o.thoma

Q: Bypass proxy to reach imap.gmail.com

Hello everybody,

I need your help to get my mac on the intranet of my company.

 

At home, I use Wifi, no proxy.  --> Works perfectly.

At work, I use Wifi EAP-TLS (installed by IT service), no proxy settings, I have access to the internet, but no access to the intranet of the company.

So I use a wired connexion, with proxy (auto discover, autoconfig, proxy web http, proxy web https) to get access to the intranet web based tools.

 

When I'm connected to both work wired and work wifi, I don't get access to my gmail mailbox set in Apple Mail, continuity and messages from iPhone (green ones). <-- if wired connection has priority over wifi

 

or

 

I have access to gmail and other stuff, but no more intranet tools if I set Wifi connexion priority...

 

So, I guess I have to set wired, first and set it to ignore connexion to imap.gmail.com or imap.gmail.com:993 but I can't get it working.

 

Does anyone have an idea how to solve that ?

 

Thanks a lot.

MacBook Pro with Retina display, OS X El Capitan (10.11.3)

Posted on Feb 7, 2016 5:57 AM

Close

Q: Bypass proxy to reach imap.gmail.com

  • All replies
  • Helpful answers

  • by KiltedTim,

    KiltedTim KiltedTim Feb 7, 2016 6:15 AM in response to o.thoma
    Level 9 (55,083 points)
    iPhone
    Feb 7, 2016 6:15 AM in response to o.thoma

    Talk to your IT department.

  • by o.thoma,

    o.thoma o.thoma Feb 7, 2016 6:19 AM in response to KiltedTim
    Level 1 (0 points)
    Feb 7, 2016 6:19 AM in response to KiltedTim

    Do I have to check your comment as "This helped me" or "This solved my question" ?

  • by KiltedTim,

    KiltedTim KiltedTim Feb 7, 2016 7:06 AM in response to o.thoma
    Level 9 (55,083 points)
    iPhone
    Feb 7, 2016 7:06 AM in response to o.thoma

    No. You don't have to check anything if you don't want.

  • by BobHarris,Helpful

    BobHarris BobHarris Feb 7, 2016 7:24 AM in response to o.thoma
    Level 6 (19,292 points)
    Mac OS X
    Feb 7, 2016 7:24 AM in response to o.thoma

    o.thoma wrote:

    Do I have to check your comment as "This helped me" or "This solved my question" ?

    You do not have to.  If the information provided helped, you may choose to click this helped me, but not required.  If actually solved your problem, you may choose to click this solved my question, but no required.  The terms of service prevent us from asking you to click on those links.  It is completely your choice.

     

    I too have a corporate firewall at work.  They DO NOT allow access to outside of work mail server ports.  I have chosen to just use the Google gmail web interface for my personal gmail account when at work, and it is basically good enough that I just continue to use it at home as well.  And I use Thunderbird to access work email (again at work and at home, because work allows outside access via TLS mail connections).  This keeps work and personal emails separate.  I've stopped using Apple Mail.


    But I'm not suggesting you do this, only telling you what I did.

     

    You could experiment with the 'route' command from an Applications -> Utilities -> Terminal session.  Essentially, you would tell 'route' to send Google gmail's IP addressed traffic to the router assigned to your WiFi connection.

    man route

    and Google "os x route" for more information and examples.

    netstat -nr

    man netstat

    may be helpful in identifying the default (primary router gateway) and the alternate router gateway.

     

    If you get it to work, the fun part is how do you set it up again after a reboot .  You may need to look into launchd daemon or agent for that.  More Googling.

     

    NOTE:  It has been 10 or 12 years since I last played with the 'route' command, so I am really not up to speed on its use today.  Basically, I've pass along all the information I know.  Your turn to dig in.

  • by o.thoma,

    o.thoma o.thoma Feb 7, 2016 7:32 AM in response to BobHarris
    Level 1 (0 points)
    Feb 7, 2016 7:32 AM in response to BobHarris

    I am really sorry guys, maybe it's my european point of view, but such an answer does NOT help.

    Can someone be stupid enough not to think about talking to IT department BEFORE asking a question on a forum? Be sure it's not my case.

    If I ask it here, I have my reasons, and "mac haters IT service" is just a part of it...

     

    Anyway, BobHarris, your answer helped even though it didn't solve my problem. At least, I have some clues to go on looking for a solution.

     

    By all means, thank both of you for the time spent in your answers.

