Setting up Hyper-V with NAT
This post was originally posted by me at http://forums.serverbeach.com/showthread.php?t=6411.
I’ve edited out the ServerBeach specific stuff and will post pictures…. soonish.
The following link has some great pictures not included here. http://sqlblog.com/blogs/john_paul_c…h-hyper-v.aspx
I’ll add some nice little pictures here once I get some screenshots together.
1. Configure an “Internal” HyperV network
2. Set each Virtual Machine to use the Internal network and assign them and your HyperV host on the correct subnet (in this example 10.0.0.1 for the host and 10.0.0.10 for the VM).
ENABLE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE
1. Click -> Start -> Administrative Tools -> Routing and Remote Access
2. Right Click on Server#### (local) -> Configure & Enable Routing & Remote Access
3. Click -> Next on Welcome Window
4. Select Custom Configuration Click -> Next
5. Select NAT Click -> Next
6. Select your public interface
7. Select your Internal HyperV interface
8. Select “I will set up name and address services later” Click -> Next
9. Click -> Finish
CONFIGURE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE
1. Routing and Remote Access should be running on the server now
2. Expand out the Server
3. Expand out IP Routing
4. Select NAT/Basic Firewall
5. Right-click your public interface. Select properties
7. Network Address Translation Properties Window will open
8. Select Radio Button for “Public Interface Connected to the Internet”
9. Select the check box for both “Enable NAT on this interface”
10. Click on the Address Pool Tab
11. Click the Add button and add your secondary IP addresses. The “Start Address” and “End Address” will be the same in most cases.
*NOTE* You do not want the secondary IP address configured in the TCP/IP Properties of the Host machine.
12. Click the Reservations button and enter your static IP mappings. That is, specify that you want traffic on your secondary IP mapped to your VM’s internal IP.
13. In services.msc, make sure that RRAS is set to start automatically and Windows ICS is disabled.
When configuring and experimenting with the RRAS firewall, create a batch file to stop the service in case you forget to allow RDC or otherwise render the system inaccessible.
net stop “remoteaccess”
Then add the batch file to the scheduler and have it run some time after you apply your changes.
RRAS is really finicky about the interfaces installed on the server. If an interface is changed in any significant way, it’ll have to be disabled and reconfigured.
Hyper-V is also similarly finicky about its virtual networks. I can’t count the number of times I had to remove and recreate networks. Thankfully, this was rather painless with only one VM to propagate changes to.
If you should encounter any difficulties with adding your additional VMs to the server, try resetting HyperV networking, individual VM network binding (in the VM’s settings), confirming physical host interfaces, and then reconfiguring RRAS in this order.
Those who have had HyperV configuration problems solved it by disabling TCP/Offload Engine. Symptoms include, RRAS just not working, or working sporadically. If in doubt, disable TCP/Offload Engine
So if this applies to you, run on the host and on any 2008 VMs:
$ netsh int ip set global taskoffload=disabled
and add the following registry key to any 2003 VMs:
This is a DWORD entry that should have a value of 1.