Persistent static routes.

Sorry. Spent a full fifteen minutes explaining AppleCare what I meant, and then post a oneliner here, expecting you guys read my mind... 🙂

This is what I want to do:

My Mac is hooked up to a separate network from my office network, where I use a separate gateway to give me access to a couple of other networks that is not available to the rest of the network.

To show you an example:

My computer is on the 10.0.0.0 network with my "special" gateway at 192.168.0.100. The normal gateway on this network is 192.168.0.1, and I need to use that gateway to access servers, shares, mail and DNS. All these are gathered on the 10.10.0.0 segment, so all I need to do is send all my traffic for the 10.10.0.0 network to the normal gateway at 192.168.0.1.

To do this in OS X, I open terminal and type "route add -net 10.10.0.0 -netmask 255.255.0.0 192.168.0.1"

This way the computer adds this line into its routing table, and all network traffic meant for the 10.10.0.0 network is sent to the correct gateway. The rest of the traffic is sent to my "special" gateway at 192.168.0.100 as it's told to use from the DHCP server.

My problem is that I cannot find an elegant way to make this added route live through a reboot, so I keep adding these routes each time I have to reboot.

In other OSes I use there's a way to add these routes so they stick (persistent routes), and that is what I seek in OS X as well.

Hope this makes a little more sense. 🙂

-KJ

This was only an example. The networks are a lot more complex than this.

The reason for doing it is part security and part design.

-KJ

As I menation in my first post, this is what I already have found. I also have found a hack to make the script run on boot so I won't need to interact.

What I seek is a native way in OS X to handle this. There are wyas to do this in all other OSes I use, so I was hoping there is one in OS X that has been overlooked.

But thanks for your input. If I hadn't already googled a bit, it would have been an option for me. 🙂

-KJ

I didn't neccessarily mean graphical.

Let me explain:

If you want to do this in Windows, you'd add a "-p" to the end of the "route add" command. This is a built in feature as opposed to the script in OS X that basically is a hack. 😉

http://www.osxfaq.com/tips/kluskens/index.ws

The link above is how I have it solved at the moment, and it works like it's supposed to, it's just not an elegant way to do it IMO.

-KJ

Finally found the solution!

Here´s how I did it without any scripting or hacking. (Thanks to a BSD-geek I know and gshenaut@MacOSXhints)

http://www.macosxhints.com/article.php?story=20060329085850170

-KJ

Here´s a quick summary of the info from macosxhints.com, just in case the link dies:

The trick here is that you must use an ifconfig command in the rc.local script. This means that at a later point in the process, the GUI-specified interface configuration will be done redundantly. If you do not do this, the route command will fail, because there will be no device configured for the bridging subnet.

Here is the critical portion of the rc.local script:

ifconfig en2 inet 11.22.33.5 netmask 255.255.255.252
route -n add 11.22.33.xx/xx 22.33.44.x

Once you understand that (1) rc.local is still the best place for this (not the GUI), and (2) you have to do an early ifconfig to help the route command do the right thing, adding static routes is really simple. Now, you could probably do it in LaunchDaemons or StartupItems, if you do ifconfig before route, but in truth, no daemon is launched here, and StartupItems is deprecated, so rc.local may be the best option.

It goes without saying that you have to make sure that the ifconfig in rc.local matches what the GUI assumes about the interfaces, otherwise you're in big trouble.