Windows Server 2008: specifying the default IP address when NIC has multiple addresses

windows-server-2008 networking nat ip-address nic

47,862

Solution 1

With Server 2008 Service Pack 2 (not R2), or Vista SP2 and MS hotfix KB975808 there is a solution, although a bit clumsy. You would remove all the addresses you DON'T want as a source, then re-add each one at the command line using

Netsh int ipv4 add address <Interface Name> <ip address> skipassource=true

The hotfix enables the "Skip As Source" flag.

For a deeper dive on how different Windows versions select source IPs, see this TechNet blog post.

Solution 2

There isn't such as thing as a "Default IP" for a network interface; rather your systems routing table defines which logical interface should be used when communicating with other devices.

It sounds like what you'd like to do is configure a default route. This would cause all conversations initiated by this machine to be made from a specific IP.

Use route add to add a default gateway

Solution 3

Your situation is not quite clear, but if I get you right:
1) Why won't you just set your "need-to-be the default" IP the last?

2) Or, maybe you can try this (assuming that the gateway address is 192.168.99.1):

route delete 0.0.0.0
route -p add 192.168.99.1 mask 255.255.255.255 192.168.99.100
route -p add 0.0.0.0 mask 0.0.0.0 192.168.99.1 192.168.99.100

To get more information about the syntax of the "route" command, look here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/route.mspx?mfr=true

Solution 4

I've been able to duplicate your issue: it just looks like Windows uses the lowest assigned IP address on a given network interface as the "outgoing" one, regardless of the actual order in which they were assigned.

I wasn't able to find any documentation about this behaviour, but I'm quite sure it is by design.

Edit

I think this really can't be done at the O.S. level, but it can be done by code in your application: a socket can be explicitly bound to a chosen IP address/port pair before connecting it to the remote endpoint. But you'll have to use lower-level libraries than standard web-services ones. I.E. you'll have to manually open a socket, connect it and use it to read/write data.

.NET/C# example:

using System.Net;
using System.Net.Sockets;

IPAddress local_addr = IPAddress.Parse("192.168.99.100");
IPAddress remote_addr = IPAddress.Parse("1.2.3.4");

int local_port = 4242;
int remote_port = 80;

IPEndPoint local_ep = new IPEndPoint(local_addr,local_port);
IPEndPoint remote_ep = new IPEndPoint(remote_addr,remote_port);

Socket s = new Socket(AddressFamily.InterNetwork,SocketType.Stream,ProtocolType.Tcp);

s.Bind(local_ep);

s.Connect(remote_ep);

// Now use the socket to talk to the remote host

This will open a connection to 1.2.3.4:80 originating it from 192.168.99.100:4242, so the remote host will see it coming from exactly that IP address.

Tried and tested by connecting to IIS, it logs the request as coming from the specified IP address.

Solution 5

The source address selection for an outbound call is handled differently by the TCP/IP stack since the Vista overhaul. In XP/2003 and earlier, the source address was determined by the route table when not explicitly declared by the application making the outbound call. Since Vista/2008, the source address could be determined by prefix affinity to the destination or next hop gateway address if destination is not local. The following Technet Blog posting explains the behavior change very well.

http://blogs.technet.com/b/networking/archive/2009/04/24/source-ip-address-selection-on-a-multi-homed-windows-computer.aspx

View more solutions

47,862

Cédric Boivin

Updated on September 17, 2022

Comments

Cédric Boivin almost 2 years

I have a Windows Server which has ~10 IP addresses statically bound. The problem is I don't know how to specify the default IP address.

Sometimes when I assign a new address to the NIC, the default IP address changes with the last IP entered in the advanced IP configuration on the NIC. This has the effect (since I use NAT) that the outgoing public IP changes too.

Even though this problem is currently on Windows Server 2008.

How can you set the default IP address on a NIC when it has multiple IP addresses bound?

