#Configure a second network card without a gateway

Hello, I have two network cards on my Home Assistant. One is connected to the internet (HTTPS, HTTP, NTP, DNS), the other is a pure island network and has neither an internet connection nor a DNS server. There is no gateway either, and that's intended. In an older version, you could enter "null" for the gateway. This is no longer possible with the system I'm currently installing. However, it should be possible to connect to a separate network without entering a gateway and DNS. This even works fine under Windows and Linux. Does anyone have any idea what I can do? Simply entering a gateway and DNS that don't exist is theoretically possible, but it's not a clean solution and constantly reports errors that the addresses are unreachable.

What use would a NIC configured like that be?

In industry, it's standard practice for subnetworks to be operated independently behind servers.
This way, participants such as PLCs are connected to servers via their own network cards.

However, these islands have no direct external connection. Often, these networks don't even have a DNS server. That wouldn't be a problem, though. But there is no gateway.

Here's an example of a network found in almost every larger facility. It also makes sense to separate networks in this way at home, especially if you don't have VLAN-capable switches.

A couple of things I think you can try:

1). Change the netmask to 255.255.255.255 (i.e. make it a single IP network).
2). Try using the NIC IP address for Gateway

Thank you for the answer. It's true that this network mask (255.255.255.255) describes a single host. I haven't tried it yet, but from a purely technical network perspective, communication shouldn't be possible at all.

The network mask defines both the network portion and the number of possible hosts in that network, and communication isn't possible with a 32-mask. I can test it, but I would be very surprised, and it would also be incorrect behavior.

Ultimately, there's no reason to check the gateway and DNS entries, as I don't necessarily need either for a functioning network. That's why it's not a required entry on any other system I know of.

On the contrary, a second gateway as a mandatory entry makes no sense insofar as I would then also have to define a default gateway. Having a gateway on two interfaces without being able to configure its own routing or at least a default gateway is definitely technically incorrect.
How is the device with a second gateway supposed to know which interface to send the packet over if there's a gateway with the same priority on each one? Absolutely not, so there must be a solution for that.

You are confusing things, you say you don't need a functioning network and hence why its not a required entry. If it is not required then why are you even putting in an IP Address in the first place? A simple fact is that the NIC needs an IP address so the local host knows to send data to that hardware.

Of course, I need a functioning network. I actually need two, on two different interfaces. You can see that in the first image.

The first interface, of course, has a gateway (my OPNsense) and a DNS server (AdGuard). Both are automatically assigned via a DHCP server using a static lease.

The second interface communicates with devices behind Home Assistant in their own separate network. These devices have no internet access, therefore they don't need a gateway, and a DNS server isn't necessary either. What I meant above is that a network doesn't rely on a gateway and DNS to function properly, and in many cases, especially in industries where security is important, that's exactly what's intended.

Network card 1:
IP: 192.168.1.132
Mask: 255.255.255.0 (24)
Gateway: 192.168.1.1 (OPNsense)
DNS: 192.168.1.100 (AdGuard)

Network card 2:
IP: 192.168.2.132
Mask: 255.255.255.0 (24)

This is a completely normal configuration, but it cannot be configured. On the contrary, it makes no sense to configure a gateway on the second network card at all, as the entire system would then no longer know which interface a packet should be sent over (outside of the directly accessible networks 192.168.1.0/24 and 192.168.2.0/24).

Ok, so we are on the same page that the NIC needs an IP address. However, to communicate with other NIC's it will need to be in a subnet large enough for all those NIC's. So, please ignore my suggestion of changing the netmask.

You could use a dummy gateway, but as we know that could cause routing confusion.

I believe Home Assistant use nmcli under the hood so you should be able to confiure this via SSH or the Terminal & SSH add-on.

1). Identify the Nics

nmcli device status

2). Creat a new connection for the second NIC (replace eth1 with your actual interface):

nmcli con add type ethernet con-name eth1-local ifname eth1 ipv4.method manual ipv4.addresses 192.168.1.132/24

3). Ensure no gateway is set:

nmcli con modify eth1-local ipv4.gateway ""

4). Bring the connection up

nmcli con up eth1-local

I should add, that I did use a named connection (eth1-local) so it should survive a reboot. However, making changes to the network config via the UI may overwrite this. Therefore, try not to use the default connection name for the NIC.

Yes, we absolutely agree :). I've been working as a network engineer and cyber-security technician for over 20 years. All I do all day is configure and monitor networks.

I don't know exactly which version changed it, but Home Assistant's behavior is technically incorrect. That's a fact, but unfortunately, probably no one here who can influence it will read it.

It's likely that the field or message only appears in the GUI, as it still works on my other system even after the update. The field for gateway and DNS is empty. I won't click it, though, as I'm sure I'll get the message there as well.

Your option of changing it via SSH in the system will probably work. I'll test it tomorrow and give feedback. It would still be nice, though, if it could be configured via the GUI. Especially since a configuration is currently required here, which leads to technical problems. Two gateways on two interfaces, as Home Assistant requires, will cause problems without the option to set a priority or routing table.

Thank you so far 🙂

I also think it is due to changes in the GUI and I do recommend you file a bug report / feature request.

As nmcli is a shell command, it should also be possible to set-this up via an Automation on the homeassistant start event - you could then use an Input_Text helper to store the IP making it somewhat configurable.

This is a common theme, I’ve found, of projects and products being dumbed down to the common use case. I run HA in a container to try to insulate me from this kind of issue. Please file your bug.
An obvious use-case is any IoT type product being on an isolated network. The isolated network could still have a DHCP server on it, serving gateway less and DNS server less hosts, like lightbulbs or whatever. HA will still be able to interact with them, and they with HA. Just not route out.
The key thing is the UI should allow complete flexibility in the setup. It can guide, sure, but not dictate. “Are you sure you don’t want to set a gateway on that network?” Etc. Though some techs would balk at that suggestion.
(I once used a product that only supported /8, /16 and /24 networks. Was the strangest thing.)

That's exactly how it is! However, for me, it's a common use case to operate devices in an isolated network that shouldn't otherwise communicate with any other device or the internet.

As you say, such completely normal settings should also be adjustable via the GUI. I'd be happy with this, even with a query asking if you really want to have this, or simply switching to expert mode.
In simple mode, the netmask wouldn't even have to be displayed, because I'd argue that 99.9% of private networks run on /24. How is the average user supposed to know that they can set, for example, 255.255.255.248 (/29) and 255.255.255.252 (/30), but not 255.255.255.250?
But in any case, more experienced users must be able to make such essential settings without having to change them in the system via SSH.

The biggest problem I see is that not only is a setting currently being enforced that isn't absolutely necessary, but that this required setting actually causes technical problems. As has been stated several times, a second gateway without the option to set a default gateway or static routing automatically leads to problems.