rn from Mac. – GnP – 2014-02-18T14:01:44.513

Asked: 2014-02-16T14:40:07.043

Viewed: 2 968 times

Active: 2014-02-23T09:06:54.323