Solved

How can I command firefox to use different NIC and route in my PC which has two NIC and respective route/DNS service bounded to it?

Posted on 2012-04-01
21
2,023 Views
Last Modified: 2012-04-05
Hi,
I have following requirements:
In my PC Laptop, there are two network interface cards: One is built-in wireline card, the other is wireless wifi card. Normally, the wireline card is connected to company intranet which can access internet via company proxy server(set in the firefox configuration) and dns server. The wireless card is my special purpose card(For example, access e-commercial site to buy something which was normally blocked by company internet access proxy:-)) which is collected to a WCDMA 3G router(Different set of DNS server). From that wireless card, internet can also be accessed without any proxy set in the firefox.  
I can switch to use different NIC for different internet access purpose: Wireline card is used to normal website access, wireless card is used to access special internet website. Now, I do the switch in following manner: When I access normal site, I switch off the wifi NIC card, when I access special site, I plug out the cable from wireline NIC card.
I am not happy with that manner, I prefer to access different site by designating firefox to use different NIC card and respective route, dns server etc service.
How can I implement that?
Is it possible to manually change some route to implement that?
Any expert who gives me proposal is highly appreciated!

Here I paste the output of cmd route print for information:
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     135.251.10.1   135.251.10.63       20
          0.0.0.0          0.0.0.0    192.168.100.1  192.168.100.100      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     135.251.10.0    255.255.255.0    135.251.10.63   135.251.10.63       20
    135.251.10.63  255.255.255.255        127.0.0.1       127.0.0.1       20
  135.251.255.255  255.255.255.255    135.251.10.63   135.251.10.63       20
      169.254.0.0      255.255.0.0    135.251.10.63   135.251.10.63       20
    192.168.100.0    255.255.255.0  192.168.100.100  192.168.100.100      25
  192.168.100.100  255.255.255.255        127.0.0.1       127.0.0.1       25
  192.168.100.255  255.255.255.255  192.168.100.100  192.168.100.100      25
        224.0.0.0        240.0.0.0    135.251.10.63   135.251.10.63       20
        224.0.0.0        240.0.0.0  192.168.100.100  192.168.100.100      25
  255.255.255.255  255.255.255.255    135.251.10.63   135.251.10.63       1
  255.255.255.255  255.255.255.255  192.168.100.100  192.168.100.100      1
Default Gateway:      135.251.10.1
===========================================================================
The 192.168.100.100 is my wifi NIC ip, the 135.251.10.63 is my company intranet ip bound to wireline NIC card.

Thanks!
matiascx
0
Comment
Question by:matiascx
  • 8
  • 5
  • 5
  • +2
21 Comments
 
LVL 39

Assisted Solution

by:als315
als315 earned 100 total points
ID: 37792562
You can add route to your commercial site with route add.
For example, if you like to add ebay.com:
1. Do nslookup for ebay.com. Result will be:
Addresses:  66.135.205.13
          66.135.205.14
          66.211.160.87
          66.211.160.88
2. Add route:
route add 66.135.205.0 MASK 255.255.255.0 135.251.10.1
and
route add 66.211.160.0 MASK 255.255.255.0 135.251.10.1
You can made this route persystemt with -p key, but I think better to create cmd file for all your sites and change it when some addresses are changed
For ebay.com you can safely use MASK 255.255.255.0, but for small sites may be better not to set MASK and add single addresses. For ebay you will have 4 lines:
route add 66.135.205.13  135.251.10.1
route add 66.135.205.14  135.251.10.1
route add 66.211.160.87  135.251.10.1
route add 66.211.160.88  135.251.10.1
In your network sites may be blocked on DNS level. In this case you should use IP addresses in browser:
Http://66.135.205.13, but in this case you can have problems with big  clustered sites.
0
 
LVL 5

Assisted Solution

by:andrew1812
andrew1812 earned 50 total points
ID: 37792942
When there are two internet connections on the same computer, the default route associated with the lower metric value would be selected. In your case the default routes on the computer are as follows.

 0.0.0.0          0.0.0.0     135.251.10.1   135.251.10.63           20
  0.0.0.0          0.0.0.0    192.168.100.1  192.168.100.100      25

Packets destined for the internet would take the first entry as it has a lower metric value (20)

You could lower the metric value of the default route corresponding to the network card which you want the computer to access the internet using the following command on the cmdline.

route change 0.0.0.0 MASK 0.0.0.0 192.168.100.100 METRIC 2

 The above command would lower the metric value of the second default route and henceforth packets would take the specific network card for internet access.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37793079
Note that if you employ the solution in http:#a37792942 you will still need to disable/"switch off" the WiFi card to access your 135.251.10.0 intranet.
But you will no longer need to unplug the ethernet cable to access the unfiltered 3G router... just turn the WiFi adapter back on and it will take precedence.

A couple changes, however... it needs to be
route -p change 0.0.0.0 MASK 0.0.0.0 192.168.100.100 METRIC 2
in order to be stored... otherwise the first time you disable/enable the WiFi card that metric change will be gone.

