Mastering macOS Network Settings: DHCP, DNS, NAT, VPN & More Explained

First, on a MacBook Pro M1 running macOS, open System Preferences → Network, select Wi‑Fi and click Advanced to configure network parameters.

1. TCP/IP

DHCP

DHCP (Dynamic Host Configuration Protocol) dynamically assigns network configuration such as IP addresses to devices.

Purpose

Automatically allocate IP addresses to devices.

Avoid manual configuration.

Manage IP allocation in a LAN to prevent conflicts.

How it works

When a device (e.g., computer or phone) starts, it broadcasts a DHCP request.

The DHCP server replies, assigning an unused IP address and providing other parameters (subnet mask, gateway, DNS).

The assigned IP has a lease time, after which it can be renewed or reassigned.

The DHCP server runs on the router and assigns IPs to all networked devices, including printers, VPN clients, and IoT devices.

IP Address and Subnet Mask

An IP address combined with a subnet mask defines the network and host portions of a device.

Subnet masks use the same dotted‑decimal format as IP addresses, e.g., 255.255.255.0. In binary, the mask marks the network part with 1s and the host part with 0s (e.g., 11111111.11111111.11111111.00000000 for 255.255.255.0).

Sometimes the mask is appended to the IP, such as 192.168.1.20/24, where “/24” indicates a 24‑bit network prefix (CIDR notation).

Two IPs belong to the same network if their network parts match.

The number of assignable hosts equals 2^(host bits) − 2. For a /24 network, 2⁸ − 2 = 254 hosts.

Network address (first IP) identifies the whole network, e.g., 192.168.1.0.

Broadcast address (last IP) is used to send messages to all hosts, e.g., 192.168.1.255.

NAT

NAT (Network Address Translation) maps multiple private IP addresses to a single public IP, allowing private‑network devices to access the Internet.

How it works

Device with a private IP sends data to the public network.

The router/firewall replaces the private IP with the public IP and records the mapping.

Responses from the Internet are translated back to the corresponding private IP.

NAT types:

SNAT (Source NAT) : changes the source address, typically for outbound traffic. Example: 192.168.1.2 → 203.0.113.1.

DNAT (Destination NAT) : changes the destination address, often used for port forwarding. Example: 203.0.113.1:8080 → 192.168.1.100:80.

Route

A route defines how packets are forwarded from the host to a destination network.

Destination network : target IP range.

Subnet mask : determines if the destination belongs to the network.

Gateway : next‑hop address.

Interface : network device used for forwarding.

Key routes on macOS:

Default route (0.0.0.0/0) matches any destination without a more specific entry; typically points to the default gateway.

Local route specifies directly connected networks that do not require a gateway.

The routing table acts like a map from destination hosts to next‑hop gateways; the default route is used when no specific match exists.

2. DNS

DNS (Domain Name System) resolves human‑readable domain names (e.g., www.example.com) to IP addresses (e.g., 192.0.2.1).

Typical DNS servers on a macOS system include 127.0.0.1 (local resolver) and 114.114.114.114 (public Chinese DNS). Other common public DNS servers are 8.8.8.8 (Google) and 1.0.0.1 (Cloudflare). The file /etc/resolv.conf shows configured resolvers on Linux/macOS.

3. Proxy

HTTP Proxy

HTTP proxies are often used for traffic capture (e.g., with Charles). They handle HTTP/HTTPS requests but cannot capture other protocols such as SMTP.

Client sends request to the HTTP proxy.

Proxy forwards the request to the target server and returns the response.

SOCKS Proxy

SOCKS (Socket Secure) works at the session or transport layer and can proxy any TCP/UDP traffic.

Client sends all traffic to the SOCKS proxy.

Proxy forwards packets without interpreting the protocol.

Supports HTTP, FTP, SMTP, POP3, IMAP, P2P, gaming, etc.

SOCKS5 can proxy TCP/UDP and is often used with SSH dynamic port forwarding.

本地应用（浏览器/终端）
      │
      └─> SOCKS 代理 (127.0.0.1:1080)
               │
               └─> SSH 隧道（加密流量）
                        │
                        └─> 远程服务器
                                 │
                                 └─> 目标地址（外部网络）

4. VPN (L2TP)

VPN (Virtual Private Network) creates a secure tunnel for all traffic. When connected, the default gateway becomes the VPN interface (e.g., ppp0) instead of the local router.

Static routes can be added manually, e.g., route add 10.0.0.0 mask 255.255.255.0, to route only specific subnets through the VPN.

Internet:
Destination        Gateway            Flags            Netif Expire
default            192.168.10.1       UGScg            en0

Internet:
Destination        Gateway            Flags            Netif Expire
default            link#18            UCSg            ppp0
1.0.0.1            192.168.30.22      UH               ppp0

5. SSH

SSH (Secure Shell) provides encrypted remote login and network services (default port 22). Common uses include remote command execution, SFTP file transfer, port forwarding, and secure Git operations.

6. Ethernet

Ethernet is the dominant LAN technology, defining how devices transmit frames over a local network. Interface names such as en0 on macOS (or eth0 on Linux) refer to the first Ethernet interface.

Network interfaces (physical or virtual) must have IP addresses assigned; static routes specify which interface to use for particular destination networks.

7. Other Extensions

en0

en0

is typically the system‑assigned name for the first Ethernet interface, created by the OS when it loads the network card driver.

Network Card vs. Interface

Network card : physical hardware for network communication; usually corresponds to one interface.

Network interface : OS‑visible endpoint, can be physical (e.g., en0) or virtual (e.g., VLAN, bridge).

One card may expose multiple interfaces via virtualization or VLAN tagging.