BSD Routing for SSH/SCP Hackery

Problem: My dev laptop at work has two network connections, one internal and proxied/firewalled to hell and back and the other is sitting on a public facing router with no proxies or firewall in the way.  The internal-only connection we’ll call en0 and the external-facing one, we’ll call en1.

The issue is that en0‘s routing disallows all outbound connections to anything that isn’t port 80/443 (HTTP/HTTPS). en1‘s connectivity is slow, so we want to keep as much traffic to en0 as possible, especially since fun things like disk shares, my Synergy2 host and internal-only sites are only available via en0.

However, I do need to connect to my co-lo offsite via SSH/SCP to do some work.  I can force all traffic temporarily to en1 by disconnecting or disabling en0 for the duration, but that means I’m forced to use the laptop’s keyboard/trackpad and sit awkwardly until my business is done.  F-that.

Solution: Use BSD’s routing (route) utility to direct TCP traffic to certain destinations through a manually set (static) gateway.


en0‘s gateway is 10.33.x.1

en1‘s gateway is 172.16.x.1

en0 is higher in the priority list (duh, else this wouldn’t be a problem)

the co-lo’s IP address is AAA.BBB.CCC.DDD

Add a routing rule for AAA.BBB.CCC.DDD to use en1‘s gateway when the destination matches:

route -n add AAA.BBB.CCC.DDD 172.16.x.1


Yes, this will only work at my particular location with my particular situation for exactly 1 address.  One can adapt the rules a bit and use bitmasks to drive more traffic to the other gateway, but this works for me.  If I can figure a way to use a different gateway based on destination port/protocol, I’ll update this post.