mac mini dual ethernet, separate traffic?

Discussion in 'Mac mini' started by garyleecn, May 7, 2015.

  1. garyleecn macrumors 6502a

    Joined:
    Jul 25, 2014
    #1
    is it possible to designate certain traffic (i.e., plex) to go though one ethernet port (thunderbolt-ethernet) and other traffic go through the other ethernet port? and is it possible to enable VPN on one port only???

    i know this is a tricky question, any advice would be appreciated thanks :)
     
  2. mattofsmeg macrumors newbie

    Joined:
    Aug 13, 2013
  3. dyt1983, May 7, 2015
    Last edited: Jun 4, 2015

    dyt1983 macrumors 65816

    Joined:
    May 6, 2014
    Location:
    USA USA USA
    #3
    edit: remove personal identifiable info not relevant to the thread.
     
  4. brdeveloper macrumors 68020

    brdeveloper

    Joined:
    Apr 21, 2010
    Location:
    Brasil
    #4
    It is possible, but it means you'll have to play with your routes. I'm not expert in this field, but I guess this can be achieved even with a single Ethernet adapter, just playing with firewall rules and the port forwarding rules on the router. Also, you can assign two IP addresses to a single Ethernet adapter.

    Please be more specific. Maybe you won't achieve the security level intended with the approach you're idealizing.
     
  5. garyleecn thread starter macrumors 6502a

    Joined:
    Jul 25, 2014
    #5
    ok the thing is i want to have VPN to encrypt my traffics and downloads. but still i need to be able to access my computer from outside, coz i've plex and file server set up on that computer.

    so specifically, can i direct everything through VPN except expose webdav and plex to unencrypted route?

    ----------



    specifically, i want to encrypt all traffic BUT plex and webdav (or FTP)
     
  6. brdeveloper macrumors 68020

    brdeveloper

    Joined:
    Apr 21, 2010
    Location:
    Brasil
    #6
    I suppose you have the following setup:

    Switch/Hub/WiFi AP - Broadband_Router - WAN

    Let's think on the possibilities:

    1. LAN -> WAN way:
    Inside your LAN, I don't know why you need encryption, but if you really need it, it will only prevent members of the LAN from reading your traffic. Once the data gets into the internet, it will become unencrypted.

    2. WAN -> LAN way:
    Now it makes sense encrypting your traffic, and you can encrypt everything from your remote station until it reaches your MacMini.

    In my Mini, I did a "VPN-like" connection in the following way:

    1. I enabled remote access and screen sharing on my Mini;
    2. I created a port forwarding from 443 (exposed port on WAN) to the MacMini's port 22 (SSH);
    3. In the remote (WAN) computer, I created a tunnel to my home Mini with the following shell script (mytunnel.sh):
    Code:
    #!/bin/sh
    ssh -NfL 5900:127.0.0.1:5900 -p 443 $1@$2
    Usage exemple:
    Code:
    ./mytunnel.sh MacMiniUsername BroadbandRouter_WAN_IP_Address
    This command will basically allow that I access my MacMini screen through the Screen Sharing app. Then, to connect remotely to my Mini screen when I'm outside home, I basically have to do:

    open vnc://localhost

    This will show my Mini's login screen. I don't know if OSX screen sharing estabilishes encrypted connection, so I created a VNC tunnel just for prudence. Remember to decrease the screen resolution on your Mini equal or below 720p. Otherwise, the connection will be very laggy.

    A similar approach can be done to connect to a FTP service running in the Mini. Just create a port forwarding on your router to your Mini and change the tunnel command properly, like:
    Code:
    #!/bin/sh
    ssh -NfL 21:127.0.0.1:21 -p 21210 $1@$2
    where 21210 will be the port configured in your router to be redirected to your Mini's port 21.

    So, if you want accessing both your FTP and ScreenSharing (VNC), you'll need to run the two scripts, like:
    Code:
    ./myvnctunnel.sh
    ./myftptunnel.sh
     

Share This Page