Use route command to direct requests to specific interface

Question

Level 2

217 points

Use route command to direct requests to specific interface

Trying to get my head around a potential upcoming project and I'm getting into unfamiliar territory.

I'm wondering if you can use the route command to direct traffic to a specific Ethernet interface. I've been reading about it and have reviewed the man page but I'm not sure yet.

Specifically, I have a Mac with two Ethernet ports. One is currently connected to my company network. I'm planning to get a dedicated connection to another ISP plugged into the other Ethernet port. I want to direct all http traffic to a specific host (or ideally all http traffic) to this new dedicated connection. Not sure if I'm on the right track by looking at the route command.

Would something like this work?

*route add -host 11.22.33.44 en2*

Mac OS X (10.6.4)

Posted on Oct 6, 2010 5:07 PM

Reply

Answer 1

Best reply

BobHarris

Level 9

53,123 points

Oct 6, 2010 6:35 PM in response to Rick Anderson

Specifically, I have a Mac with two Ethernet ports. One is currently connected to my company network. I'm planning to get a dedicated connection to another ISP plugged into the other Ethernet port. I want to direct all http traffic to a specific host (or ideally all http traffic) to this new dedicated connection. Not sure if I'm on the right track by looking at the route command.

Would something like this work?

*route add -host 11.22.33.44 en2*

You would do something like


/sbin/route add -net xxx.yyy.0.0 -netmask 255.255.0.0 -interface en2

Where xxx.yyy.0.0 is the your company's subnet (I just gave a Class B subnet example; adjust based on how many bits your company's IP address range has (xxx.yyy.zzz.0 255.255.255 for a class C subnet).

Since your company's IP subnet is more likely to be grouped, it would be best to add special routing for that, and have the default route be for your ISP.

Reply

Answer 2

Rick Anderson Author

Level 2

217 points

Oct 6, 2010 7:15 PM in response to BobHarris

I see. That seems like a preferable way to go. So, in your scenario, I'm instructing all traffic on our subnet to go to one interface and then allowing everything else to go through the other by default. That makes sense.

Out of curiosity, would the scenario I'd described previously have worked in a case where I want all traffic to one particular host to be directed to a specific interface? (Just curious if what I'd come up with was on the right track or not.)

Reply

Answer 3

Oct 6, 2010 8:17 PM in response to Rick Anderson

IP routing doesn't particularly look at the protocols involved; it's all wads of data with IP addresses, and the path to the next host in the route to the destination. For policy-based or protocol-based IP routing, that's a fairly expensive network switch, or something running at a higher layer in the network stack such as an Apache reverse proxy.

Make sure this host and the routing is coordinated with the local networking folks (if that's not you), as opening up a new route can be of interest to them.

Reply

Answer 4

BobHarris

Level 9

53,123 points

Oct 6, 2010 8:25 PM in response to Rick Anderson

Out of curiosity, would the scenario I'd described previously have worked in a case where I want all traffic to one particular host to be directed to a specific interface? (Just curious if what I'd come up with was on the right track or not.)

If you wanted all 11.22.33.44 traffic to go through a specific interface, then you could do that.

I mainly made my suggestion because most companies have a small range or IP addresses which is easy to specify via the -net and -netmask options (even if the company has a dozen different subnets, it is still easier then trying to specify every network range on the internet EXCEPT your company's 🙂

Which interface is used for he ISP vs the rest of the internet does not matter.

Reply

Answer 5

Rick Anderson Author

Level 2

217 points

Oct 6, 2010 8:58 PM in response to Rick Anderson

Thanks for the follow-ups, guys. I appreciate it.

Reply