Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

garyleecn

macrumors 6502a
Original poster
Jul 25, 2014
841
142
is it possible to designate certain traffic (i.e., plex) to go though one ethernet port (thunderbolt-ethernet) and other traffic go through the other ethernet port? and is it possible to enable VPN on one port only???

i know this is a tricky question, any advice would be appreciated thanks :)
 
It is possible, but it means you'll have to play with your routes. I'm not expert in this field, but I guess this can be achieved even with a single Ethernet adapter, just playing with firewall rules and the port forwarding rules on the router. Also, you can assign two IP addresses to a single Ethernet adapter.

Please be more specific. Maybe you won't achieve the security level intended with the approach you're idealizing.
 
It is possible, but it means you'll have to play with your routes. I'm not expert in this field, but I guess this can be achieved even with a single Ethernet adapter, just playing with firewall rules and the port forwarding rules on the router. Also, you can assign two IP addresses to a single Ethernet adapter.

Please be more specific. Maybe you won't achieve the security level intended with the approach you're idealizing.

ok the thing is i want to have VPN to encrypt my traffics and downloads. but still i need to be able to access my computer from outside, coz i've plex and file server set up on that computer.

so specifically, can i direct everything through VPN except expose webdav and plex to unencrypted route?

----------

Depending what you're trying to do and what network setup you're trying to achieve, it might be possible. In some cases, it may require that the application allows binding to an interface. If you really meant "i.e. Plex", then Plex doesn't do this right now (well it didn't do it in relatively recent versions), so it is up to the configuration you're trying to achieve. If you actually meant "e.g. Plex", then Plex doesn't, but other apps might do it or simulate it, such as using a browser with a proxy set and having a route for the proxy through the VPN.



specifically, i want to encrypt all traffic BUT plex and webdav (or FTP)
 
ok the thing is i want to have VPN to encrypt my traffics and downloads. but still i need to be able to access my computer from outside, coz i've plex and file server set up on that computer.

so specifically, can i direct everything through VPN except expose webdav and plex to unencrypted route?

I suppose you have the following setup:

Switch/Hub/WiFi AP - Broadband_Router - WAN

Let's think on the possibilities:

1. LAN -> WAN way:
Inside your LAN, I don't know why you need encryption, but if you really need it, it will only prevent members of the LAN from reading your traffic. Once the data gets into the internet, it will become unencrypted.

2. WAN -> LAN way:
Now it makes sense encrypting your traffic, and you can encrypt everything from your remote station until it reaches your MacMini.

In my Mini, I did a "VPN-like" connection in the following way:

1. I enabled remote access and screen sharing on my Mini;
2. I created a port forwarding from 443 (exposed port on WAN) to the MacMini's port 22 (SSH);
3. In the remote (WAN) computer, I created a tunnel to my home Mini with the following shell script (mytunnel.sh):
Code:
#!/bin/sh
ssh -NfL 5900:127.0.0.1:5900 -p 443 $1@$2

Usage exemple:
Code:
./mytunnel.sh MacMiniUsername BroadbandRouter_WAN_IP_Address

This command will basically allow that I access my MacMini screen through the Screen Sharing app. Then, to connect remotely to my Mini screen when I'm outside home, I basically have to do:

open vnc://localhost

This will show my Mini's login screen. I don't know if OSX screen sharing estabilishes encrypted connection, so I created a VNC tunnel just for prudence. Remember to decrease the screen resolution on your Mini equal or below 720p. Otherwise, the connection will be very laggy.

A similar approach can be done to connect to a FTP service running in the Mini. Just create a port forwarding on your router to your Mini and change the tunnel command properly, like:
Code:
#!/bin/sh
ssh -NfL 21:127.0.0.1:21 -p 21210 $1@$2

where 21210 will be the port configured in your router to be redirected to your Mini's port 21.

So, if you want accessing both your FTP and ScreenSharing (VNC), you'll need to run the two scripts, like:
Code:
./myvnctunnel.sh
./myftptunnel.sh
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.