I have a macbook, connected with ethernet, and wifi.
A site (lets call it facebook) is blocked on one of the interface (ethernet)
but is open on the other (wifi), on the other hand eth is better (fastest and more reliable than the wifi) so I use eth as a priority interface (on top of network preferences), but in this way there is no access to the blocked site.
I would know if there is a way to say to the operating system or browser or other
software components that it must use the connection of wifi if and only if a connection on :80 over eth fail. this would be perfect...or any other means to solve the problem..
It's a matter of configuring a proper proxy?
Thanks in advance.
You could modify routing table to pass traffic to given host or network through chosen gateway.
List your routing table:
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGSc 15 0 en0
default 192.168.0.1 UGScI 1 0 en1
[...]
In this case en1 is wifi. So to use wifi connection to a host x.x.x.x, route traffic to this host through 192.168.0.1 gateway:
sudo route add -host x.x.x.x 192.168.0.1
Or better add routing to entire network used by given service:
sudo route add -net x.x 192.168.0.1
The downside is that it may be difficult to determine an ultimate list of IPs, networks used by the service.
See man route.
Related
I have an RB750 with the follow setup:
- Interface 1 = WAN static IP
- Interface 2 = Static IP from a LAN network (LAN provided by another FW)
- MK as a IPSec/L2TP working well providing to clients the subnet x.x.x.x
I would like to redirect all traffic from VPN clients to the LAN network provided in Interface 2.
I mean; User setup in his computer the VPN with success, when connected they need to access the server z.z.z.z located inside the network provided in Interface 2.
Any ideas how to configure it?
You provide not much information, but if im not wrong
you can try NAT for example
/ip firewall nat add chain=srcnat action=masquerade out-interface="your Interface 2" src-address="your l2tp subnet x.x.x.x"
Good day
Do you have any idea how to find WIFI routers or devices which is connected to specific LAN sockets in network?
I am try find this devices from logs Elasticsearch + Kibana namely
https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-interfaces.html
With this solution I have problem with set up : packetsbeats.
Other solution which I found is : WireShark or Advanced IP Scanner or Angry IP.
With this solution /tools is problem with default setting of routers / devices which is lock ports. Its mean I can get all IPs or MACs in network but how I will get know which is IPs or MACs belonging to Routers / NTB / Mobiles ect..?
From this reason I decide find routers in network from logs by Kibana.
Do have any idea or did you make something like me?
Thanks
Wi-Fi (IEEE 802.11) is a layer-1/2 protocol, but routing is a layer-3 function, so there really is no such thing as a Wi-Fi router. There are some routers that have Wi-Fi interfaces, but they are routing a layer-3 protocol, e.g. IPv4, not Wi-Fi. Ports are layer-4 addresses for some layer-4 protocols, e.g. UDP, and they have nothing to do with routing layer-3 packets.
A router is simply a host on a layer-2 LAN. The configured gateway for your host is usually a router. The gateway is the host on a LAN to which your host sends packets destined to a different network.
Determining which hosts on a LAN are routers is a problem because you have no way to know which hosts are actually routers. You can have multiple routers on a LAN, but your host will be configured with one as its default gateway.
If you want to determine which host is the gateway for your host, then you should look at the configuration of your host, not at any particular host on the LAN.
Short version of the need:
Pass all traffic of a specific port (TCP) via a proxy
It should be an HTTP proxy with port 8000
Description
I have an application that needs to reach an external IP with a specific port (TCP). But the standard corporate network blocks outbound traffic to this port.
I can, however, access that port when working with the corporate HTTP proxy that works on port 8000.
Alas, my application does not have any proxy settings, and IE's proxy settings are irrelevant.
Port forwarding and tunneling won't do me any good (already tried netsh anyway), since I need not only to reach the proxy, but I need it to actually function as a proxy.
Can anyone recommend on a method / software that will allow me to pass all traffic to port X via a proxy?
It has to be the traffic of a specific port, since there is a web server installed on that machine and I don't want to temper with it.
Thank you!
Windows doesn't route by port. The real answer is send the traffic to a firewall or layer 3 device that can route by port.
But,
If you know the ip address of the destination you could force that traffic to the proxy if the proxy address is on the same subnet. If it's not on the same subnet your computer will try to send the traffic to that as a gateway but it won't be avaiable (it won't be routed). But, it's so simple it's worth a try.
Example....
Computer 192.168.1.10, 255.255.255.0
Proxy 192.168.1.254 255.255.255.0
Destination IP. 68.68.68.68
route add -p 'destination ip' 'destination subnet range' 'where to send traffic, normally the next hop gateway'
Using example addresses (replace the two addreses with yours but keep 255.255.255.255)
Open Command prompt as administrator, Type route add -p 68.68.68.68 255.255.255.255 192.168.1.254
Using 255.255.255.255 forces it to only route one address.
-p will make the route stay after a reboot.
If it doesn't work you can remove the route simply route delete 'destination ip'
Route delete 68.68.68.68
After connecting to the business network I have no internet access.
route print shows:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.132.222 192.168.132.166 121
0.0.0.0 0.0.0.0 On-link 10.100.10.26 31
<... snip ...>
Through these commands:
route delete 0.0.0.0 mask 0.0.0.0 192.168.132.222
route add 0.0.0.0 mask 0.0.0.0 192.168.132.222 metric 1
I am able to then access both internet AND the business network.
I am wondering: Is there a way to define that via Shrew Settings?
The answer given by user416930 is correct, but a little unclear, so here it is spelled out a little better.
In Shrew Soft VPN Access Manager, go to Edit > Properties > Policy > Select.
Uncheck "Obtain Topology Automatically or Tunnel All".
Click "Add". Add the network used by your VPN.
If you are unclear what VPN your network is using:
Open command prompt and type "ipconfig /all".
Look for the entry with "Screw Soft Virtual Adapter".
Shrew Soft VPN Acess Manager>Edit>Properties>Policy>Select(Maintain Persistent Security Assosiacations),Add(10.0.0.0,/255.0.0.0)
I hope this isn't too basic a question. The title kind of asks it all. :-)
The ping command will allow strict source routing so you can specify the default gateway to use on the way out. (This assumes your interfaces have distinct gateways i.e. are on different networks)
ping -k 192.169.1.1 microsoft.com
^ default gateway for desired interface
Using WMI Win32_PingStatus you can do the same thing where you specify SourceRoute and SourceRouteType (This is essentially the same as using ping -k)
Alternatively:
If your network interfaces are on the same network, like a LAN card and a wireless adapater
you can add a custom ROUTE to your machine, which can send all traffic through a specific interface.
From ROUTE HELP:
route ADD 207.46.0.0 MASK 255.255.0.0 192.168.1.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
ping also has an option in Windows:
-S srcaddr Source address to use.
So you can do something like
ping 10.10.10.1 -l 0 -S 192.168.1.1
where 10.10.10.1 is the destination address and 192.168.1.1 is the address of the source adapter