I wrote a tool running on a system (Win7) with two network interfaces, each of which is connected to a different subnet, each with its own gateway, which is then connected to two separate remote networks (there are outgoing firewalls after each gateway). Im initiates outgoing TCP connections through both network adapters using Socket.Bind (before Connect ) for each corresponding NIC IP address. The first network adapter works fine, but for the second network adapter Im gets a SocketException : "A socket operation was attempted for an unavailable network."
My initial understanding was that since sockets are tied to a specific endpoint of a particular network adapter that has its own gateway, the connection should be directed to that gateway and therefore should work. However, it seems that the original IP address is being ignored, and the routing works in accordance with the local routing table (i.e., the Request for the second network adapter goes to the first, by default, to the network and is rejected because it has the wrong subnet).
Setting up local routing tables helps, but it makes me wonder about all the considerations about the ability of a socket to bind to a specific local IP address.
After doing some additional reading, I found that, indeed, such a thing as “source IP routing”, but is disabled by default in Windows (through the DisableIPSourceRouting registry DisableIPSourceRouting ) due to security reasons, as described, for example, here:
Questions:
- If my initial understanding was correct (i.e.
Socket.Bind should be enough) - why doesn't it work without changing routing tables? - If my understanding is NOT correct (i.e.
Socket.Bind ignored and routing is used) - what is the point of Socket.Bind? Why do this at all? - Also, Id like to understand better, what is the real risk of enabling IP source routing (preferably with an example of possible use)?
- Any ideas on resolving the requirement without manually configuring the local routing table are welcome.
Thank you very much.
Borka source share