-1

Network Topology

I have a Windows Server that is connected to a modem with a public ip address of 42.251.46.174 which is in DMZ that we will call Modem1.

I then have a modem with the public ip address of 93.184.216.34 with a local ip address of 10.0.0.0/24 not in DMZ that we will call Modem2 which has a machine connected to it with the ip address of 10.0.0.23. Modem2 is connected to the Windows Server via ethernet.

The Problem

The Windows Server should use Modem1 over Modem2 for outgoing request to wlan but if Modem1 is offline or not working then Modem2 should take over.

My problem is that I want to be able to ping 10.0.0.23 from the Windows Server when outgoing traffic is going to Modem1. I am only able to ping machines on Modem2 from Windows server when Modem1 is disconnected and Modem2 is the only one in use.

The software ForceBindIP or any similar third party tools have many glitches like not working for child processes and are not a solid solution when it comes to future stability and scalability.

I have tried the following routes in the routing table in the Windows Server with no results:

Persistent Routes:
Network Address     Netmask              Gateway Address     Metric
0.0.0.0                        0.0.0.0                   93.184.216.34          100
0.0.0.0                        0.0.0.0                   142.251.46.174        50
10.0.0.23                    255.255.255.0     10.0.0.1                     1
Stephanie Schneider
  • 1
  • 1
  • Define "not `in control`" in terms of the status of the two NICs (and their IP configuration). You should not lose access to `10.0.0.0/24` as long as the NIC connected to "modem 2" is not disabled or so, since the the route has higher precedence than the route(s) for `0.0.0.0/0` (regardless of metric values). You shouldn't even need to add a persistent route for `10.0.0.0/24`. (And you kinda added it wrongly, as it shouldn't have a gateway address in the usual cases.) – Tom Yan Aug 25 '23 at 13:09
  • With that said though, recently I've read a post that its writer has been experiencing weird/unexpected behavior in Windows that the `0.0.0.0/0` route is chosen in which case it shouldn't be... – Tom Yan Aug 25 '23 at 13:12

1 Answers1

2

You mistake Windows for a high end router.

Ignore that it CAN route - it is not a proper router - and grab yourself a low cost high feature router (for which I always use Mikrotik) and use that to handle routing issues like that.

I do not want to use software like ForceBindIP or any similar third party tools.

Why would windows care what you want - it has features, it has not certain features. Your wish is irrelevant. It does what it does, live with it.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • @StephanieSchneider No, if correctly configured (with hairpin NAT) it will *not* create TLS warnings. – vidarlo Aug 25 '23 at 13:37
  • Seriously, if your team tried ity ou are smart in NOT TELLING US HOW because you can not do hairpin nat with your network layout. – TomTom Aug 25 '23 at 13:48
  • TLS errors occur when there's no match between host name and certificate. In an environment you control, there's ways to make sure those match. Even using alternate certs internally. – vidarlo Aug 25 '23 at 14:01
  • 1
    NO routing ever - NAT, anything, would result in that error. The only way is if someone puts in a web proxy and thus changes the TCP connection with an interim - which indicates that there are some really NOT competent people somewhere in this question. – TomTom Aug 25 '23 at 14:10