Force traffic over specific NIC on Server with 2 NICS on same subnets

Posted on 2004-08-24
Last Modified: 2008-01-16
I have a Win2000 Advanced server that has 2 NICs.  I want the first NIC to respond to WWW traffic and the 2nd NIC to send/receive traffic through our firewall to our database server.  The 2 IP address are on the same subnet but I want to only open one hole in the firewall and that will be for the database NIC.  

It appears that my configuration works if the Database NIC gets enabled first (ie Disable then enable the WWW NIC).  However, if I reboot the server the NICs get enabled in random order and the databse traffic will sometimes default to the WWW NIC.  If I manually disable/enable the WWW NIC the database traffic will switch to the DB NIC and things are fine.  I want a reboot to be configured automaticaly 100% of the time.  Things I have tried are:

1. Physically move the NICs on the motherboard hoping one always gets enabled first. (doesn't happen)
2. Add a static persistent route to the database IP using the "Interface" option.  The static route works, but after a reboot, but the "Interface" part of the static route command does not.
3. Add a service that runs a batch file that in turn runs the route command.  I hold promise for this, but it didn't work the first time I tried it.  
4. Changed the binding order and made the Database NIC the first NIC listed. (didn't seem to make a difference)

Any other suggestions would be greatly appreciated.
Question by:spillanepp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 11887349
On the Public IP NIC go to the properties for the adapter and under the Advanced Tab of the TCP/IP uncheck the Automatic Metric and assign it a number 2.  Then do the same to the Internal NIC assigning it a 1.  This will give the Databse NIC first assignment.

If not already static you should make them static
LVL 11

Expert Comment

ID: 11888326
Putting two NICs on the same network, IF IT WORKS AT ALL, tells everybody that you *don't care* which one handles the traffic.  (It's not guaranteed to work at all....)

If you want to route traffic differently over two NICs, their addressing has to reflect that difference.  If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database server via an address that takes that route.

LVL 16

Expert Comment

ID: 11889053
>If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database
>server via an address that takes that route

I concur.

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.


Author Comment

ID: 11917475
I really thought that acsservice's suggestion was going to work, but it actually didn't, so I went with the static route option and had it run with the autoexnt service at bootup.  Once I added the AutoExNT service I had to make sure that it was dependent on TCP/IP by modifying the registry and adding the DependOnService value.  At least it is working now.
LVL 16

Expert Comment

ID: 11924743
I object - I think PennGwyn's solution was much cleaner, and the "right" way to accomplish the solution - IMO, the author has implemented some bizarrre workaround because s/he is afraid to adjust the networking config in some small way (other than local static routes).

I'm also hoping the author can clarify this:

>so I went with the static route option and had it run with the autoexnt service at bootup

I'd be interested to know how a static route solved this, and why it apparently works now, when the author listed it as number 3 in a list of things that *didn't* work.

I'm also not convinced this solution will work outside a narrow set of conditions, while PennGywn's solution will work on *any* OS that supports IP.

EE Networking PE


Author Comment

ID: 11962854
While I agree that PennGywn's solution would work, it was not an option for me because of security concerns.  If I use the private subnet that the database server is on for one of the NICs then I have a server with a private and a public IP address that would be bypassing the firewall completely.  Personally I believe this comprimises security which I was not willing to do.  Reconfiguring the network with an additional subnet is really not an option because I was looking for a server based solution that didn't include making changes to the network infrastructure.  

I will also say that manually adding a static route always worked as stated in #2 of my question.  The problem I initally had was how to get the static route to run as a service.  Getting this to work solved my problem.  The reason it didn't work at the time of my first writing was because I  needed to manually add the DependOnService value to the HKLM\System\CurrentControlSet\ServicesAutoExNT registry key and then add TCPIP as a multi-string.  This forces TCPIP to start before running the route command.  Ideally I could have just added a persistent route, but in Windows 2000 the interface information is not retained in the registry.

To clarify how I got the route command to run I used the Technet article:
and put the following command into the autoexnt.bat file
Route add <database ip> mask <gateway ip> IF 0x1000003

I will also agree with you Jon that it may not work outside of the scope of this scenario (i.e. another OS), but I can tell you that it works on the two Windows 2000 servers that I tried it on (different hardware).  

Accepted Solution

CetusMOD earned 0 total points
ID: 11983500
Closed, 125 points refunded.
Community Support Moderator

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question