And secondly, you probably need to specify the interface, too, but you trimmed that information off the top of the route print output posted, so it wasn't included in the example command.
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 200 total points
ID: 37793126
An easier way might be to set the metric manually.

Click orb/start, type in ncpa.cpl, click the one that appears at the top, under Programs (1)

Right-click the Wireless Network Connection and choose Properties

Select Internet Protocol Version 4 (TCP/IPv4), then click the Properties button

On the General tab, click the Advanced button

UNcheck the box next to Automatic metric, and for Interface metric put a lower number than the wired NIC has... say, 15
e.g.

Set Network Adapter Metric Manually
OK, OK, OK back out; close the Network Connections screen. Now when you toggle the WiFi card on and off, the metric will be updated in the routing table without setting a persistent route or running a route command every time you want to change the route.
0
 

Author Comment

by:matiascx
ID: 37793455
Dear Darr247,
Thanks to your detail explaination.
There are two set of networking service. Both are DHCP enabled.
Can I freely select which service I will use in firefox to access internet without disable/enable either of the two NIC cards?
0
 

Author Comment

by:matiascx
ID: 37793487
What is more, can I only explicitly "assign" firefox to use the speicific set(cable company proxy  or wifi 3g) of the internet services to access specific website(for example, ebay.com which was blocked by company intranet proxy)?
Also, I want to use the windows rdp or ssh, ftp to specific internet host which are also blocked by company firewall outbound policy on the wifi 3g interface.
Expect of those specific sites or service, I do not want the internet traffic goes from the 3g wifi card because the 3g traffic is very expensive!
Highly appreciated for your guide.
0
 

Author Comment

by:matiascx
ID: 37793532
All experts,
The root cause for internet "http" traffic was solved by just changing the METRIC value in the windows route table.
Unfortunately, I tested the windows remote desktop in the same configuration, it always use the wilreline NIC in despite of how I change the METRIC value for these two NIC card.
Can you also help me out on this issue?
Thanks!
0
 
LVL 10

Assisted Solution

by:mat1458
mat1458 earned 150 total points
ID: 37793538
I'd do it differently. I assume that your company network uses some kind of private addressing or they have clearly identifiable official IP addresses probably 135.251.0.0). Your PC does what all other IP systems do as well: it prefers routes with more matching bits over default routes.

I'd get rid of the default gateway on your wireline card and add a permanent static route for the prefixes in your company network (i.e. route add -p 135.251.0.0 mask 255.255.0.0 135.251.10.63). With that route all internal addresses and the proxy are found. Everything else goes over the 3g card. You might need to add some more permanent routes if there is more than one internal address space in use at your company.
0
 

Author Comment

by:matiascx
ID: 37793558
Hi, mat1458,
Thanks for your alternative solution!
In your solution, how is the "Normal" internet traffic goes out? Via wireline NIC card?
How is the "specific" internet traffic goes out from 3g wifi NIC?
Which configuration gurantee that?
Please be noted that I do not want my 3g wifi NIC is overloaded because the traffic is very expensive for 3g.
Can you describe scenario on how should I do for above concern with configuration and human activity(for example route change, disable/enable nic card, etc)?
I will test your solution after I am back in office 3 days later.(Currently, I can only test at home which has slight different networking environment)
Thanks!
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37793610
> There are two set of networking service. Both are DHCP enabled.

I think everyone who's responded so far has understood the former, and presumed the latter.


> Can I freely select which service I will use in firefox to access
> internet without disable/enable either of the two NIC cards?

I won't go so far as to say that's not possible... there *might* be a plugin or addon with that function, but I've never seen it.

So, I don't see any way to do so that's easier than just turning on the WiFi card and using IE with no proxy set to go through the 3G router, and when you can get where you want to go through the intranet proxy turn off the wireless card and use Firefox with the proxy configured.

What brand/model is the laptop?
On Dells, the Fn+F2 key combo usually toggles the WiFi off/on; HPs usually have a switch on the front, the side or above the keyboard (sometimes it's right under WiFi indicator LED, which changes from blue to orange when you press on the indicator to turn off the WiFi).


> Also, I want to use the windows rdp or ssh, ftp to specific internet host which
> are also blocked by company firewall outbound policy on the wifi 3g interface

You should probably consult your IT department to see if they can poke holes in that firewall for you.
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 44

Expert Comment

by:Darr247
ID: 37793624
> Unfortunately, I tested the windows remote desktop in the
> same configuration, it always use the wilreline NIC

Do you mean you were trying to use your laptop to control some other computer with remote desktop, or you're trying to remote desktop to your laptop from somewhere else?
0
 

