Telling Windows to choose one of two NICs

I have a problem and wonder if any of you have an answer.

I work in an office that has a 5 static-IPs DSL account. So far, we only use 1 of them, which is the public IP for a NAT router. All the office computers are connected through this router and therefore only use 1 of the 5 IPs. The modem is a Netopia that has 4 ports with one of these used by the NAT router, leaving 3 ports unused. Any computer that is connected to any of these ports will get a static public IP.

So I decided to make good use of the remaining 4 static public IPs.

My machine, which is part of the NAT network mentioned earlier, has one NIC and it is configured to obtain its IP (private) automatically from the router's DHCP server. I added a second NIC to this computer and give it a static IP, one of the remaining unused 4 public IPs. This second NIC is connected directly to one of the remaining unsed ports on the Netopia. So basically, my computer has a choice as to how to get out to the Internet: the first NIC behind the NAT router or the second NIC and has a direct connection to the Internet.

When I start up the computer, Windows XP Pro always use the second NIC to go to the Internet. But how can I tell it to always use the first NIC first before jumping to the second NIC? Or to be more precise, NEVER use the second NIC for connectivity. This is the immediate problem I need to solve.

The reason I want to do this is I have VMWare on my computer. Therefore I only want VMware to associate itself to the secondf NIC as if the first NIC does not exist. So far, it does that. Since I use VMWare for practicing running a webserver, security for itself is not important right now. However, I do not want Windows to use this second NIC because that would expose it to the Internet directly w/o the protection of NAT as it would be if Windows uses the first NIC.

 

I'm confused! You have taken the time and trouble to set up a more direct connection to the Internet (NIC2) but do not want to use it. Why did you bother to set it up in the first place?

Simply disable NIC 2 in Device Manager. Whenever you want to use it enable it.

By the way, I don't dispute that you should use the NAT connection.

DRD

 

Why not just forward port 80 to your private IP?

What is the subnet mask on the WAN side?

Your asking your PC to be a gateway and I'm not sure that's going to happen.

 

The problem with port forwarding is there is already a webserver at the office. This server is connected to the NAT router and has NAT forward incoming data to it via port 80. Of course, I can use port 81 and so forth, but since there are 4 more public IPs just sitting there, I want to make good use of them, and I want to do it on the same PC. Hence the 2 NICs.

This is why I want to use another public IP for this virtual machine. Sure the easy answer is just get another physical computer and my problem is solved. But I want to have both my "work" Windowson the host machine and "practice" Windows via VMWare on the same physical machine. Simply put, I want the VMWare machine to connect to the Internet on a separate public IP address through a separate NIC. Another advantage of this is I may want to learn VPN as well. VPN does not work over NAT.

 

Sure is a whole lot easier to have a "real firewall" Like Net Screen, Fortigate, Cisco, yada yada.
Port 80 requests from WAN IP xx.xxx.x.x1 forward to lan IP xxx.xxx.x.10
Port 80 Requests from WAN IP xx.xxx.x.x2 forward to LAN IP xxx.xxx.x.11

Hey heres an idea. Throw a linksys or D link between your WAN and second NIC. DONE!

 

The original problem still remains: how can I tell XP Pro which NIC to use to go out to the Internet when both are valid with all the necessary means to do so. I am so sure that this is a matter of a registry hack. Where in the hives does XP keep track of its NIC settings? Any master registry hackers here?

 

You have almost lost me, but I think we can pull through this.

What kind of router do you currenly have in place?

 

Here's something to try. The NIC in question is using static address, correct. Removing the settings for a default gateway will stop it from getting out. However, it also means that a web server cannot respond to inquiries from outside.

DRD

 

But that is the whole point of having a webserver, so that it can be accessed from the Internet. The webserver will run inside a virtual machine.

The problem is pretty straight forward but it takes a bit of reading to let it sink in. The reason for that is we have so accustomed to have one WAN connection that is splitted into many computers through a NAT router. Also, we are so accustomed to have only one NIC per PC. Therefore, a new mindset here is one PC with two physical NICs. One NIC gets a private IP from the DHCP server of a NAT router (Linksys WRT54G). The other NIC is given a static public IP and is connected directly to a Netopia modem that has 4 ports on its pseudo-LAN side. Any NIC attached directly to one of these ports must have a public IP assigned to it because the Netopia's DHCP server is turned off and therefore it acts like a modem.

There are several problems here, but let's focus on one at a time. The immediate problem is how to tell Windows XP Pro (or Server 2003 for that matter) to use one NIC for all of its networking needs including Internet Explorer, Outlook Express, and file and printer sharing. Everything except one program. This one program is given exclusive use of the second NIC that is connected to the Netopia directly and therefore gets a static public IP as mentioned earlier. This program is VMWare virtual machine. Basically, as far as VMWare is concerned, this second NIC with a static public IP is one of the Netopia's pseudo-LAN ports. VMWare will then use its own bridging and virtual switches and network cards and create its own private little LAN behind this real second physical NIC on the physical machine, but I digress.

Back to the immediate problem. I have done research on this seemingly simple problem on and off for over 3 years ever since I was asked to setup a network for an office that has a 5 static IP DSL account from SBC. All of those three years, they have only used 1 of the 5 available public IPs. What a waste of scarce public IPs in my opinion. Like I said earlier, I could simply get a second physical PC and connect its only NIC to one of the remaining unused ports of the Netopia. But the whole point of VMware is to have multiple copies of Windows and Linux distros running simultaneously. But the problem with this setup is Windows can't seem to be told what NIC of the 2 NICs to use for certain program in an exclusive manner.

