Dual Blue Iris NICs Need to Talk to One Another

[Alaska Country]

Background
Using a Windows 11 desktop for BI with in a dual NIC configuration. One NIC at 192.168.55.xxx (BI and cameras) and the other at 192.168.1.120 for UI3 set as a static address with no default gateway.

Neither NIC can access the internet as there is no DNS server address (Use the following DNS server address" - left blank) for both NICs.

Issue
Would like to use a Hubitat C7 hub to generate GET statements to change Dahua camera parameters. The hub is on 192.168.1.27.

The hub executes the GET statement, but there is no pathway for the hub to reach the BI NIC at 192.168.55.xxx.

Key Point
Internet isolation is a requirement for the BI computer. i.e. no internet for the Dahua cameras plus no interest for Windows.

Router
The in use Asus RT-N16 does have a VPN Server. Also have a Linksys EA8500 router which has a built in VPN client (IPSec, L2TP, PPTP, openVPN) that could be made available.

Is it possible to make this work and yet keep the entire network isolated from the internet? i.e. no internet - no cloud - no ZeroTier.

 

[biggen]

It’s not DNS that’s the issue. If there is no gateway listed then there is no way to route to another subnet.

If your router is halfway decent, than you can simply block WAN outbound for the cam subnet if you don’t want them taking to the internet. So go ahead and put your gateways in for both subnets so you can route between them and add a WAN outbound firewall rule for the cam subnet that drops traffic.

 

[Mike A.]

Neither NIC can access the internet as there is no DNS server address (Use the following DNS server address" - left blank) for both NICs.

Just so you know, that doesn't really work to isolate things. Anything using an IP address won't do a DNS look up (e.g., some Dahua and Wyze cams look for Google's DNS at 8.8.8.8 and 8.8.4.4 as hard-coded addresses). Also things like various IOT devices using DoH (DNS over HTTPS). As above, you really need to block the MAC/IP addresses at the firewall.

 

[Alaska Country]

Appreciate the discussion.

Not sure if this applies, but CASE 4 is interesting in the below attachment. Would rather only use settings in the NICs if possible, but not being a network person have no idea if that is even feasible.

Best Practices for Using Multiple Network Interfaces (NICs) with NI Products

It is becoming commonplace to have more than one Ethernet adapter in a PC or embedded controller, especially in systems where wired and wireless adapters are both present. However, the presence of more than one Network Interface Card (NIC) can cause connectivity problems if each network...

www.ni.com

 

[biggen]

Appreciate the discussion.

Not sure if this applies, but CASE 4 is interesting in the below attachment. Would rather only use settings in the NICs if possible, but not being a network person have no idea if that is even feasible.

Best Practices for Using Multiple Network Interfaces (NICs) with NI Products

It is becoming commonplace to have more than one Ethernet adapter in a PC or embedded controller, especially in systems where wired and wireless adapters are both present. However, the presence of more than one Network Interface Card (NIC) can cause connectivity problems if each network...

www.ni.com

It's not rocket science. IP communications relies on routers/gateways at Layer 3. You must have a gateway listed to route any traffic to a different subnet. If you don't list one, then all your traffic will always stay on the local subnet and you can't talk to any other device except on that subnet.