Windows 10 – Hyper-V and NAT [Quick Guide]
You probably also know that since Windows 8, Edition PRO and higher, Microsoft offers a variation of Hyper-V for client computers (included in the Windows PRO and Enterprise license).
Usually, as a trainer systems and networks, I tend to advocate Virtualbox, less ‘silo’, free and therefore more accessible to neophytes. If you have a few dollars to spend, the vmware Workstation solution is an excellent investment (as long as you are not resistant to the language of Shakespeare)
in fact, historically Hyper-V is a hypervisor ‘comparable’ to the famous Vmware ESX for which you must ensure yourself, the service networks or other functions copy and paste between virtual machines and the “rest of the world.”
Well, now that I wanted to share with you is a new ability appeared on Windows 10 ≥ 1511-1607, certainly via Powershell, whose Hyper-V can take full advantage. This is to declare a network virtual type “NAT”, intended to offer “Internet” access to your expensive VMS to be isolated, without connecting them directly to an external network, or share the connection.
II. Implementation and configuration of the NAT
some operations could be performed via the GUI, but let’s make the essential command-line:-D. So in the first place, open a Powershell console mode Administrator
A. creating a new Hyper-V virtual switch
enter the following command:
New-VMSwitch - Name "NAT - VM" - SwitchType NAT - NATSubnetAddress 192.168.10.0/24
Si you open the Hyper-V management console at the same time, you will see the emergence of a new type virtual switch “ internal”
reminder, this type of connection “ internal network” allows to connect the host (physical machine) to virtual machines that are connected.
(B) activating the feature of NAT gateway
now enter this famous ‘magical’ next command:
New-NetNat - Name NAT - VM - InternalIPInterfaceAddressPrefix 192.168.10.0/24
If you look on the side of the network configuration, you will see interface “ vEthernet (NAT – VM) ‘ now for an IP (the first of the specified addressing scheme)
optional : To change the address of the NAT gateway, it is possible to use the following command:
New-NetIPAddress - IPAddress 192.168.10.1 - PrefixLength 24 - InterfaceAlias "vEthernet (NAT - VM)"
this information is visible and editable in the properties of the corresponding interface to the virtual switch we just declare
C. Configuration of virtual machines
at this stage, your NAT router is ready, but it lacks a DHCP service. Which requires you to manually configure your virtual machines by stipulating an IP 192.168.10.x / 255.255.255.0 and default gateway on each 192.168.10.1
make sure that Internet accessibility is available.
alternative: Installation of a DHCP on Windows 10 service
Microsoft offers no solution for its customers but you versions can opt for the following small application:
the installation of this program is relatively simple. To do this, simply download archive and unlock the .zip file:
then do an extraction of the contents to a folder any such as “ C:OutilsDHCP-Server ”
run the configuration wizard “ dhcpwiz.exe ‘ then click on ‘ according to ”
different network interfaces are then displayed. The column ‘ DHCP “indicates the networks on which the automatic configuration via DHCP is already active.
Select the corresponding interface to your previously configured NAT router and then click on “ next “. ”
As mentioned, be careful not to select an interface on which a DHCP service would already be active (Enabled) at the risk of disrupting a production infrastructure.
this program provides a basic DHCP service, but can also support the functions of web server, TFTP and DNS redirector.
Initially, we will not activate these features (you can return to it later on). Click on “ in “. ”
However, if you have a virtual domain controller, you can already enter its IP address in the DNS of this interface field or later state this at the level of DHCP options.
The next screen is one of the most important for the topic that interests us. Namely, the configuration of the address range and this DHCP service options.
At a minimum, you need to define / confirm the desired range under “ IP-Pool “. ” The other settings and DHCP options are intended for specialists.
To set the main options, click on the button “ Advanced…”. “
minimum, enter the address of the default gateway (Option ‘ 03 / Router ‘) stipulating the leg of your NAT router” 192.168.10.1 “, then click on” OK “
you can then validate these settings which will be entered in a text along .ini file.” (Easily changed afterwards).
Possibly check the values, click on ‘ Write INI file ‘ then click on ‘ according to “.”
Click on the button “ Admin ” in order to elevate privileges for the execution of the DHCP service during this phase of Setup.
Click on “ Install ‘ (to install this program as a permanent service)
then click on” Start “
the status of the service” Status “must mention” Running “
then click on the button ‘ Configure ‘ area ‘ Firewall exceptions “.»»
The status of the firewall “ Status ” must mention “ Configured “. ”
For the curious, you can open the advanced firewall Manager (wf.msc) and see that this action generates rules on the program dchpsrv.exe 6/TCP and UDP/17 on each profile, either 6 new rules altogether.
Click on “ Exit” to return to the wizard.
Click on ‘ complete ‘
click on ‘ Exit ‘
this tool works as a Windows service and you can act on needed .ini configuration file. ” However, for better ease of use, you can store a control icon in the notification area.
You can now take advantage of DHCP in your virtual environment and test its operation. If your host for in Internet access, the VMs should be able to benefit also.
D. Configuration (optional) the NAT rules
you probably know that by default, a NAT router is a “bulwark” against the incoming connections. To access a service, such as a Web server, located on the side ‘Private’, (in this case, a virtual machine), it is necessary to “publish” an external port.
For this, we will again use Powershell. Just imagine that a Web server is installed on our machine “192.168.10.10”, simply enter the following command:
Add-NetNatStaticMapping - NatName "NAT - VM" - Protocol TCP - ExternalIPAddress 0.0.0.0 - 192.168.10.10 - 80 - ExternalPort 80 InternalPort InternalIPAddress
- 0.0.0.0 – indicates that all external addresses are allowed to borrow this port.
- The internal and external port, 80, may be different.
You can set up as many rules as you like but remember to also enable firewall on virtual machines concerned 🙂 incoming rules.
and here, a nice prototyping environment offered to you
good luck to all.