Click here to get back home

Any Way to Stop Broadcasts From Crossing Adapters / Subnets?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Any Way to Stop Broadcasts From Crossing Adapters / Subnets? Will 04-08-2008
Posted by Will on April 8, 2008, 3:06 pm
Please log in for more thread options
 I have a Windows 2003 server that is a virtual machine host computer with
maybe five virtual machines, each bridged to a separate host adapter on a
dedicated subnet. One of these subnets has a broadcast to UDP 2164 with
mask 255.255.255.255 and sure enough the broadcast is crossing over and
going out on every adapter on the host computer.

Is there any registry setting in Windows 2003 that will stop this annoying
behavior and keep broadcasts limited to the subnets on which they originate?

I realize I could go out and buy a commercial firewall and stop it this way
but I hate to incur the expense and time investment for that just to isolate
broadcasts!

--
Will



Posted by Bill Grant on April 8, 2008, 7:24 pm
Please log in for more thread options
 Did you really mean subnet ? If they are really in different IP subnets,
this shouldn't happen. If they are in the same IP subnet, that is what I
would expect.

What do the host adapters connect to? The same switch?

>I have a Windows 2003 server that is a virtual machine host computer with
> maybe five virtual machines, each bridged to a separate host adapter on a
> dedicated subnet. One of these subnets has a broadcast to UDP 2164 with
> mask 255.255.255.255 and sure enough the broadcast is crossing over and
> going out on every adapter on the host computer.
>
> Is there any registry setting in Windows 2003 that will stop this annoying
> behavior and keep broadcasts limited to the subnets on which they
> originate?
>
> I realize I could go out and buy a commercial firewall and stop it this
> way
> but I hate to incur the expense and time investment for that just to
> isolate
> broadcasts!
>
> --
> Will
>
>


Posted by Will on April 8, 2008, 11:40 pm
Please log in for more thread options
> Did you really mean subnet ? If they are really in different IP subnets,
> this shouldn't happen. If they are in the same IP subnet, that is what I
> would expect.
>
> What do the host adapters connect to? The same switch?
>
>>I have a Windows 2003 server that is a virtual machine host computer with
>> maybe five virtual machines, each bridged to a separate host adapter on a
>> dedicated subnet. One of these subnets has a broadcast to UDP 2164
>> with
>> mask 255.255.255.255 and sure enough the broadcast is crossing over and
>> going out on every adapter on the host computer.
>>
>> Is there any registry setting in Windows 2003 that will stop this
>> annoying
>> behavior and keep broadcasts limited to the subnets on which they
>> originate?
>>
>> I realize I could go out and buy a commercial firewall and stop it this
>> way
>> but I hate to incur the expense and time investment for that just to
>> isolate
>> broadcasts!
>>
>> --
>> Will

The adapters do NOT connect to the same switch.

Adapter one is configured for 192.168.231.0/24. Adapter one is the host's
connection to a firewall (direct connection).

Adapter two is configured for 10.0.54.0/24. Adapter two is the host's
connection to a tape library.

Host is NOT configured to route.

Could this be a device driver defect in the drivers for either of the
adapters?

--
Will



Posted by Bill Grant on April 9, 2008, 1:10 am
Please log in for more thread options

> The adapters do NOT connect to the same switch.
>
> Adapter one is configured for 192.168.231.0/24. Adapter one is the
> host's connection to a firewall (direct connection).
>
> Adapter two is configured for 10.0.54.0/24. Adapter two is the host's
> connection to a tape library.
>
> Host is NOT configured to route.
>
> Could this be a device driver defect in the drivers for either of the
> adapters?
>
> --
> Will
>
>

I really have no idea what might cause it. Sorry, I have never seen that
happen.


Posted by Will on April 9, 2008, 2:35 am
Please log in for more thread options
>
>> The adapters do NOT connect to the same switch.
>>
>> Adapter one is configured for 192.168.231.0/24. Adapter one is the
>> host's connection to a firewall (direct connection).
>>
>> Adapter two is configured for 10.0.54.0/24. Adapter two is the host's
>> connection to a tape library.
>>
>> Host is NOT configured to route.
>>
>> Could this be a device driver defect in the drivers for either of the
>> adapters?
>>
>> --
>> Will
>>
>>
>
> I really have no idea what might cause it. Sorry, I have never seen that
> happen.

Looks like I have stumbled on some really strange misfeature of one of the
drivers or of Windows itself.

I traced the problem down and it's a really bizarre one. We started out
with a four port Intel adapter, and added to the Windows 2003 server a six
port Silicom adapter. Someone migrated a subnet off the four port Intel to
the Silicom.

Fine so far but they forgot to deassign the IP address on the Intel, but
they to further complicate matters they unselected Internet Protocol
(TCP/IP) in the list of Network Connection items for the Intel adapter.
The Intel adapter is also being used as a bridging port for VMWare, so the
Intel adapter was in a very indeterminate state:

- adapter as enabled
- IP was assigned to a static IP in an overlapping subnet
- IP was deactivated
- port was being used for VMWare bridging on a different subnet

With the card in that weird state, some of the traffic started to bridge
across the two adapters and merge with VMWare traffic on virtual adapters
bridged to some of the same ports. After fixing up the misassigned IP,
most of the bridging stopped. I still notice some abnormalities, such as
Intel adapters that identify themselves through Arp in Wireshark as being
Silicom Mac addresses. But the catastrophic crossing of traffic across
adapters looks like it is cured.

--
Will




Similar ThreadsPosted
WAN stop respond June 1, 2006, 11:13 am
stop some users login at a PC. October 6, 2005, 3:00 pm
Stop Browsing for computers November 7, 2007, 6:14 am
Re: How to Stop a Service From Impersonating Other Users November 24, 2005, 3:01 pm
Re: How to Stop a Service From Impersonating Other Users November 25, 2005, 11:36 am
STOP what you’re doing - It doesn’t work! LT69 July 28, 2006, 7:17 pm
allow start/stop a specific service through GPO November 14, 2006, 8:37 am
stop access from one ethernet adaptor July 10, 2007, 9:32 am
Stop baby eating in CHINA January 29, 2008, 10:35 am
Stop syncronization of ALL roaming profiles at logout March 30, 2006, 4:17 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap