macos-staticroutes.md 5.7 KB
% AnalysisMan, Friday, November 6, 2020
How to add and delete Static Routes on macOS (persistently)
Problem
I have several networks at home, including 192.168.1.0/24 and 192.168.2.0/24. A problem occurred when I connected to a VPN site because it gives a route with 192.168.2.0/23. So my traffic on 192.168.2.0/24 routed through the VPN tunnel instead of my internal home network.
Therefore, I need to add a static route on my MacBook Pro.
Solution
Here is how to add or delete a static route on macOS.
As you see below, I received the 192.168.2.0/23 route from the VPN, and it routes through the tunnel interface, utun3. First, disconnect the VPN and add a static route as described below.
To view the routing table:
You can use the following command "
" and use '
' to filter with a specific network on the Terminal.
▶ Method 1. Add a static route temporarily
To add a static route:
To verify the route you added:
Now, 192.168.2.0/24 routes through my Ethernet interface, en10.
To delete a static route:
▶ Method 2. Add a static route persistently
The above route will be gone if you reboot your Mac. You need to add a static route permanently if you want to keep this route persistently.
To verify the route your interface:
To list devices (network adapters):
Or
To list devices with the interface number:
I prefer this command because it also shows the ethernet number (e.g. en10).
To add a static route permanently:
To verify the route you added:
To delete this permanent route:
Use
without the address, netmask, and gateway.
To see all commands:
Or
10 comments:
Thanks!
Hi AnalysisMan
Would you be able to help me with where/which file stores the route information that is displayed when we execute netstat -ln
Regards Vinay Chandran
In Macbook that is
I refer to this page every so often, I appreciate you keeping this up. Very helpful!
Thanks for this post. It was very useful. Just my additional 2 cents -
We can also get the configured permanent static routes using: networksetup -getadditionalroutes "USB 10/100/1000 LAN" .
Also, if we want to add multiple routes permanently then we can add additional tuples on the same command. Eg., sudo networksetup -setadditionalroutes "Wi-Fi" 192.168.230.0 255.255.255.0 192.168.20.82 192.168.68.0 255.255.255.0 192.168.20.82
Life saver hack! Thanks a lot!
I'm doing something wrong. I work from home and connect to my company's VPN. I need an SMB connection to our file server, which has the IP 192.168.2.108. VPN My network at home has the IP 192.168.68.1. Tunnel Interface is utun3.
When I run the command sudo networksetup -setadditionalroutes "VPN Work" 192.168.2.108 255.255.255.0 192.168.68.1 my browser traffic goes through the VPN instead of my home network. What am I doing wrong?
I run a bittorent server for openSource Linux distros. Over time I have manually blocked literally thousands of leachers and downloaders who I do not want to have access my system, as well as blocking 10s of 1,000s of botnets by firewalls. I have migrated my firewall settings to static routes blocked and the performance is much better.
I'm just having trouble consistently adding ip6 addresses to be blocked.
Beforehand, I enter the thousands of addresses I have collected to be blocked into JSON array lookup tables, to be accessed by a python script that reads them and inserts them into an iterating command line by nested for-loops.
I always debug by entering the command first on a command line before automating the process.
Example:
I have been trying to set a permanent static route on my Mac using: networksetup -setadditionalroutes "Ethernet" 2408:8266:: ffff:ffff:fffc:0000:0000:0000:0000:0000 ::1 which returns: Route destination 2408:8266:: is not a valid IP address. ** Error: The parameters were not valid. ≈≈≈ That is not true as it is the top address of the CHINA UNICOM China169 Backbone server, from which I get scores of leachers and people who try to get past my firewall.
as well as trying: ifconfig en0 inet6 2408:8266:: prefixlen 32 alias which blocks everything in 2408:8266::/32 except 2408:8266:: itself.
My question is a) can networksetup -setadditionalroutes accept ip6 addresses and how? b) if not, can ifconfig block the root address of 2408:8266::/32?
I would prefer a network setup solution because they much easier to clear than ifconfig ones. Removing ifconfig entries can take hours, one and a time whereas networksetup just clears the service by name (Ethernet, WiFi, VPN) in moments
On a parallel theme, is there away to wipe all the static route entries from my Mac, especially those put in by ifconfig in one fell swoop so I can re-enter them cleanly?
Help is much appreciated.
Post a Comment
About Network + Security
Search This Blog
Featured Post
Palo Alto firewall - Troubleshooting High DP CPU
Popular Posts
- How to add and delete Static Routes on macOS (persistently)
- Free Visio Stencils Download for Network Diagram
- Extreme Switch - Reset to factory default when the password is unknown
- Palo Alto firewall - Reset to Factory Default (3 cases)
- Palo Alto firewall - How to clean up disk space
- Palo Alto firewall - How to configure the Management IP via CLI
- Extreme Switch - Reset to factory default
Tags
Links
- LinkedIn Posts
- AnalysisMan's Second Brain
Blog Archive
- Home