  • by BobHarris,Helpful

    BobHarris BobHarris Feb 7, 2016 8:29 AM in response to o.thoma
    Level 6 (19,292 points)
    Mac OS X
    Feb 7, 2016 8:29 AM in response to o.thoma

    The problem is you have 2 routers, and you need a way to tell the Mac were to send requests.  Maybe someone has a GUI interface that will do the 'route' commands, but you need a way to direct that traffic to your WiFi's router, otherwise it is always going to go to the Ethernet's router.

    <https://superuser.com/questions/756134/how-to-direct-ip-route-through-specific-i nterface-in-os-x>

    <http://blog.irrashai.com/blog/2009/03/how-to-add-static-route-in-mac-os-x/> this seems to cover adding routes after reboot

    <http://blog.remibergsma.com/2012/03/04/howto-quickly-add-a-route-in-mac-osx/>

    <https://glazenbakje.wordpress.com/2012/11/07/add-or-delete-static-routes-apple-m ac-os-x-mountain-lion/>

    You can easily experiment with the route command, as they are NOT permanent, and a reboot will make them go away.  Only if you start to setup files with routes in them will they come back after a reboot.

     

    Or you can just use the Google Gmail web interface

  • by KiltedTim,

    KiltedTim KiltedTim Feb 7, 2016 12:36 PM in response to o.thoma
    Level 9 (55,083 points)
    iPhone
    Feb 7, 2016 12:36 PM in response to o.thoma

    o.thoma wrote:

     

    Can someone be stupid enough not to think about talking to IT department BEFORE asking a question on a forum?

    Yes. it happens all the time.

    If there is a corporate firewall/proxy in place that's blocking access to outside mail servers, it's there for a reason. Attempting to bypass it may end up getting you fired. If you're OK with that, then go for it.

  • by Drew Reece,

    Drew Reece Drew Reece Feb 7, 2016 2:20 PM in response to BobHarris
    Level 5 (7,490 points)
    Notebooks
    Feb 7, 2016 2:20 PM in response to BobHarris

    It seems like route should work Bob, but it may get complex if IPv6 is used too.

     

    It may be possible to reorder the network interfaces so that the 'internet based' wifi connection will be used first. In 'System Preferences > Network' unlock the panel with an admin password & then 'set the service order' via the 'gear icon'. Drag wifi to the top, apply it & retest.

     

    I suspect your local intranet may fail depending on how it operates (if it has DNS records that are public). Just revert the service order if that ceases to work or try adding the intranet DNS server to the wifi DNS settings.

     

    I suspect you want to use 'Network locations' to manage these tests, they allow you to have collections of settings for the interfaces. Use the popup menu at the top of the network window to add/ edit them.

  • by o.thoma,

    o.thoma o.thoma Feb 7, 2016 4:14 PM in response to Drew Reece
    Level 1 (0 points)
    Feb 7, 2016 4:14 PM in response to Drew Reece

    Thanks a lot for your answer.

    I already tried to modify network interface priorities.

    If Wifi is first, I have access to gmail inside Mail.app, I have messages working, ... but I don't not get access anymore to the intranet tools.

    And if wired is first, I have all the stuff above NOT working, but get access to the intranet tool (& color copiers).

     

    So I was just asking if someone knew an easy wayto set wired connexion to the intranet, and wifi for anything else.

     

    But I'll try the IT services, ...

    I thought I would get better feedback here then just "use the company desktop computer at your disposal, because mac *****, ..." which is kind of stupid and I wasn't wanting to lose my time with that kind of guys and the first answer I got here was: "go to IT services" which is not really better.

     

    In the end, Drew, You just raised the level higher by your kind answer. Even if Bob already did it before.

     

    Once again, thanks to all of you. But please, Kilted Tim, do not answer anymore, be smart enough to be the guy that doesn't absolutely want to have the last fine word.

    I know what firewall and proxies are made for, I was just expecting if I missed some hidden settings or some "impossible to miss because in the middle of the screen" setting I just didn't see for whatever reason. And thanks for taking care of my career, but I think I'll drive it by myself.

     

    Cheers.

  • by KiltedTim,

    KiltedTim KiltedTim Feb 7, 2016 6:22 PM in response to o.thoma
    Level 9 (55,083 points)
    iPhone
    Feb 7, 2016 6:22 PM in response to o.thoma

    Suit yourself. As an IT manager, I can tell you right now that if I catch you trying to circumvent the security measures in place on my network and violate policy, I will see to it that you're either written up for it or just plain unemployed. Policies like that are in place for a reason. If you don't like them, go find another job.