We had a new Microsoft Windows Server 2003 Web Edition server from Dell that had a duel Intel(R) PRO/1000 MT Network Card install. We had one of the network card’s ports connected to our LAN and the other network card’s port connected to the DMZ. Occasionally the machine would stop responding to any traffic that came from the Internet. It would still respond to LAN traffic, but WAN traffic was blocked. We put a network sniffer on the network and confirmed the WAN/internet packets were getting to the server, but the server was not responding to the traffic. Disabling and re-enabling the network card would fix the problem.
The Cause
After searching through numerous newsgroup articles and websites, we called Microsoft’s technical support. Through talking with them, we discovered that Windows uses a single routing table rather than each network card having its own routing table. Each of our network cards had a default gateway defined. The DMZ network card had an internet default gateway and the LAN network card had a LAN default gateway. The DMZ network card (being in the DMZ) could not see the LAN default gateway. Since there is only one routing table for Windows, each network card essentially had two default gateways defined (the DMZ one and the LAN one). This was not a problem for the LAN card, because he could see both gateways, but this was a problem for the DMZ card, because he could only see one of the two default gateways. If, for some reason, the DMZ default gateway becomes unavailable, Windows will switch to the next default gateway in the list. In this case it would switch from the DMZ gateway to the LAN gateway, causing the DMZ network card to no longer work because it could not reach the LAN default gateway. It would continue in this state until the network card was reset, re-establishing the DMZ default gateway as the gateway that should be used.
The Solution
The solution to this problem is to only have one default gateway defined, even though there are two network cards on the server. The DMZ network card was set to use the DMZ default gateway and the LAN network card did not have any default gateway specified.
More Information
Multiple Default Gateways Can Cause Connectivity Problems
https://static.heironimus.info/blog/msdn/159168.html
Default Gateway Configuration for Multihomed Computers
https://static.heironimus.info/blog/msdn/157025.html
No comments:
Post a Comment