User profile for user: Raymond Kemp
Raymond Kemp Author
User level: Level 1
29 points

2 Internet connections--possible to route web traffic only over one

Here's the deal: I have two connections, one hard-wired ethernet, and the other is wireless with an assigned ip address that doesn't change. Is it possible to tell the computer to route all communications via port 80 over only one connection, say the wireless connection? I'm not specifically looking for load balancing, just routing web traffic over one connection while leaving the other one alone for everything else (I have my reasons). I'm familiar with the workings of Unix so I'm not afraid to modify things. I would think that this is possible by adding a route somehow, but I'm not entirely sure how to do it.

Thanks in advance,

Tony

Dual 867 Power Mac G4 MDD, Mac OS X (10.4.4)

Posted on Jan 12, 2006 12:47 PM

Reply
4 replies
User profile for user: Camelot
Camelot
User level: Level 9
58,575 points

Jan 12, 2006 6:08 PM in response to Raymond Kemp

Not easily.

IP routing is based on IP addresses, not port numbers.

In other words you can tell the OS to send traffic to a.b.c.d over a specific interface, but you can't tell it to route all port 80 traffic that way.

The only thing you can do is delve into the firewall and use a divert rule to redirect the traffic - that way even through traffic may get routed out through en1, the firewall picks it up and redirects it over en0. The effect is pretty much the same, but it's more work to setup.

Of course the other issue is your IP addresses, anyway. You don't have both interfaces in the same subnet, do you? This shouldn't be an issue if the interfaces are in different subnets since only one interface can reach the default gateway.
Reply
User profile for user: Raymond Kemp
Raymond Kemp Author
User level: Level 1
29 points

Jan 18, 2006 8:40 PM in response to Camelot

My problem isn't as simple as only having two interfaces. The interfaces are actually connected to different networks, different Internet connections. One is on an internal network through a parent company's routers, through a firewall, and out to the Internet, and the other is a wireless connection to a DSL router and line. It would just be nice to separate the web traffic to the DSL line where it is uninhibited by the parent company's firewall since it slows us down a lot, and then leave everything else alone (we have to connect to remote servers via smb). I know that most people would scratch their heads and wonder why we would want to do that, but this is why: Their firewall can block traffic based on header requests, no matter if it is port 80 traffic. Their IT department decided to block all outgoing traffic that they considered as 'not necessary.' In their zeal, they ended up blocking Software Update (communicates over port 80, but it was blocked because it didn't have a regular http header), and it was like that for more than a month until we were able to convince them that we needed that. You can guess that the music store is blocked as well. We can function with our own Internet connection, but while only on that connection, we cannot access the parent company's servers, which we need as well. We are a small graphic design studio, so their firewall is overkill for us.

If I can set up the firewall divert rule on our local computers to do what I need, that would solve our problem.
Reply
User profile for user: Camelot
Camelot
User level: Level 9
58,575 points

Jan 19, 2006 12:51 AM in response to Raymond Kemp

It sounds like your problems would be far easier solved by a simple route statement.

Set your default route to the uninhibited router and add a static route to send traffic for the corporate network to the internal/corp router.

That way all traffic will bypass the corporate network unless it's actually destined for the corporate network itself.

Assuming that you have en0 (uninhibited) at 192.168.1.2, with its router at 192.168.1.1, and en1 (corporate) at 10.1.1.2 with its router at 10.1.1.1, and that the corporate network uses IP addresses in the range 172.16.x.x you can just set your default route to 192.168.1.1 (uninhibited router) and run:

sudo route add -net 172.16 10.1.1.1

This will tell the OS to send any traffic for 172.16.x.x to the router at 10.1.1.1. All other traffic will go through the uninhibited router.

Note, you'd need to be aware of whatever corporate policies are in place regarding networks and whatever implication are involved bypassing the corporate firewall.
Reply
User profile for user: Barry Margolin
Barry Margolin
User level: Level 2
445 points

Jan 21, 2006 12:19 AM in response to Camelot

sudo route add -net 172.16
10.1.1.1

This will tell the OS to send any traffic for
172.16.x.x to the router at 10.1.1.1. All other
traffic will go through the uninhibited router.


Note that this command will only add the route for the current boot. To make it permanent, you need to add the "route add" command to one of the system startup scripts. I'm kind of surprised neither Apple nor any shareware developers have implemented a GUI that sets this up (I couldn't find "static route" on versiontracker.com)

Note, you'd need to be aware of whatever corporate
policies are in place regarding networks and whatever
implication are involved bypassing the corporate
firewall.


Yeah, most companies have a policy against connecting DSL, dialup, etc. to devices that are also connected to the company network. If they have restrictions on the corporate firewall, it's because you're NOT supposed to go there on company time/equipment.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

2 Internet connections--possible to route web traffic only over one

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up