• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

Multihomed Intenet Server, two ISP connections (disjoined networks) 1 Box

I have a DNS server running on Windows Server 2003 with two NIC cards installed.  I don't think this is possible, but I thought I would ask anyway....

I have two connections to my ISP both on seperate subnets, each NIC in the server is set to a static IP on each of the subnets, I'll just use 192.168.x.x for example...

Nic 1

Nic 2

I want the server to respond to intenet requests that come in on it's network to go out the same interface, but in Windows 2003 the outbound traffic is always trying to go out Nic 1.

I've looked into solutions involving adding routes (doesn't work because the server will just choose the NIC of highest in the list).

I've tried setting no default gateway on each interface setting both to a metric of 1, traffic can come in, but the server has no idea how to get it back out.

I thought about setting the default gateway for each NIC to the SAME IP as that NIC is assigned. (Nic 1 and setting it's default gateway to the same IP), but again the server doesn't send the traffic back out.

If I were connected to two private networks this wouldn't be a problem, however since both interfaces are live to the internet both would need static routes to 0/0 ( and setting two default gateways dosen't work.

It's driving me nutts because it seems like you should be able to get a server to respond on two sepearte networks, using two sepeate NIC's without it taking IN traffic on Nic 2 then trying to send OUT traffic to Nic 1 or vise versa.

To summerize,  I want one Server 2003 box with two NIC interfaces connected to two sepearte disjoined networks, to respond to traffic using the same interface that the traffic came in on (on the Internet).  Is there anyway to accomplish this thru the OS?
2 Solutions
Are the routers doign NAT? If so I would have thought any request to teh server would appear to come (locally) from the router so the return path would be by the same router.

So if you're not doing NAT, consider it! :-)

royalcaninAuthor Commented:
Actually the setup is this

ISPline 1 -> ISP Router -> Firewall running NAT -> DMZ -> DNS Server

ISPline 2 -> ISP Router 2 -> Firewall 2 running NAT -> DMZ 2 -> DNS Server

The DMZ servers get live Internet IP's so NAT is not an option for them.
This is a fundamental weakness of ALL windows OSs.  If you had 2 separate 2003 boxes each with an internet connection, there would be no issue.  But each windows OS wants to look to ONE internet connection only.  It is really stupid, because they have no problem multi-homing across class C networks, but this is for network traffic, not internet traffic.  There are ways to get around this, but it is fundamental myopicism by the developers of windows, that they have never allowed the OS to selectively arbitrate multiple connections to the WAN called the internet.  Every other "WAN" yes, but not the one you want.  As I said, there ARE ways to get around this, mainly by taking the intelligence to switches and taking it away from windows -- sounds like you know enough to know what I mean.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now