Configuring NAT for Hyper-V VMs

PowerADM.com / Virtualization / Hyper-V / Configuring NAT for Hyper-V VMs

You can create a NAT (Network Address Translation) network for your virtual machines starting with the Hyper-V version on Windows Server 2016/Windows 10. This article will look at how to enable a NAT network for Hyper-V virtual machines using PowerShell.

Main NAT restrictions in Hyper-V:

  • You can create only one NAT network;
  • Additional services such as DNS and DHCP will not be available for a NAT network. This means that you will have to configure the network settings for your virtual machines behind a NAT network yourself;
  • You can configure Hyper-V NAT only from the PowerShell console.

Let’s see how to create and configure a NAT network using PowerShell.

Create a new virtual switch with the network type Internal:

New-VMSwitch -SwitchName "NAT_NET" -SwitchType Internal

This creates a new virtual adapter on the Hyper-V host. List host adapters with the command:

Get-NetAdapter

Remember the network interface index for your NAT network (ifIndex). In our example, this is 8.

create hyper-v NAT switch

Now you need to configure the network settings for this Hyper-V virtual interface. Please note that addressing virtual machines behind NAT will depend on these settings. This network adapter will act as their default gateway.

New-NetIPAddress -IPAddress 192.168.51.1 -PrefixLength 24 -InterfaceIndex 8
  • InterfaceIndex – Hyper-V NAT switch virtual interface number
  • PrefixLength – matches the subnet mask 255.255.255.0 (/24)

Now you can create a NAT network:

New-NetNat -Name "vHW_NAT" -InternalIPInterfaceAddressPrefix 192.168.51.0/24

In order to connect a virtual machine to the Hyper-V NAT network, you need to select the NAT_NET switch in its properties. You can switch your VMs to a NAT network using the Hyper-V Manager or with PowerShell:

Get-VM TestVM1,TestVM2|Get-VMNetworkAdapter| Connect-VMNetworkAdapter –SwitchName “NAT_NET”

Now you need to assign the correct IP address and DNS settings for the guest VM. You can deploy a separate host with DHCP and DNS services in a NAT network, or set the network adapter settings manually.

You can connect to the VM from a Hyper-V host via PowerShell Direct:

Enter-PSSession -VMName TestVM1

Now you can configure the guest network settings:

Get-NetAdapter
Get-NetIPAddress -InterfaceIndex 5
New-NetIpAddress -InterfaceIndex 5 -IpAddress 192.168.51.20 -PrefixLength 24 -DefaultGateway 192.168.51.1
Set-DNSClientServerAddress –InterfaceIndex 5 –ServerAddresses 192.168.10.15,8.8.8.8

Check that you have everything set up correctly:

Get-NetIPAddress -InterfaceIndex 5

Check the availability of external resources:

ping 8.8.8.8

You can forward a port from an external network (Hyper-V switch) to any of the virtual machines behind NAT. For example, we’ll redirect external port 22 (SSH) to one of the VMs:

Add-NetNatStaticMapping -NatName "vNAT_TestVM1_SSH" -Protocol TCP -ExternalIPAddress 0.0.0.0/24 -ExternalPort 22 -InternalIPAddress 192.168.51.20 -InternalPort 22

Now all TCP/22 traffic that comes to the Hyper-V host will be redirected to the corresponding port of the virtual machine behind NAT.

You can list all port forwarding rules in Hyper-V like this:

Get-NetNatStaticMapping

You can remove only one NAT address translation rule or all at once:

Remove-NetNatStaticMapping -StaticMappingID "vNAT_TestVM1_SSH"
Remove-NetNatStaticMapping

If you want to change the IP addressing in your NAT network, you will have to remove the NAT virtual switch and re-create it:

Remove-VMSwitch -SwitchName "NAT_VM"

I remind you that in Hyper-V there can be only one NAT network.

Leave a Reply

Your email address will not be published. Required fields are marked *