Force traffic over specific NIC on Server with 2 NICS on same subnets

Posted on 2004-08-24
Medium Priority
Last Modified: 2008-01-16
I have a Win2000 Advanced server that has 2 NICs.  I want the first NIC to respond to WWW traffic and the 2nd NIC to send/receive traffic through our firewall to our database server.  The 2 IP address are on the same subnet but I want to only open one hole in the firewall and that will be for the database NIC.  

It appears that my configuration works if the Database NIC gets enabled first (ie Disable then enable the WWW NIC).  However, if I reboot the server the NICs get enabled in random order and the databse traffic will sometimes default to the WWW NIC.  If I manually disable/enable the WWW NIC the database traffic will switch to the DB NIC and things are fine.  I want a reboot to be configured automaticaly 100% of the time.  Things I have tried are:

1. Physically move the NICs on the motherboard hoping one always gets enabled first. (doesn't happen)
2. Add a static persistent route to the database IP using the "Interface" option.  The static route works, but after a reboot, but the "Interface" part of the static route command does not.
3. Add a service that runs a batch file that in turn runs the route command.  I hold promise for this, but it didn't work the first time I tried it.  
4. Changed the binding order and made the Database NIC the first NIC listed. (didn't seem to make a difference)

Any other suggestions would be greatly appreciated.
Question by:spillanepp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 11887349
On the Public IP NIC go to the properties for the adapter and under the Advanced Tab of the TCP/IP uncheck the Automatic Metric and assign it a number 2.  Then do the same to the Internal NIC assigning it a 1.  This will give the Databse NIC first assignment.

If not already static you should make them static
LVL 11

Expert Comment

ID: 11888326
Putting two NICs on the same network, IF IT WORKS AT ALL, tells everybody that you *don't care* which one handles the traffic.  (It's not guaranteed to work at all....)

If you want to route traffic differently over two NICs, their addressing has to reflect that difference.  If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database server via an address that takes that route.

LVL 16

Expert Comment

ID: 11889053
>If the second NIC is for a private back channel to the database server, put it on a private subnet and address the database
>server via an address that takes that route

I concur.

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.


Author Comment

ID: 11917475
I really thought that acsservice's suggestion was going to work, but it actually didn't, so I went with the static route option and had it run with the autoexnt service at bootup.  Once I added the AutoExNT service I had to make sure that it was dependent on TCP/IP by modifying the registry and adding the DependOnService value.  At least it is working now.
LVL 16

Expert Comment

ID: 11924743
I object - I think PennGwyn's solution was much cleaner, and the "right" way to accomplish the solution - IMO, the author has implemented some bizarrre workaround because s/he is afraid to adjust the networking config in some small way (other than local static routes).

I'm also hoping the author can clarify this:

>so I went with the static route option and had it run with the autoexnt service at bootup

I'd be interested to know how a static route solved this, and why it apparently works now, when the author listed it as number 3 in a list of things that *didn't* work.

I'm also not convinced this solution will work outside a narrow set of conditions, while PennGywn's solution will work on *any* OS that supports IP.

EE Networking PE


Author Comment

ID: 11962854
While I agree that PennGywn's solution would work, it was not an option for me because of security concerns.  If I use the private subnet that the database server is on for one of the NICs then I have a server with a private and a public IP address that would be bypassing the firewall completely.  Personally I believe this comprimises security which I was not willing to do.  Reconfiguring the network with an additional subnet is really not an option because I was looking for a server based solution that didn't include making changes to the network infrastructure.  

I will also say that manually adding a static route always worked as stated in #2 of my question.  The problem I initally had was how to get the static route to run as a service.  Getting this to work solved my problem.  The reason it didn't work at the time of my first writing was because I  needed to manually add the DependOnService value to the HKLM\System\CurrentControlSet\ServicesAutoExNT registry key and then add TCPIP as a multi-string.  This forces TCPIP to start before running the route command.  Ideally I could have just added a persistent route, but in Windows 2000 the interface information is not retained in the registry.

To clarify how I got the route command to run I used the Technet article:
and put the following command into the autoexnt.bat file
Route add <database ip> mask <gateway ip> IF 0x1000003

I will also agree with you Jon that it may not work outside of the scope of this scenario (i.e. another OS), but I can tell you that it works on the two Windows 2000 servers that I tried it on (different hardware).  

Accepted Solution

CetusMOD earned 0 total points
ID: 11983500
Closed, 125 points refunded.
Community Support Moderator

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question