 

I came up this tip on some site.

I tried it out but it does not work. I have not exhausted my attempts yet. Will try again. Odd though, considerding how advanced Windows networking is, this is not an easy thing to do.

 

Advanced? It's automated, but I wouldn't call that advanced. NT4 was better: it was easy to alter binding orders and it did what you told it to do, not what it thought was best for you.

I'm not sure exactly how VMWare works, but if it grabs the NIC at the hardware level can you not leave the NIC unconfigured (or with a 10.0.0.0 address that won't work over the internet) in the underlying Windows OS, and only assign it an IP address in the VMWare environment.

By the way - if it were me I'd use a seperate PC and then use desktop sharing to access the other PC. More secure, and not expensive considering the current price of a PC.

 

Maybe I'm missing something here but can't you simply set the connection order of the NICs?

I don't have a multi-homed XP box to look at but this pic from a 2K3 server looks almost identical to a 2K server so I'm guessing XP is the same.

We have one server with 4 NICs (eek) and if the order isn't set right, it doesn't work worth a darn.

 

Newt, if you wouldn't mind expanding on how(what criteria you use) to determine the order. And why (what about the order that makes the diff) especially in your case with 4 NIC's. Been trying to find someone to explain this for long time (been following this thread closely) Thanks, Joe.

 

Found this link showing how to get binding order in XP.

http://www.dslreports.com/faq/xpinstall/5. Networking

 

Moboking - splendid link.

The binding order determines the order in which the system queries the networking interface. If you have two network cards, if you bind network card 1 above network card 2, your system will alway try to use network card 1 before it uses network card 2. So if you use the network connected to network card 2 more than the other, you'll get better performance switching the binding order.

However, some process are dependant on binding order as Newt hints at. So try it first and make a note of the original setting in case something breaks on making the change - you may need to set it back.

Binding order also affects protocols. If you have IPX/SPX and/or NetBUEI bound above TCP/IP, your system will try to use the other protocols first before trying TCP/IP. So making sure TCP/IP is bound at the top is an important setting.

 

Does that mean I can tell one program to use one NIC while another use the other NIC? In other words, I can download two files from the Internet simultaneously with IE using one NIC and Firefox using the other NIC? Better yet, how about a more granular approach and have one IE download using one NIC and another IE download using the other NIC? That would be so cool.

 

No. The binding order doesn't go that far up the TCP/IP stack - that is it doesn't go up to the application layer. You can not set binding order by application as far as I am aware, without coding your own interface. Sockets might do it, but I haven't played with that.

The binding order affects layers 2 and 3. That is the NIC (layer 2) and the Network layer protocols (e.g. IP, IPX)

 

I think the application problem tends to be either a timeout or routing issue. If the binding order is badly set up, network systems with short timeouts take too long to set up the connection. Sometimes systems spend too much time routing discovery broadcasts to the wrong connection if the binding order is wrong.

 

TJ-IT - as ReggieB has just posted in another thread, the PC will attempt to use the NICs in the order listed starting with the topmost and only going to another one if there is no joy from the topmost.

We have at least 2 NICs in all of our servers. One is wired to the main network with all the usual settings to find DNS servers, routers, etc. The other is wired to a seperate fiber network that is only used for backups. It is not set up to find DNS, gateways, or any other things.

The normal, everyday network communications to and from the server are from the main network so that NIC is listed at the top and is used by the server as it's default. However, any packets addressed to the backup network will fail on the first NIC - by design - and will then try the 2nd NIC which will work.

Servers that are part of one of our clusters have an additional NIC to use on a small network that is specific to the cluster and is used for 'heartbeat' signals. Since there is more of that activity than backup stuff, the heartbeat NIC is 2nd and the backup NIC is 3rd.

The monster with 4 of them has a normal LAN and backup NIC (top and bottom) with two others that communicate with specialized (and isolated) networks here in the factory. I'm not really clear on what sort of traffic they deal with but simply know what order the bindings have to be for the thing to work. You can't tell from this picture but the FISHER LAN NIC is normally disabled but when it is enabled, it has to be 3rd.

I think the example ReggieB uses where he has a wired NIC and a wireless and set the wired first since it is faster will apply to more folks on this forum than mine do but for any corporate IT folks, there may be food for thought with a high-speed backup LAN that is physically isolated from the main network. Ours consists of fiber, a switch, and 80 servers so we even were able to use a 192.168.0.x setup. It avoids any possible confusion since our main WAN is using 172.x.x.x.

 

Thanks Newt, ReggieB, helped me pull things together and understand better.

That is the setup being used where I work, except only about 35 servers

Reason this thread caught my attention was that quite a while back I tried using 2 NICs, one connected to my workstation on home network connected to Linksys router>DSL>modem. The other NIC (in workstation) connected to a Cisco router> (psuedo internet) <another Cisco router> to testlab servers/workstations on VMware machines (all of these machines onsite @ home). With both NICs enabled, was not able to access the internet from home workstation. With DSL side NIC ONLY enabled was able to access internet fine. With Cisco side NIC ONLY enabled was able to access all VMware machines and vice/versa but not with both NICs enabled. At the time I did not consider the order, and have found out since, from the setup at work that they removed the gateway from the backup NICs (since backups are on 192xxx, other NIC on 166xxx). I have relocated (home) since and have not got the Cisco's setup yet, but this has been haunting me ever since, Noticed you also have just a switch on backup side (no router) therefore no gateway address included on that NIC ?? Do any of the 4 NICs enabled have different gateways entered? Thanks all, for your info and help, Joe.