Problems external pinging second interface on two NIC two subnet Windows 7

2

I have this configuration working fine with Linux, but Windows puts up a nasty fight.

The Windows 7 box is setup with two NICs, each for a separate subnet.

  1. NIC 1 is the primary interface and has the default gateway and internet access.
  2. NIC 2 is a secondary interface to a small private subnet with no default gateway.

Everything works fine from the Windows box. I can ping and get connections over the expected interface to the appropriate subnet; pings and connections for the NIC 2 subnet work over NIC 2 and pings and connections on NIC 1 work fine.

The problem is Windows doesn't respond to external pings on NIC 2. The interface stats on Windows show that the pings are arriving, but there is no response to them. External pings to NIC 1 are fine.

Firewall is disabled.

Any suggestions would be appreciated. This same setup works without any issues on Linux.

Windows IP Configuration


Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::cd15:7e83:1dd8:4531%14
   IPv4 Address. . . . . . . . . . . : 192.168.1.7
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : nowhere.com
   Link-local IPv6 Address . . . . . : fe80::2c63:4544:c29d:5dfd%11
   IPv4 Address. . . . . . . . . . . : 10.13.132.63
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.13.132.1



    $ route print
===========================================================================
Interface List
 14...52 54 00 24 8b 8e ......Red Hat VirtIO Ethernet Adapter #2
 11...54 52 00 77 87 59 ......Red Hat VirtIO Ethernet Adapter
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      10.13.132.1     10.13.132.63    266
      10.13.132.0    255.255.255.0         On-link      10.13.132.63    266
     10.13.132.63  255.255.255.255         On-link      10.13.132.63    266
    10.13.132.255  255.255.255.255         On-link      10.13.132.63    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    266
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.13.132.63    266
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.13.132.63    266
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      10.13.132.1  Default
===========================================================================

Chris Welch

Posted 2014-10-03T14:36:52.310

Reputation: 21

You have to manually setup the persistent route. Windows doesn't do this automatically. Failing to setup the persistent route prevents access to the 192.168.1.0 subnet. Try it. Windows SHOULD do this but doesn't. It is automatically handled in Linux for example. All firewalls are disabled. If the firewall was on, the traffic count on NIC 2 would not increase from the external pings. – Chris Welch – 2014-10-03T15:35:25.833

1Tore down the interface and set it up again and the default routing does setup a 192.168.1.0 entry. So the persistent route is not necessary. Updated posting with revised routing table display. – Chris Welch – 2014-10-03T15:58:54.743

Any luck disabling any firewalls? – I say Reinstate Monica – 2014-10-03T18:51:18.020

As stated, there are no firewalls. Problem still stands – Chris Welch – 2014-10-06T15:48:28.667

@ChrisWelch I have the same problem, did you find the answer? – hamed – 2016-06-11T08:31:54.760

Answers

1

If the pings to NIC 2 are coming from a different subnet/network, such as 10.0.0.0/8, then your ping responses back will get sent out the default gateway, on NIC 1. This is because the ping response is targeting a 10.0.0.0/8 address, and traffic to such an address, by the routing table, will go out through NIC 1. The pinging computer doesn't recognize the IP on NIC 1 as the IP that it is pinging, so it drops the received ping response.

Unfortunately, I don't have a solution at this point, only an explanation.

Michael

Posted 2014-10-03T14:36:52.310

Reputation: 11

0

Windows Firewall (or another software-based firewall, if you have one) may be blocking the ping response on your second NIC. For testing purposes, disable the firewall. If that solves the problem, you can add an appropriate rule to allow ping responses out of the second interface.

I would also discourage manually creating a static route to the second interface's subnet. Windows knows that subnet is reachable only via that NIC because of the IP address/subnet mask combination you have specified on NIC 2. The only reason you would need to manually specify a route for NIC2 is if there are additional subnetnetworks only reachable through that interface, in which case there would be a router somewhere on NIC 2's network as well.

IMHO, doing something manually that is already done automatically is adding another variable to complicate the problem you're troubleshooting today, or worse, unnecessarily setting up a future problem.

I say Reinstate Monica

Posted 2014-10-03T14:36:52.310

Reputation: 21 477

Asked: 2014-10-03T14:36:52.310

Viewed: 6 553 times

Active: 2019-12-09T23:01:20.323