There is more explication on my problem.

alt text http://www.nmediasolutions.com/_images/probleme/ip.png

Here is the output of ipconfig:

DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.99.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.52(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.53(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.54(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.57(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.58(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.59(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.62(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.63(Duplicate)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.99.1

If I do a pathping there is the answer, the first up is the 99.49, also if my default IP address is 99.100

Tracing route to www.l.google.com [72.14.204.99]
over a maximum of 30 hops:
  0  Machine [192.168.99.49]

There is the routing table on the machine:

 Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    192.168.99.49    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.49    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.49    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

I think my route should look like:

Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    **192.168.99.100**    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.100    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.100    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

How can I be sure the IP address used in the image (supposed to be the default IP address) will be use by my server as the default address?

Cédric Boivin over 14 years

How i can change my routing table, actually is the 99.49 i need the default route be 99.100
aschufo over 14 years

This is really weird as our infrastructure here uses this a lot for webserver filters and stuff. Have you tried removing all the IPs from the card properties except the one you want to be default, apply, and put them back afterwards?
Cédric Boivin over 14 years

Yes i try it, and the same problem occur when i enter 99.49
Cédric Boivin over 14 years

Don't work, see my modification on my post.
Cédric Boivin over 14 years

it's there a way to change the interface address ?
Alexey Shatygin over 14 years

try without "if": route -p add 192.168.99.1 mask 255.255.255.255 192.168.99.100 but it should work, could you quote the erroe please?
fxmtor over 14 years

Default gateway is default route and vice versa. It's just a matter of terminology.
aschufo over 14 years

is 99.49 the lowest of your IPs?
Cédric Boivin over 14 years

I know that, but cannot change the default route. How i can change it ? What is the correct command formulas
Cédric Boivin over 14 years

Yes it is you can look my ipconfig on the top
Cédric Boivin over 14 years

This time, no error message, but that don't change nothing
Jeff Miles over 14 years

You could try this: "route add 0.0.0.0 mask 0.0.0.0 192.168.99.100 metric 2"
Alexey Shatygin over 14 years

It should change your routing table. Can you do "route print", this command, and "route print" again and put the output here?
Alexey Shatygin over 14 years

And, before doing the command I've posted, make "route delete 0.0.0.0"
Cédric Boivin over 14 years

It's not work, the interface adresse of my 0.0.0.0 entry don't change and if i make a pathping on external site, the first up still the same before the change
Cédric Boivin over 14 years

This command is not good , route -p add 0.0.0.0 mask 0.0.0.0 192.168.99.1 192.168.99.100 if 192.168.99.100 (Why specify 192.168.99.1 and 192.168.99.100) ?
Mircea Vutcovici over 14 years

It is not called "Default IP" it is called "primary IP address" and it is the IP address that all new TCP/UDP connections generated from the server will have. All other addresses are called secondary. See: cisco.com/en/US/docs/ios/12_3t/ip_addr/command/reference/…
Cédric Boivin over 14 years

I read somewear that could be a binary comparaison with the ip address ?
Massimo over 14 years

Yes, binary comparison is very likely the way "the lowest one" is selected; I haven't tried with IPs belonging to different subnets, though.
Cédric Boivin over 14 years

My biggest problem at this time, is i got over 300 web sites on multiple ip addresse, and when my server go on internet to call another server (web service), i can't be certain wich public ip my server will have.
Cédric Boivin over 14 years

Thanks for this answer but in my scenario it's impossible to applicate this solutions. The solutions need to come from the OS, or maybe the firewall. It's a good way to solve the problem by application, but we go to many application, to solve the trouble on each web site.
Massimo over 14 years

But even if you were able to do as you wish, you couldn't make different web sites use different IPs; this way, you could :-)
Massimo over 14 years

Anyway, I really don't think there's anything you can do at the O.S. level here...
Cédric Boivin over 14 years

I really dont know why this answer get 4 point. This answer solve nothing !
Cédric Boivin over 14 years

Thanks, actually i got lot of web site are binding with different local ip Nat to different public IP for SSL web site and is working very fine. The only problem is when a web site, try to communicate a external web service, i can't be certain of the public ip of my call
Massimo over 14 years

I was exactly talking about outgoing connections; luckily, there has never been any problem for incoming ones :-)