none
Multihomed NetBIOS problem

    Question

  • This machine has multiple IP4 addresses on a single NIC, but I will simplify it to just 2 IP4 addresses.
    The primary address is 192.168.0.199 with its gateway on 192.168.0.1
    The secondary address is 172.16.0.199 for VPN acccess from home
    NETSTAT -A -N -P UDP
    shows:
      UDP    172.16.0.199:137       *:*
      UDP    172.16.0.199:138       *:*

    When I try to connect to a share on machine that is not on my local LAN, it first tries to connect to port 445 from 192.168.0.199.  My ISP is blocking port 445, so the connection can't be established.  The networking layer next tries to connect to the remote machine on port 139, but the source IP address is 172.16.0.199 which is not the proper NAT address for communicating with the outside world.  You can see this happening with the command NETSTAT -N -P TCP issued repeatedly while it is trying to establish the connection, or with a packet sniffer.

    NetBIOS is binding to the numerically lowest IP address.  If I add a fictitious IP address of 18.1.1.1 to the NIC, the netstat comand above now shows
      UDP    18.1.1.1:137           *:*
      UDP    18.1.1.1:138           *:*

    On a multihomed machine, the binding should be to the primary address on the NIC.  If there are multiple NICs, the network client should honor the binding order in the advanced networking properties, but should respect static routes that could force use of an alternate gateway accessible to one of the additional NICs.

    Tuesday, January 26, 2010 10:11 PM

All replies

  • Hi,

     

    Based on my research on this multi-homed network issue, I would like to share the following with you:

     

    Source IP address selection on a Multi-Homed Windows Computer

     

    Hope this helps. Thanks.


    Nicholas Li - MSFT
    Tuesday, February 2, 2010 10:34 AM
    Moderator
  • That would be fine if NetBIOS were binding to the primary address on the adapter.  Instead, it is binding the the numerically lowest IP address under certain circumstances.  It seems to happen when you edit the primary IP address.

    Start with 192.168.0.199
    Add 172.16.0.199

    The command "NETSTAT -ANP UDP" shows
    UDP 172.16.0.199:1900
    UDP 192.168.0.199:137
    UDP 192.168.0.199:138

    Now add 10.0.0.199
    The command "NETSTAT -ANP UDP" shows
    UDP 10.0.0.199:1900
    UDP 192.168.0.199:137
    UDP 192.168.0.199:138

    Now edit the primary address and change it from 192.168.0.199 to 192.168.0.198
    The command "NETSTAT -ANP UDP" now shows
    UDP 10.0.0.199:137
    UDP 10.0.0.199:138
    UDP 10.0.0.199:1900

    The NetBIOS services are no longer bound to the primary address.  This only becomes a problem when trying to connect to a machine across the internet when port 445 is blocked but 139 is open.  What happens in that case is the networking layer first tries to connect from the primary address to port 445 on the remote system.  When that fails, it falls back to to port 139, but instead of using the primary address as the source address, it attempts to connect from the same IP address that ports 137 and 138 are bound to.

    Also I would think that port 1900 should also bind to the primary address, but it seems to be binding the the numerically lowest IP address on the adapter.

    Tuesday, February 2, 2010 8:55 PM