Re: choosing a network port
Re: choosing a network port
- Subject: Re: choosing a network port
- From: "Justin C. Walker" <email@hidden>
- Date: Sun, 25 Sep 2005 12:32:02 -0700
On Sep 25, 2005, at 11:36 , Jon Nall wrote:
On 9/25/05, Justin C. Walker <email@hidden> wrote:
On Sep 25, 2005, at 10:15 , Jon Nall wrote:
How does an application like Safari decide which network port to use
(e.g. Airport or VPN)? Is there a way to modify this decision
based on
network address?
Safari does not care which network interface its traffic flows
through: it (like most other applications) leaves that decision to
the normal IP routing infrastructure in the kernel.
thanks for the response. i realize that the routing tables determine
the interface to which a packet will be sent. i have the VPN packets
routing to the correct interface (ppp0), but safari doesn't seem to
respect that the interface has an associated proxy.
[snip]
I have 2 network ports:
* VPN (PPTP): This is my connection to work. The IP I recieve on this
interface is on the subnet 10.10.4.x. Also, the remote IP address is
on the 10.10.4.x subnet. I've added routes for the 10.10.6.x and
10.10.100.x subnets to direct traffic on those subnets through the VPN
interface (ppp0). This VPN network port has an associated proxy for
http/https. I have unchecked the "Send all traffic through VPN
connection" option in Internet Connect->Connect->Options.
Can you provide the output of "netstat -rn -f inet" (while VPN is
enabled)?
* Airport: This is where all traffic for non-work addresses is sent.
My goals are the following:
1. Only packets destined for work machines goes through the VPN
connection (ppp0). This includes a number of subnets: 10.10.x.x.
2. When accessing webpages on work machines, the proxy defined for the
VPN network port should be used.
3. When accessing webpages on non-work machines, the proxy defined for
the Airport network port (if any) should be used.
I'm a bit vague on how proxies are set up and used; I believe that
individual applications have to be "proxy aware", since the concept
is not a "network layer" concept (and hence are independent of
routing issues). Typically (I think) they are used to poke through a
firewall.
Your "work webpages" have 10.10/16 addresses, correct? Do you have
DNS set up appropriately? What happens when you do a "ping" or
"nslookup/dig" on a work host name?
If things are properly set up with DNS (which may not be easy to do),
a work hostname should resolve to a work address; if that is not
feasible, I suppose that proxies could work, but it is possible that
a proxy is only used when the associated device is the "primary"
interface. It sounds like your situation has the wireless interface
as primary, and VPN as secondary (wireless is first in the list of
network interfaces). Is that true?
I hope the above is not too obscure; if someone on-list has a better
feel for the use of proxies, they should leap in :-}
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large
Institute for General Semantics
--------
Men are from Earth.
Women are from Earth.
Deal with it.
--------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden