Software Router for OS X ?

Wayne C. Morris wrote:

  >>Is there a software router for OS X? I've done a web search, but all
  >>I found was geeRoute, and it doesn't do what I need.

 > Jaguar has one built in: System Preferences -> Sharing -> Internet.

This is not what I'm looking for. I need a progam that makes the Mac a
router for two (better three) networks with manually configurable
addresses and behaviour. (In my particular case the mac should be a DHCP
client at one network and have a manually configured address on the other.)

Stefan
 >> Stay informed about: Software Router for OS X ? 

In article ,
Stefan <stefan.RemoveThis@mus._INVALID_.ch> wrote:

 > Wayne C. Morris wrote:
   > >>Is there a software router for OS X? I've done a web search, but all
   > >>I found was geeRoute, and it doesn't do what I need.
 >
  > > Jaguar has one built in: System Preferences -> Sharing -> Internet.
 >
 > This is not what I'm looking for. I need a progam that makes the Mac
 > a router for two (better three) networks with manually configurable
 > addresses and behaviour. (In my particular case the mac should be a
 > DHCP client at one network and have a manually configured address on
 > the other.)

IPNetRouter, by Sustworks. Add IPNetSentry and you have a kick-ass
router with a full featured firewall...

<a rel="nofollow" style='text-decoration: none;' href="http://www.sustworks.com/" target="_blank">http://www.sustworks.com/</a>

- Dan.
--
- Psychoceramic Emeritus
- South Jersey, USA, Earth
 >> Stay informed about: Software Router for OS X ? 

In article ,
Stefan <stefan.TakeThisOut@mus._INVALID_.ch> wrote:
 >
  > > Jaguar has one built in: System Preferences -> Sharing -> Internet.
 >
 > This is not what I'm looking for. I need a progam that makes the Mac a
 > router for two (better three) networks with manually configurable
 > addresses and behaviour. (In my particular case the mac should be a DHCP
 > client at one network and have a manually configured address on the other.)
 >

Someone just told me on the darwinos-users list to use that internet
sharing thing, ugghh.

I've got 2 NICs, with a network on each. One network is a subnet of the
other, the Mac is to be firewall/router. At present there is one
firewall rule in operation: 65335 pass all from any to any.

The clients on the larger net can also access the "world" thru a
corporate firewall. Clients on both nets can access AFP, web, & QTSS
running on the firewall/router machine, but there is no path thru
between the 2 nets. If I manually start routed, the machine shuts down
all connection via en0, the larger net.

If I take a client from the smaller net (on en1), and configure its
netmask and default gateway for the larger net (on en0), but leave its
valid IP the same, it can access the world thru the corporate firewall,
but my firewall/router thinks it should be connected via en1 and refuses
connection...

I find it ominous that the OS-X Server Admin Guide has very little to
say about this. Should be a fundamental thing for a server ...
 >> Stay informed about: Software Router for OS X ? 

In article ,
Stefan <stefan.DeleteThis@mus._INVALID_.ch> wrote:

 > Is there a software router for OS X? I've done a web search, but all I
 > found was geeRoute, and it doesn't do what I need.

Vicomsoft's Intergate may be worth taking a look at:

<a rel="nofollow" style='text-decoration: none;' href="http://www.vicomsoft.com/download/download.main.html" target="_blank">http://www.vicomsoft.com/download/download.main.html</a>

You can download a fully functional and unlimited version of the
software to try out for 30 days.

It has a lot of features and appears to be very stable. We have recently
replaced IPNetRouter with InterGate. We liked IPNetRouter, but have
waited far too long for an OS X version.

Regards

--
Martin

"Disregard then, reader, my title and my character,
and attend only to my arguments." P. J. Proudhon.
 >> Stay informed about: Software Router for OS X ? 

In article ,
Stefan wrote:

  >> Jaguar has one built in: System Preferences -> Sharing -> Internet.
 >
 >This is not what I'm looking for. I need a progam that makes the Mac a
 >router for two (better three) networks with manually configurable
 >addresses and behaviour. (In my particular case the mac should be a DHCP
 >client at one network and have a manually configured address on the other.)

Erm ... yes, it does that. Set up your network access using
the 'Network' System preferences panel, then do what Wayne said.
 >> Stay informed about: Software Router for OS X ? 

In comp.sys.mac.system Stefan wrote:
 >
 > Wayne C. Morris wrote:
 >
   >>>Is there a software router for OS X? I've done a web search, but all
   >>>I found was geeRoute, and it doesn't do what I need.
 >
  >> Jaguar has one built in: System Preferences -> Sharing -> Internet.
 >
 > This is not what I'm looking for. I need a progam that makes the Mac a
 > router for two (better three) networks with manually configurable
 > addresses and behaviour. (In my particular case the mac should be a DHCP
 > client at one network and have a manually configured address on the other.)
 >
 > Stefan
 >

You can setup routing without any additional software as it is built in
but, I don't believe that you want to use sharing unless you do want
to use NAT. To setup a straight forward router without NAT do this:

Install your additional Network Interface cards. I'm assuming that
you should be able to configure there IP addresses as appropriate
through System Preferences -> Network.

Next Edit /etc/hostconfig and set FORWARDING=-YES-. This should
cause net.inet.ip.forwarding to get set to a 1 following a reboot.
Check it by doing this:

  # sysctl -a|grep net.inet.ip.forwarding
  net.inet.ip.forwarding: 1

Now the system will be able to route between network interfaces and
there will be no natd daemon running. The machine should be a
straightforward router. You may wish to run /sbin/routed on the
machine so that it may advertise its routing table on the network
interfaces using the RIP protocol.

regards
--
John J. Rushford
j j r { a t } a l i s a { d o t } o r g
<a rel="nofollow" style='text-decoration: none;' href="http://www.cs.du.edu/~jjr" target="_blank">http://www.cs.du.edu/~jjr</a>
 >> Stay informed about: Software Router for OS X ? 

This is an overview of what I've found so far. I didn't test the
solutions yet, so I can't comment.

- You can't just add a second address to the same NIC. Don't know about
the situation with two NICs.

- The "sharing" control panel may work, but it doesn't offer a front end
to configure anything, so the Mac's local IP address stays hidden. I
believe it's 192.168.0.1. I'm not sure whether it's a true
two-way-router, as I've not been able to print with TCP to my laser writer.

- Sustainable Softworks offers a small program called IPNetShareX,
which, as I understand, adds basically a front end to the "sharing"
panel of the Mac. So this may be a solution for low-end needs.

- OS X: The underlying Unix does indeed include one (ore several?)
router programs. You need the Unix command line to access and activate
one of those routers. I didn't test it, but this may offer a free solution.

- Sustainable Softworks used to sell IPNetRouter, which was a wonderful
router for Macs running OS 7.1 through 9.x. But it hasn't been updated
for OSX yet. Maybe it never will, because that program was't a router by
itself, but basically just a front end to access the built-in functions
of OpenTransport. This made the router extremly slick and fast, but
excludes a simple update to OSX.

- Vicom offers a product called InterGate. Vicom was the main competitor
to Sustainable in the OS 9 aera, but other than the latter, they managed
to upgrade to OS X. I had difficulties with the trial program as it
somehow prevented the Mac to get it's "main" internet address by DHCP
from the prvider. But maybe it's just me, I keep working on it.

Stefan
 >> Stay informed about: Software Router for OS X ? 

Stefan,

See <a rel="nofollow" style='text-decoration: none;' href="http://www.macorchard.com/" target="_blank">http://www.macorchard.com/</a>

Drew

In article ,
Stefan <stefan DeleteThis @mus._INVALID_.ch> wrote:

 > Is there a software router for OS X? I've done a web search, but all I
 > found was geeRoute, and it doesn't do what I need.
 >
 > Stefan
 >

--
___________________________________________________________________
The Mac Orchard - <a rel="nofollow" style='text-decoration: none;' href="http://www.macorchard.com/" target="_blank">http://www.macorchard.com/</a>
Essential Internet Applications since 1995
 >> Stay informed about: Software Router for OS X ? 

In article , (jjr) wrote:
 >
 > You can setup routing without any additional software as it is built in
 > but, I don't believe that you want to use sharing unless you do want
 > to use NAT. To setup a straight forward router without NAT do this:
....
 > Now the system will be able to route between network interfaces and
 > there will be no natd daemon running. The machine should be a
 > straightforward router. You may wish to run /sbin/routed on the
 > machine so that it may advertise its routing table on the network
 > interfaces using the RIP protocol.
 >

I've scoured the BSD sites, MacOS-Server archives, Googled all-over.
The answers seem to fall into three groups:
1. It just works (with little or no explanation :-(
2. Use NAT
3. (& this one's a little scary) It works if the "sub"net is 198.162.x.y

The Server OS does some checks at boot time to make sure the IP nrs and
hostnames for all its inet ports are registered with upstream DNS. If
not it won't serve, so that must all be 100%, and mine is (AFAICT).

The Server OS has a few other little hidey places for config details,
<a rel="nofollow" style='text-decoration: none;' href="http://docs.info.apple.com/article.html?artnum=107637" target="_blank">http://docs.info.apple.com/article.html?artnum=107637</a>
has a script with all the details.

