23

I have a Windows Server which has ~10 IP addresses statically bound. The problem is I don't know how to specify the default IP address.

Sometimes when I assign a new address to the NIC, the default IP address changes with the last IP entered in the advanced IP configuration on the NIC. This has the effect (since I use NAT) that the outgoing public IP changes too.

Even though this problem is currently on Windows Server 2008.

How can you set the default IP address on a NIC when it has multiple IP addresses bound?

There is more explication on my problem.

alt text http://www.nmediasolutions.com/_images/probleme/ip.png

Here is the output of ipconfig:

DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.99.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.52(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.53(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.54(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.57(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.58(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.59(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.62(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.63(Duplicate)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.99.1

If I do a pathping there is the answer, the first up is the 99.49, also if my default IP address is 99.100

Tracing route to www.l.google.com [72.14.204.99]
over a maximum of 30 hops:
  0  Machine [192.168.99.49]

There is the routing table on the machine:

 Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    192.168.99.49    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.49    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.49    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

I think my route should look like:

Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    **192.168.99.100**    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.100    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.100    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

How can I be sure the IP address used in the image (supposed to be the default IP address) will be use by my server as the default address?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Cédric Boivin
  • 732
  • 4
  • 13
  • 31

11 Answers11

11

With Server 2008 Service Pack 2 (not R2), or Vista SP2 and MS hotfix KB975808 there is a solution, although a bit clumsy. You would remove all the addresses you DON'T want as a source, then re-add each one at the command line using

Netsh int ipv4 add address <Interface Name> <ip address> skipassource=true

The hotfix enables the "Skip As Source" flag.

For a deeper dive on how different Windows versions select source IPs, see this TechNet blog post.

Paul
  • 779
  • 1
  • 9
  • 18
6

There isn't such as thing as a "Default IP" for a network interface; rather your systems routing table defines which logical interface should be used when communicating with other devices.

It sounds like what you'd like to do is configure a default route. This would cause all conversations initiated by this machine to be made from a specific IP.

Use route add to add a default gateway

Wesley
  • 32,320
  • 9
  • 80
  • 116
Brian Tillman
  • 673
  • 3
  • 5
2

Your situation is not quite clear, but if I get you right:
1) Why won't you just set your "need-to-be the default" IP the last?

2) Or, maybe you can try this (assuming that the gateway address is 192.168.99.1):

route delete 0.0.0.0
route -p add 192.168.99.1 mask 255.255.255.255 192.168.99.100
route -p add 0.0.0.0 mask 0.0.0.0 192.168.99.1 192.168.99.100

To get more information about the syntax of the "route" command, look here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx?mfr=true

Alexey Shatygin
  • 736
  • 4
  • 11
1

Could you not use metrics on the IP addresses? In the TCP/IP properties, uncheck Automatic Metric and assign a static one with a value lower than 261 (as shown in your screenshot) to the address you want for your default.

Jeff Miles
  • 2,020
  • 2
  • 19
  • 26
1

A command in the form:
> route add 0.0.0.0 mask 0.0.0.0 192.168.99.1 metric xxx if yyy
will change the address seen when the machine goes to any non-192.168.99.0/24 and non-10.10.10.0/24 address. That is, when the default gateway is used. The metric (xxx) should be higher than anything else to ensure the rule is used. The interface (yyy) must be interface to use. But, I don't think there is a way to control which IP address on that interface to use if there are multiple IP addresses.
> route add 192.168.99.0 mask 255.255.255.0 metric xxx if yyy
is similar but is for any 192.168.99.0/24 address the system goes to. The fact is that assigning multiple IP addresses to a single interface can have these kinds of issues.

Beau Geste
  • 111
  • 1
1

I've been able to duplicate your issue: it just looks like Windows uses the lowest assigned IP address on a given network interface as the "outgoing" one, regardless of the actual order in which they were assigned.

I wasn't able to find any documentation about this behaviour, but I'm quite sure it is by design.


Edit

I think this really can't be done at the O.S. level, but it can be done by code in your application: a socket can be explicitly bound to a chosen IP address/port pair before connecting it to the remote endpoint. But you'll have to use lower-level libraries than standard web-services ones. I.E. you'll have to manually open a socket, connect it and use it to read/write data.

.NET/C# example:

using System.Net;
using System.Net.Sockets;

IPAddress local_addr = IPAddress.Parse("192.168.99.100");
IPAddress remote_addr = IPAddress.Parse("1.2.3.4");

int local_port = 4242;
int remote_port = 80;

IPEndPoint local_ep = new IPEndPoint(local_addr,local_port);
IPEndPoint remote_ep = new IPEndPoint(remote_addr,remote_port);

Socket s = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

s.Bind(local_ep);

s.Connect(remote_ep);

// Now use the socket to talk to the remote host

This will open a connection to 1.2.3.4:80 originating it from 192.168.99.100:4242, so the remote host will see it coming from exactly that IP address.

