Force an application to use a specific network interface

I'm using multiple network interfaces (LAN and Wireless), and I've noticed that there's a way to change the order of prefered interfaces. How can I use the wired network to do work, check email, and so on (securely), and use the wireless VLAN to access other stuff (otherwise blocked by ports and sometimes websense)?


Solution 1:

The trick is adjusting the routing tables (which doesn't depend on destination port or source app, but does depend on the destination host). This assumes that you're on Linux or OS X (as the tags show).

Say your default gateway is 1.2.3.4 and you have a vpn which can route traffic on 6.7.8.9. If you want your mail traffic to route over 6.7.8.9, just do

sudo route add mail.myserver.com 6.7.8.9

Some versions of route might require a "gw" keyword between the address and next hop. If you want to make a whole net route over that next hop, just add a netmask in CIDR notation for the destination, like

sudo route add 192.168.0.0/24 6.7.8.9

If you want to view the existing routing table, use

netstat -nrl
or
ip route list

If you're on Windows, "net route" will get you most of the way there, but the syntax is totally different.

Solution 2:

If you just want to have two NICs active at the same time, you can set the Service Order in System Preferences/Network by choosing the gear below the list of network devices. Drag and drop the order you want them in.

For example, I have Ether and WiFi always active on my MBP with Ether set above Wi-Fi. Since I use Ether at work, I set up that NIC with proxy settings and my Wi-Fi without. When I go home, there is no need to adjust any settings. You can also do this from terminal using/usr/bin/networksetup -ordernetworkservices.

But for having both active and an app use the non-default, I've had luck with a slightly easier spin on @Andor's advice. If I want an app to not use Ether in my case, I set the proxy settings for the app to the IP address of my wi-fi adapter. It will use that interface to get out and that way bypass the company proxy and monitoring servers. So if Ether has an address of 1.2.3.4 and comes before Wi-Fi (5.6.7.8) in the service order, I have my app proxy to 5.6.7.8.

Solution 3:

For Mac, there is a simple solution which I use. It's actually an implementation of @Andor's solution. Install a proxy and configure your apps to use it:

  1. I installed SquidMan

  2. In configuration add the following line. You need to specify the ip you will use for your private apps instead of x.x.x.x:

    tcp_outgoing_address x.x.x.x
    
  3. Start SquidMan and configure your app to use it as a proxy.

I spent an hour to find this information in different pages, so I hope it helps others to do it faster.