I have
[qtss:~] peterk% sysctl -a | grep -i forward
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0

[qtss:~] peterk% sudo ipfw list
Password:
65535 allow ip from any to any

[qtss:~] peterk% netstat -nr
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 130.216.239.254 UGSc 4 6 en0
127.0.0.1 127.0.0.1 UH 16 3606 lo0
130.216.1.1 130.216.239.254 UGHW 3 13 en0
130.216.224/20 link#5 UCS 4 0 en0
130.216.231.1 127.0.0.1 UHS 0 0 lo0
130.216.231.2 127.0.0.1 UHS 0 0 lo0
130.216.231.80/28 link#4 UCS 0 0 en1
130.216.231.94 127.0.0.1 UHS 0 0 lo0
130.216.239.254 0:a:42:41:2f:fc UHLW 4 0 en0
1198
169.254 link#5 UCS 0 0 en0
224.0.0.251 130.216.239.254 UGHW 3 89 en0
239.255.255.253 130.216.239.254 UGHW3 0 13 en0
3587

3rd line 130.216.1.1 is main site DNS
4th line 130.216.224/20 is faculty vlan, or "world" for my router
line 5 is the IP nr of my server/router
line 6 is an alias for a web server hosted on the same box
line 7 is the subnet I wish to firewall and route
line 8 is the registered IP for the 2nd NIC, router for the subnet

Some solutions say I must add a route from my subnet to the port
facing the world. If I

[qtss:~] peterk% sudo route delete -net 130.216.231.80/28
[qtss:~] peterk% sudo route add -net 130.216.231.80/28 gateway \
130.216.231.1
add net 130.216.231.80: gateway gateway
[qtss:~] peterk% netstat -nr
......
130.216.231&0x82d8e701 130.216.191.83 UGSc 0 0 en0

??!!

I also observe a wide disparity in recommendations of what value should
be entered for the gateway for the 2nd NIC:
leave it blank and the system uses the local default;
use 0.0.0.0 (which is s'posed to have the same effect);
use its own IP nr (since it is the router for the subnet);
use the IP nr of the port facing the world;
use the IP of the world gateway;

Since this is Server OS it pays to check and manually correct if needed,
that the numbers are written to:
/var/db/SystemConfiguration/preferences.xml
/System/Library/ServerSetup/Configured/null_POR.plist
/System/Library/ServerSetup/UnConfigured/POA.plist

still no cigar...
Clients on the subnet can access everything on the server,
clients from the world can access everything on the server,
there's no route thru :-(

The fact that routed shuts down the world interface makes me
think I've still got something wrong.
 >> Stay informed about: Software Router for OS X ? 

"Drew D. Saur" writes:

 > Stefan,
 >
<font color=purple> > See <a rel="nofollow" style='text-decoration: none;' href="http://www.macorchard.com/</font" target="_blank">http://www.macorchard.com/</font</a>>
 >
 > Drew
 >


 >
  > > Is there a software router for OS X? I've done a web search, but
  > > all I found was geeRoute, and it doesn't do what I need.

If the OP is feeling adventurous he can try out Zebra which does RIP,
OSPF, BGP, etc.

<a rel="nofollow" style='text-decoration: none;' href="http://www.zebra.org/" target="_blank">http://www.zebra.org/</a>

There's also been a fork off Zebra called Quagga:

<a rel="nofollow" style='text-decoration: none;' href="http://www.quagga.net/" target="_blank">http://www.quagga.net/</a>

--
David Magda <dmagda at ee.ryerson.ca>, <a rel="nofollow" style='text-decoration: none;' href="http://www.magda.ca/" target="_blank">http://www.magda.ca/</a>
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
 >> Stay informed about: Software Router for OS X ? 

In article ,
Stefan <stefan RemoveThis @mus._INVALID_.ch> wrote:
 > This is an overview of what I've found so far. I didn't test the
 > solutions yet, so I can't comment.
 >
 > - You can't just add a second address to the same NIC. Don't know about
 > the situation with two NICs.

Systewm Preferences -> Network -> TCP/IP ->

Show: Network Port Configurations -> Duplicate

This will do all the necessaries for
/var/db/SystemConfiguration/preferences.xml

but it is usually Not a Good Idea to use 2 IP nrs on the same port if
they are not in the same subnet.

 > - The "sharing" control panel may work, but it doesn't offer a front end
 > to configure anything, so the Mac's local IP address stays hidden. I
 > believe it's 192.168.0.1. I'm not sure whether it's a true
 > two-way-router, as I've not been able to print with TCP to my laser writer.

In the Terminal type ifconfig or netstat -nr
you'll see lots of info about your network connectivity.

