We have a mac that acts as a CI-server.
It needs to connect to our git-repositories which can only be connected to via ethernet.
All other servers, apple.com, github.com, etc. need to be connected via wifi, because our ethernet is running a MITM-scheme for all SSL-connections.
I thought about setting routes manually, routing certain IPs to specific gateways. However, the IPs themselves are changing, too.
So to connect to our git repo, at any time, I would have to do the following:
- Turn off wireless adapter
- Resolve ip of git server using nameserver in ethernet network
- Turn on wireless adapter
- Add static route
Is this correct?
Is there a better way to do it? Perhaps with some UI-tool?
Best Answer
Use VLANs. Put your wifi on one VLAN, and your internal network on another VLAN. Don't allow wifi users to access the internal VLAN, and make sure hard wired connections are on the internal VLAN.
This lets your switch/router handle the job, instead of setting up individual routes on employee machines.