Tried and tested by connecting to IIS, it logs the request as coming from the specified IP address.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • I read somewear that could be a binary comparaison with the ip address ? – Cédric Boivin Mar 10 '10 at 18:13
  • 1
    Yes, binary comparison is very likely the way "the lowest one" is selected; I haven't tried with IPs belonging to different subnets, though. – Massimo Mar 10 '10 at 18:25
  • My biggest problem at this time, is i got over 300 web sites on multiple ip addresse, and when my server go on internet to call another server (web service), i can't be certain wich public ip my server will have. – Cédric Boivin Mar 10 '10 at 21:48
  • Thanks for this answer but in my scenario it's impossible to applicate this solutions. The solutions need to come from the OS, or maybe the firewall. It's a good way to solve the problem by application, but we go to many application, to solve the trouble on each web site. – Cédric Boivin Mar 11 '10 at 14:00
  • But even if you were able to do as you wish, you couldn't make different web sites use different IPs; this way, you could :-) – Massimo Mar 11 '10 at 20:07
  • Anyway, I really don't think there's anything you can do at the O.S. level here... – Massimo Mar 11 '10 at 20:08
  • Thanks, actually i got lot of web site are binding with different local ip Nat to different public IP for SSL web site and is working very fine. The only problem is when a web site, try to communicate a external web service, i can't be certain of the public ip of my call – Cédric Boivin Mar 11 '10 at 22:17
  • I was exactly talking about outgoing connections; luckily, there has never been any problem for incoming ones :-) – Massimo Mar 12 '10 at 05:47
1

The source address selection for an outbound call is handled differently by the TCP/IP stack since the Vista overhaul. In XP/2003 and earlier, the source address was determined by the route table when not explicitly declared by the application making the outbound call. Since Vista/2008, the source address could be determined by prefix affinity to the destination or next hop gateway address if destination is not local. The following Technet Blog posting explains the behavior change very well.

http://blogs.technet.com/b/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

1

I have Windows 2008 R2 SP1 x64 Enterprise edition being used as a Web servers with One NIC.

I ran into the same issue described above. I want the Outbound connections to be handled by the default IP address (the one signed to the server) but it keeps randomly choosing which IP address out of my 10 IP addresses for the my 10 websites on that server.

They all show as preferred IP addresses if you run the following command.

Netsh int ipv4 show ipaddresses level=verbose

I tried downloading the Hot Fix but for some reason (and I double, triple checked) it said "it cannot run on this OS version). If you guys want to try here it is.

If you have MS DNS server running you will notice that the SAME server name will be registered 11 times (in my case) 1 IP for the server and 10 IP for each of the websites.

What I believe it could be a WORKAROUND (at this time, unless someone else have a better solution)

Is to go to the windows server under the TCP properties where you entered the IP addresses for the Server and Websites, you will see there a DNS tab. Now UNCHECK the REGISTER THE CONNECTIONS ADDRESSES and REBOOT the server (and leave unchecked).

If you check in DNS server all the DNS entries with the IPs will have disappeared.

Now Enter MANUALLY in DNS the Server name and the Preferred IP address. And it should fix the issue.

If any of you have any better solution please share with us.

Gripe: Not sure why MS did not fix this issue. They should have created an option (like a check box) for servers that carries multiple IP addresses on the same subnet for you to select which IP address should be the preferred.

mgorven
  • 30,036
  • 7
  • 76
  • 121
Neo
  • 1
  • 1
0

A 'default address' is the one put in the first input box on the interface card properties since it will reply by default with this one, all others are considered secondary.

(ISA server is a good example of that behavior as you can't tell it to reply with the IP it was contacted with...)

Alexandre Nizoux
  • 498
  • 1
  • 4
  • 15
0

I found a solution:

  • on your primary nic, remove the IP you want as default, remove default gw aswell, give it high metric (example: 50)
  • add secondary nic, give it IP you want as 'default', set default GW here and on advanced tab set lowest metric (example: 1)

This worked in my 2008R2/IIS7 with 20 IP adresses.

BR, Matija

user39080
  • 11
  • 1
0

I solved it by changing the netmask to 255.255.255.255 for all additional addresses and leaving only the default address unchanged.

I hope this solve for you!

GregL
  • 9,030
  • 2
  • 24
  • 35
Aldo
  • 1