locked
Win10 - Dual network setup RRS feed

  • Question

  • Hi

    I got a network configuration problem 

    I got one machine that have two network cards (wired Ethernet)

    NIC 1 - DHCP 8x.x.x.x                    Internet access only (through a external firewall)
    NIC 2 - Static IP 172.16.100.133   Local network but Internet access is possible, but this machine should not used it for that

    NIC 1 gets into the "Public network" category
    NIC 2 gets into the "Private network" category

    The problem is that I do not want internet traffic to go out on NIC2, Only 172.16.* 

    But sometimes the routing get messed up. and 172.16.100.1 will be the first default gateway (Maybe because the order the network are starting up) 

    So I add a persistent route entry 172.16.100.0/255.255.255.0 and than I need to remove the default gateway for net NIC2.
    But when I do that the NIC2 jumps into the "public network category", And now the firewall rules for public will apply and nothing will be able to access the machine on the local network.

    Maybe I'm going at this the wrong way ? The correct way might be settings metric prio for default gw ?

    The thing is that I used to do that on my old hardware. But I then got lots of kernel memory leaks (Page Pool and Non Page Pool grow to many many gig.) But that could have been because of bad drivers. Got new HW now.

    So question is.  Should I control this using metric settings or should I force NIC2 into "private" group using registry hack(?) Or is there some other way ?


    Tuesday, January 12, 2016 5:55 PM

Answers

  • You have setup 2 default gateways !!!!

    Do NOT setup 2 default gateways !! That is BAD networking.

    Setup a default gateway on NIC 1 and NO default gateway on NIC2. Leave it blank in the adapter properties.

    No need for a persistent route, remove that as well.

    Windows is smart enough to route data to a direct attached private network. (172.16.0.0)

    Fix your public network afterwards via group policy if required, but it should not be required. Just browse the network in explorer and it should ask you to change to private by itself.


    Friday, January 15, 2016 7:16 PM

All replies

  • Hi Mathias,

    Please run route print command, give us a screenshot of your current configuration.

    Route

    https://technet.microsoft.com/en-in/library/bb490991.aspx

    Note, don't use the gateway for local network, make the internet gateway is the default gateway.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, January 13, 2016 7:29 AM
  • ** The IP 88.116 IP is Fake, It been changed for privacy reasons **

    IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 88.116.16.1 88.116.17.115 10 0.0.0.0 0.0.0.0 172.16.100.100 172.16.100.133 266 88.116.16.0 255.255.252.0 On-link 88.116.17.115 266 88.116.17.115 255.255.255.255 On-link 88.116.17.115 266 88.116.19.255 255.255.255.255 On-link 88.116.17.115 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 172.16.100.0 255.255.255.0 On-link 172.16.100.133 266 172.16.100.133 255.255.255.255 On-link 172.16.100.133 266 172.16.100.255 255.255.255.255 On-link 172.16.100.133 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 172.16.100.133 266 224.0.0.0 240.0.0.0 On-link 88.116.17.115 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 172.16.100.133 266 255.255.255.255 255.255.255.255 On-link 88.116.17.115 266 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 172.16.100.100 Default ===========================================================================

    If I enter the gateway of NIC1 (88.116.16.1) as gateway for NIC2
    The Network jumps over from private to public again and FW will blocked everything.
    (What is really the trigger for public/private ? )

    I would not like to have the second entry of 0.0.0.0 entry for 172.16.

    What I would like to have instead is

      Network Address       Netmask         Gateway Address 
        172.16.100.0        255.255.255.0   172.16.100.100

    And I can get that by adding it with route as

     route -p add 172.16.100.0 mask 255.255.255.0 172.16.100.100

     and then NOT enter a gateway for the local NIC,
     BUT then I get into the problem again with the network jumping over to public again.

    I think I got something to work If I manually change the Interface Metric. But I'm not sure how that works.
    It used the interface with Highest value first ? Then it will use NIC1 first. BUT  NIC1 goes done the traffic will go out on NIC2. And I do not want to allow that.
    With a route entry as above only destinations of 172 get to NIC2.

    Maybe I need to force the Public/Private properties of NIC2 ?

    Wednesday, January 13, 2016 7:07 PM

  • Maybe I need to force the Public/Private properties of NIC2 ?

    Why not, if it's the only problem. Just change it manually.

    http://www.tenforums.com/tutorials/6815-network-location-set-private-public-windows-10-a.html

    Friday, January 15, 2016 9:03 AM
  • I done that. But I need to do it the "ugly" way using powershell or reghack.

    I don't just want it to work. I want it to be setup correct.
    I was looking for a more correct way to do this from people that are experts with networks.
    Hacking the network settings and forcing a behavior does not really fell like the correct way do to things. Often when you do things like that you can break other things or it can have strange consequences that you are not aware off.

    Often there are recommended way of doing things that have been verified.

    Friday, January 15, 2016 9:38 AM
  • You have setup 2 default gateways !!!!

    Do NOT setup 2 default gateways !! That is BAD networking.

    Setup a default gateway on NIC 1 and NO default gateway on NIC2. Leave it blank in the adapter properties.

    No need for a persistent route, remove that as well.

    Windows is smart enough to route data to a direct attached private network. (172.16.0.0)

    Fix your public network afterwards via group policy if required, but it should not be required. Just browse the network in explorer and it should ask you to change to private by itself.


    Friday, January 15, 2016 7:16 PM
  • Almost worked.

    When browsing network it ask to turn on sharing, and it made both network private and turned on sharing on both. 

    But I fixed in the group police instead as you said. And remove gateway for local network.

    (I think I'm starting to understand how this work now I think. Or maybe not :)  )

    Thanks


    Friday, January 15, 2016 8:37 PM