site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com On Sep 25, 2005, at 11:36 , Jon Nall wrote: On 9/25/05, Justin C. Walker <justin@mac.com> wrote: On Sep 25, 2005, at 10:15 , Jon Nall wrote: Safari does not care which network interface its traffic flows through: it (like most other applications) leaves that decision to the normal IP routing infrastructure in the kernel. thanks for the response. i realize that the routing tables determine the interface to which a packet will be sent. i have the VPN packets routing to the correct interface (ppp0), but safari doesn't seem to respect that the interface has an associated proxy. I have 2 network ports: * VPN (PPTP): This is my connection to work. The IP I recieve on this interface is on the subnet 10.10.4.x. Also, the remote IP address is on the 10.10.4.x subnet. I've added routes for the 10.10.6.x and 10.10.100.x subnets to direct traffic on those subnets through the VPN interface (ppp0). This VPN network port has an associated proxy for http/https. I have unchecked the "Send all traffic through VPN connection" option in Internet Connect->Connect->Options. * Airport: This is where all traffic for non-work addresses is sent. My goals are the following: 1. Only packets destined for work machines goes through the VPN connection (ppp0). This includes a number of subnets: 10.10.x.x. 2. When accessing webpages on work machines, the proxy defined for the VPN network port should be used. 3. When accessing webpages on non-work machines, the proxy defined for the Airport network port (if any) should be used. Regards, Justin -- Justin C. Walker, Curmudgeon-At-Large Institute for General Semantics -------- Men are from Earth. Women are from Earth. Deal with it. -------- _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists.... How does an application like Safari decide which network port to use (e.g. Airport or VPN)? Is there a way to modify this decision based on network address? [snip] Can you provide the output of "netstat -rn -f inet" (while VPN is enabled)? I'm a bit vague on how proxies are set up and used; I believe that individual applications have to be "proxy aware", since the concept is not a "network layer" concept (and hence are independent of routing issues). Typically (I think) they are used to poke through a firewall. Your "work webpages" have 10.10/16 addresses, correct? Do you have DNS set up appropriately? What happens when you do a "ping" or "nslookup/dig" on a work host name? If things are properly set up with DNS (which may not be easy to do), a work hostname should resolve to a work address; if that is not feasible, I suppose that proxies could work, but it is possible that a proxy is only used when the associated device is the "primary" interface. It sounds like your situation has the wireless interface as primary, and VPN as secondary (wireless is first in the list of network interfaces). Is that true? I hope the above is not too obscure; if someone on-list has a better feel for the use of proxies, they should leap in :-} This email sent to site_archiver@lists.apple.com