Solved

Adding an IP with subnet mask 255.255.255.255 on Windows 2003

Posted on 2006-11-03
12
1,697 Views
Last Modified: 2012-06-21
I would like to add a second IP to a Windows 2003 server, this IP is directly routed by the router to the first IP of the server and should use a /32 mask (255.255.255.255), my problem is that the Network configuration dialog only allow a minimum netmask of /30 (255.255.255.252)...

When i try to set the netmask to 255.255.255.255, windows answer the following :

The combination of IP address and subnet mask is invalid.  All of the bits in the host address portion of the IP address are set to 1.  Please enter a valid combination of IP address and subnet mask.

Example :

primary IP : 192.168.1.1 , subnet mask 255.255.255.0 , gateway 192.168.1.254
secondary IP : 192.168.2.1 , subnet mask 255.255.255.255

On the gateway, 192.168.2.1/32 would be routed to 192.168.1.1 (and 192.168.2.2/32 to another server on another subnet,...).

Any help would be appreciated.

0
Comment
Question by:antarex
  • 5
  • 5
  • 2
12 Comments
 
LVL 21

Expert Comment

by:mcsween
ID: 17870502
The PC cannot be on a network with only 1 IP address.  The reason for this is because the gateway would then be "off network"

I would do a static route on 192.168.1.254 to the 192.168.2.x network.
0
 
LVL 1

Author Comment

by:antarex
ID: 17870604
If you read my example, you will understand that the gateway is not "off network", the gateway is just on the network of the first IP (the first IP use a standard netmask with a ranged network /24).

Only the secondary IP need a /32 netmask (and it's technically possible, it's working with linux servers)
0
 
LVL 21

Expert Comment

by:mcsween
ID: 17870651
I'm sorry but I just can't understand what  you are trying to accomplish.  I can't see any reason to have an IP assigned to a server then tell the server that you have no gateway on this network and there aren't any other nodes either.  

Can you explain a little more what you are trying to accomplish?
0
 
LVL 1

Author Comment

by:antarex
ID: 17871086
Here's another example, with much details :

I have an internet router with a public ip n.n.n.n, to this ip my isp route a supplementary public small subnet, telling 1.1.1.1/30 (thus 1.1.1.1 - 1.1.1.4)

If i define this /30 directly, i'm only able to use one public server (one ip for the router, one network and one broadcast), thus on the router i've defined a private network 192.168.0. /24 and i route the 4 public IP's/32  to 4 private ip assigned to 4 servers

Thus, to resume, on the router i have the following routing table :

router wan ip : n.n.n.n
router lan ip : 192.168.0.254

route 1.1.1.1/32 -> 192.168.0.1
route 1.1.1.2/32 -> 192.168.0.2
route 1.1.1.3/32 -> 192.168.0.3
route 1.1.1.4/32 -> 192.168.0.4

and i have 4 servers accessing the router using a private ip (/24)

on each server i assign a secondary ip with the public ip using a subnet /32

Actually it's working with 4 linux servers, but i want to replace one with a windows server, and i cannot assign the public ip with a /32 netmask...

I do not want to use nat on the router to route the public ip's to the private ones, it's working great with static routing (and the real situation is much more complex, all the servers are using public ip's as primary, and i add a secondary ip from another public subnet, this secondary ip should be able to be rerouted easyly to another server, even on another network, i do not want to split a /24 public range to just 64 /30)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17877962
Interesting.  Do the 4 servers need to communicate with each other using the public IP?  If not then a /30 would work jut as well as any comms would go outside the gateway.

I've never seen this done on Windows on a LAN card though it happens all the time in dialup type situations.  

Have you tried using the commandline toolBTW:

netsh
interface
etc.

type help at each level after netsh for syntax - not on windows at the moment to check myself sorry.

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17877974
BTW I presume you'd have to combine that with a static default route too?

route -p add 0.0.0.0 mask 0.0.0.0 192.168.0.254 192.168.0.4

or whatever though I'm not entirely sure it will accept that either, I presume the first IP on this physical NIC is the private IP?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:antarex
ID: 17879530
With netsh, i've tryed to add an IP with mask 255.255.255.255, but the answer :

255.255.255.255 is not an acceptable value for mask.

The 4 servers need to communicate with each other, but even, using a /30 is not a good idea, with a /30 you should not use the first nor the last ip of the range as it's used for network and broadcast.  The broadcast trafic sent by one computer could mess the one using the broadcast IP of the range...  it's of course possible to use a loopback adapter to avoid the broadcast trafic on the lan, but it's really not a clean solution...

As i've told, the real situation is more complex, the /32 IP's are used as "portable" public IP, if a server crash in a datacenter, i can reroute the /32 portable IP to another server even in another datacenter easyly, i just need to update the routing table of my main router...  but it's much easyier to explain using a "common" situation :)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17879606
I understand what you are trying to do OK, just not sure I've ever seen it done in Windows.  Agreed having tried that you can't add it directly to Windows in that way either.  The fact that the four may need to communicate over the public IP's makes it more difficult of course too -- now my ISP gives me a block of 8 which makes things easier of course :-)

I suppose you could drop it down to a /28 or /29 and so avoiding the broadcast or network numbers in your 'fake' subnet.

Sorry no magic answers, mainly just interested!

Steve
0
 
LVL 1

Author Comment

by:antarex
ID: 17879736
As i use public ip's for public servers, it's not a good idea, i never know when i would need to communicate with another server wich use an ip in the /28 or /29 subnet (emails,...).  For a public use i need a strictly correct configuration, the router route a /32 IP, i need to define a /32 IP on the server...  

Thanks for your suggest, but i do not look for a way to turnaround :)  There should be nothing wrong with a /32 IP, it's commonly used for many other purposes (PPP, DSL, PPTP, CableRouter,...), i do not see why Windows does not allow it on a lan interface (at least as secondary IP/Alias)...
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 500 total points
ID: 17879837
Good luck.  The mask data seems to get copied to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{GUID of NIC}\Parameters\Tcpip\SubnetMask

no idea whether it will handle a change here OK and can't test right now without my test machines here but feel free to regedit yourself, will probably need a reboot to take, or possibly NIC disable / enable to hope you've got local access to the console or through iLO :-)

Steve
0
 
LVL 1

Author Comment

by:antarex
ID: 17889038
I've looked up this way, but the right registry key is : HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUI of NIC}

It seems to work like that after rebooting the server, but now i have a netmask error each time i try to open the tcp/ip advanced settings, thus i need regedit each time i want to modify a setting...

Not a great solution, but it's working, it's the most important...  i will try to fill a bug report, it's strange that Windows does not comply with such a basic tcp/ip settings...

Thanks for your help, it pointed me in the right direction :)
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17889118
OK, guess it depends upon OS etc. It seemed to change the one above when I looked.  Interesting discussion anyway, never thought of using a 255.255.255.255 IP in this way before.  Steve
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now