Facebook

CU200 | MacOS: Simultaneous Use of Internal and External Networks

When using dual network cards to connect to different networks on MacOS, it is usually not possible to simultaneously use the internal and external networks of the system. This is because the computer does not know which network segments definitely belong to the internal network.

Set the Correct Network Card Service Order
Go to System Preferences - Network - Set Service Order, and drag to adjust the network priority.
Place the network card that connects to the external network above the one connecting to the internal network. This will allow normal access to the external network.

Set the Corresponding Network Segments for the Internal Network Card

Get the Gateway Address for the Internal Network Card

The internal network typically uses fixed IP addresses. Regardless of the method used, you can find the router address in the network settings - advanced interface. This address will be used in the next step to set up the gateway.

Set Up the Internal Network Segments
To enable access to the internal network, set up local static routes and add the network segments pointing to the corresponding internal network gateway.

Add:
sudo route add -net 10.0.0.0 -netmask 255.255.0.0 10.0.2.1
sudo route add -net 30.1.0.0 -netmask 255.255.0.0 10.0.2.1

Delete:
sudo route delete -net 10.0.0.0 -netmask 255.255.0.0 10.0.2.1
sudo route delete -net 30.1.0.0 -netmask 255.255.0.0 10.0.2.1

The 'net' parameter corresponds to the network segment IP, 'netmask' is the subnet mask. The last IP address is the internal network gateway, which is the router IP address obtained in the previous step.

Testing Connectivity Between Internal and External Networks
Before testing whether the internal and external networks are connected, please avoid using a web browser for testing. This is mainly because web browsers commonly cache domain name resolution results, which may not provide real-time results. In addition, internal network domain name resolution usually fails. The specific reasons are explained below.

Use the ping command to ping the corresponding addresses for the internal and external networks. This result can determine whether both networks are successfully accessed simultaneously.

# View the current routing table
netstat -rn

# Get the default route
route get 0.0.0.0

About Internal Network Domain Names and Internal Network DNS Resolution
About Internal Network Domain Names and Internal Network DNS Resolution

If the internal network DNS server does not resolve external network addresses, it is impossible to automatically resolve internal and external network domain names solely through settings.

On MacOS, it is not possible to add both internal and external DNS server addresses to the external network card to resolve internal network addresses. A convenient method is to: first disable the external network card, enter pure internal network mode, ping the internal network domain name to obtain the internal IP address, and then write it into the hosts file for local resolution.

Testing DNS Resolution Results
You can use the nslookup domain name command to check which DNS server is currently being used for domain name resolution.