 > - OS X: The underlying Unix does indeed include one (ore several?)
 > router programs. You need the Unix command line to access and activate
 > one of those routers. I didn't test it, but this may offer a free solution.

routed is the basic BSD router, and it runs on OS-X, but I suspect from
its behaviour that some CoreFoundation parts of OS-X have overtaken it
without properly replacing it. See the tab: Configuration Agents at:

<a rel="nofollow" style='text-decoration: none;' href="http://developer.apple.com/documentation/Networking/Conceptual/SysConfigO" target="_blank">http://developer.apple.com/documentation/Networking/Conceptual/SysConfigO</a>
verview926/index.html

Also the oblique reference to the demise/obfuscation of BSD routing at:

<a rel="nofollow" style='text-decoration: none;' href="http://developer.apple.com/documentation/CoreFoundation/Conceptual/CFPort" target="_blank">http://developer.apple.com/documentation/CoreFoundation/Conceptual/CFPort</a>
sAndSockets/index.html

 > - Sustainable Softworks offers a small program called IPNetShareX,
 > which, as I understand, adds basically a front end to the "sharing"
 > panel of the Mac. So this may be a solution for low-end needs.
 >
 > - Sustainable Softworks used to sell IPNetRouter, which was a wonderful
 > router for Macs running OS 7.1 through 9.x. But it hasn't been updated
 > for OSX yet. Maybe it never will, because that program was't a router by
 > itself, but basically just a front end to access the built-in functions
 > of OpenTransport. This made the router extremly slick and fast, but
 > excludes a simple update to OSX.
 >
 > - Vicom offers a product called InterGate. Vicom was the main competitor
 > to Sustainable in the OS 9 aera, but other than the latter, they managed
 > to upgrade to OS X. I had difficulties with the trial program as it
 > somehow prevented the Mac to get it's "main" internet address by DHCP
 > from the prvider. But maybe it's just me, I keep working on it.

Yeah, why use the Open Source BSD/Linux methods when you can pay good
money for a 3rd party solution? ;-)
 >> Stay informed about: Software Router for OS X ? 

In article ,
Peter KERR wrote:
 >
  >> - OS X: The underlying Unix does indeed include one (ore several?)
  >> router programs. You need the Unix command line to access and activate
  >> one of those routers. I didn't test it, but this may offer a free solution.
 >
 >routed is the basic BSD router, and it runs on OS-X, but I suspect from
 >its behaviour that some CoreFoundation parts of OS-X have overtaken it
 >without properly replacing it. See the tab: Configuration Agents at:
 >
 >http://developer.apple.com/documentation/Networking/Conceptual/SysConfigO
 >verview926/index.html

As far as I can tell, the configuration stuff merely manipulates the
BSD stuff; it does not replace or "overtake" it.

 >Also the oblique reference to the demise/obfuscation of BSD routing at:
 >
 >http://developer.apple.com/documentation/CoreFoundation/Conceptual/CFPort
 >sAndSockets/index.html

"This topic is under construction". Anyway, the stuff it describes is
built on top of sockets, it doesn't obfuscate or obselete BSD sockets
or routing.

--
Matthew T. Russotto mrussotto DeleteThis @speakeasy.net
"Extremism in defense of liberty is no vice, and moderation in pursuit
of justice is no virtue." But extreme restriction of liberty in pursuit of
a modicum of security is a very expensive vice.
 >> Stay informed about: Software Router for OS X ? 

In article ,
russotto.RemoveThis@grace.speakeasy.net (Matthew Russotto) wrote:

 >
  > >Also the oblique reference to the demise/obfuscation of BSD routing at:
  > >
  > >http://developer.apple.com/documentation/CoreFoundation/Conceptual/CFPort
  > >sAndSockets/index.html
 >
 > "This topic is under construction". Anyway, the stuff it describes is
 > built on top of sockets, it doesn't obfuscate or obselete BSD sockets
 > or routing.
 >

So what does the paragraph above that mean:

Core Foundation defines several opaque types that correspond
to Mach ports, message ports, and BSD sockets. These objects
allow your application to communicate between multiple threads,
with other processes, and other computers over a network.

What are these "opaque types that correspond"? Opaque, in that you
cannot see the BSD sockets thru them? Correspond to... meaning a bit
like but not the same? Or is that "correspond" as in writing a letter?

I remember hearing back about 10.0.x that NetInfo would replace all the
BSD flat files. Where are we now? It is much easier for the user to
choose flat files or NetInfo.

Sorry, I'm getting niggly. I'm prob'ly missing some vital clue that's
tucked away in a man page that has nothing to do with routing...
 >> Stay informed about: Software Router for OS X ?