Author Comment

by:matiascx
ID: 37794457
Dear experts,
For the previous rdp issue, the root cause is: A remaining route exist for previous NIC, I deleted that to solve.
Please be aware about that
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37794523
>In your solution, how is the "Normal" internet traffic goes out? Via wireline NIC card?
The normal internet traffic is directed to the proxy which I assume is in the address range of your company so it takes the wireline.
>How is the "specific" internet traffic goes out from 3g wifi NIC?
The specific internet traffic has an IP address outside of the company's range so it takes the 3g.
Which configuration gurantee that?
>Please be noted that I do not want my 3g wifi NIC is overloaded because the traffic is very expensive for 3g.
If your situation is like I imagine it to be it shouldn't be overloaded.
>Can you describe scenario on how should I do for above concern with configuration and human activity(for example route change, disable/enable nic card, etc)?
If you are sure that the majority of your internet traffic is sent via the proxy then no human intervention is needed. The route(s) and the missing default route for the wireline will do the job. To be sure that the 3g is not used when you don't want it you can switch it off at your PC when you don't need it. Physical intervention is still one of the best methods to conciously perform actions.

One thing is to be kept in mind: I'd use the proxy settings in the OS (I assume you use Windows); not only in the browser. A lot of software that you download (ITunes, Skype, Google Stuff, HP Printer Tools, Microsoft, etc.) always have connections to their mother ships to send/receive whatever information. If these sessions trigger your 3g that probably wouldn't make you too happy. But you might want to filter that kind of traffic on the firewall of your 3g card.

>I will test your solution after I am back in office 3 days later.(Currently, I can only test at home which has slight different networking environment)
So how do you connect at home then? Do you use the same PC or a different one?
0
 

Author Comment

by:matiascx
ID: 37797030
Hi, mat1458,
Thanks for your detail information.
The same machine is used to test your solution. But the slight different environment is:
I have no access to my company proxy at home. Both NIC are directly connected to the internet.
Can you give some more explaination on the "OS proxy"? I only knows the firefox or IE has the proxy configuration which means internet traffic will goes from them. What does the "OS level"proxy? How to configure it?
What do you mean block the itunes/skype/ traffic for the 3G NIC, how to do that?
Thanks!
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37797130
>I have no access to my company proxy at home. Both NIC are directly connected to the internet.
Do you really need both NIC at home? What traffic do you want to run on which card? If you use VPN to your company it might be a good idea to add a permanent route to the VPN server over the wired card and then you can use the company proxy. Otherwise you have tinker around with the routes again and that might not be so easy. But le me know first what you want do at home.
>Can you give some more explaination on the "OS proxy"?
The OS proxy is the thing you find in IE. It is the same setting that you can access via Control Panel>Network and Internet>Internet Options. This proxy is used by IE and FF. In FF you can have proxies like FoxyProxy that only work for FF.
>What do you mean block the itunes/skype/ traffic for the 3G NIC, how to do that?
The blocking of all programs that you might have installed can be the most tedious thing. One approach would be to add a whitelist to your Windows Firewall on the 3g card that allows only the sites you want to get to. Or you could install Wireshark and "sniff" your network traffic over the 3g card to identify all traffic that goes out there to find out what traffic is really necessary and what traffic to put in a blacklist.
0
 

Author Comment

by:matiascx
ID: 37797210
Hi, mat1458,
In my home, I just do the verification on your proposal solution. In fact, I can access the company net via VPN also. But that is not the case right now I want to talk with you.
In the NIC card, I can see windows firewall blocking the incoming traffic, exceptions will only be applied to incoming traffic. I can not see the outgoing traffic enable/disable configuration.
Do you mean the outgoing traffic enable in the firewall? How to do that?
0
 
LVL 44

Expert Comment

by:Darr247
ID: 37797698
> Do you mean the outgoing traffic enable in the firewall? How to do that?
We cannot advise you how to circumvent or sidestep your company's firewall...
as I said earlier, you should talk to your IT department about making holes in the firewall for you.
0
 

Author Comment

by:matiascx
ID: 37799236
Dear Darr247,
I mean how to check the outgoing traffic in my PC technically?
I will not ask company IT guy for the holes because they will not:-)
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37799526
In the Windows Firewall Advanced Settings you have the Outbound Rules that you can define. With that mechanism it should be possible to configure what you want.

However it might be easier that you only use your wireline card at home and insert a temporary default route each time:
route add 0.0.0.0 mask 0.0.0.0 192.168.xxx.1 (the last address being your home gateway). When you restart your windows this route is gone.
0
 
LVL 39

Expert Comment

by:als315
ID: 37807367
You can check traffic with tracert command (tracert ebay.com or tracert 66.135.205.13) . You will see routers between you and end point.
There is an error in my first comment (135.251.10.* is not usual addresses for lan). Change all 135.251.10.1 to 192.168.100.1
0
 
LVL 10

Expert Comment

by:mat1458
ID: 37809644
135.251 is the official IP address of Lucent, so if matiascx is an employee of Lucent the address can easily be a LAN address. Before I'd switch the gateway addresses in route statements I'd make sure which adapter they belong to. Otherwise you can have adverse effects by sending all traffic out the 3g card.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now