- Managing shared mailboxes in Office 365 with PowerShell - Thu, May 5 2016
- Managing shared mailboxes in Office 365 with the GUI - Wed, May 4 2016
- Installing and configuring the Enhanced Mitigation Experience Toolkit (EMET) - Wed, Mar 16 2016
Setting up NAT in Windows 10 has always been one of the shortcomings of Hyper-V on the Windows desktop OS when compared to other virtualization products such as VMware Workstation and Oracle VirtualBox. In the past, it was necessary to set up Internet connection sharing or use a VM running Windows Server with two NICs to share your computer’s Internet connection under NAT.
In previous versions of Hyper-V, three types of virtual switches exist: External, Internal, and Private. In Windows 10 Fall Update, a fourth switch, the NAT switch, is included. As of today, the NAT switch type can only be created using PowerShell. But, it’s pretty safe to assume it will make it into the GUI eventually.
Create the NAT switch
Creating the NAT switch is a two-part process. You’ll first need to create the switch and then configure the NAT object in the host OS. To create the virtual switch, open a PowerShell window with Admin rights and run the following command:
New-VMSwitch -Name "NAT" -SwitchType NAT -NATSubnetAddress 10.0.75.0/24
The -Name parameter sets the name of the new virtual switch. The –SwitchType parameter (which needs to be set to NAT) is what selects NAT as the switch type. The –NATSubnetAddress parameter sets the subnet that will be used on the NAT network. The virtual NIC that is created on the host computer will use the top address, .1, as its IP. In the example subnet I used, the virtual NIC will use 10.0.75.1.
Next, you’ll need to create the NAT object on the host system. In the same PowerShell window, run the following command:
New-NetNat –Name NAT –InternalIPInterfaceAddressPrefix 10.0.75.0/24
The -Name parameter sets the name for the NAT object. The –InternalIPInterfaceAddressPrefix parameter sets the subnet that NAT will use; it should be the same subnet that you used in the last command.
Configuring the NAT virtual switch with PowerShell
View the switch in the Virtual Switch Manager
In Hyper-V Manager, go to Virtual Switch Manager to see your new virtual switch named “NAT.” The GUI doesn’t recognize the new switch type and shows it as an Internal switch. An Internal switch allows the VMs on the host system to communicate with each other as well as with the host system. So, it makes sense that it would see the switch this way—at least until the GUI is updated.
NAT virtual switch in Hyper-V Virtual Switch Manager
View the new vEthernet adapter
The process of adding the new NAT switch will also create a new vEthernet adapter on the system. If you open the properties of the virtual NIC, it should show the IP address 10.0.75.1. This address can be used as the default gateway on VMs connected to the switch.
New vEthernet adapter created on the Hyper-V host
Configure the VM manually
After you configure a VM to use the NAT virtual switch, you will need to manually configure the network settings for the VM. Unfortunately, the built-in NAT switch doesn’t include a DHCP server for automatic network configuration. In my example VM below, I’ve configured the gateway to 10.0.75.1 and used 10.0.75.10 as the IP address of the VM. For a DNS server, I’ve used Google’s public DNS server, 8.8.8.8.
Manually configuring the Hyper-V VM
Obviously, you’re not going to want to manually configure all of your VMs that use the NAT switch. One option if you’re already running a small lab on your Windows 10 system is to use DHCP on a Windows Server. If you don’t want to run a full server for DHCP, I’ve found one other option.
DHCP Server for Windows
You can use a small, freeware, DHCP server called DHCP Server for Windows for providing DHCP to your NAT network in Hyper-V. After you download the software, extract it and run the dhcpwiz.exe utility to configure the server.
First, select the network interface vEthernet (NAT). Good news: the GUI does a good job of warning you about setting up a DHCP server on a NIC that is already receiving an IP address through DHCP.
Selecting the vEthernet NAT network interface
Set the pool of IP addresses you want to use as well as a lease time. When you’re done, make sure you click the Advanced… button.
Setting the pool of IP addresses in DHCP Server for Windows
In Advanced Configuration, you’ll need to configure your gateway (10.0.75.1) and DNS servers.
Configuring DNS and gateway in Advanced Configuration
In the final screen of the wizard, click the Write INI file button to save your settings to an .ini file and then click Next.
Once you’re done, the control application, dhcpsrv.exe, should run automatically. If it doesn’t, the executable is in the same folder as the setup wizard.
DHCP Server for Windows control application
You’ll first need to click the Admin… button to run the executable with Admin rights (if you didn’t already). In this utility, you can set the Windows Firewall rules necessary to run the DHCP server. You can also install the executable as a service and start/stop it from running. After you’ve installed it as a service and started the service, you’re ready to start using NAT with your VMs on Hyper-V.
Works great! Any means of defining port forwarding rules across the NAT switch? I have two vms listening on port 22… how can I get to them from the host machine? Thank you.
The following powershell as administrator worked today for me in Win 10 Enterprise:
Add-NetNatStaticMapping -NatName NAT -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 10.0.75.X -InternalPort 22 -ExternalPort 20122
Get-NetNatStaticMapping
Source: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/container_networking
Note: localhost loopback did not work for me though. That is, in the Hyper-V host I had to use 10.0.75.X:22, I could not use 127.0.0.1:20122 or pubip:20122 that worked from other systems on the network (don’t forget to open 20122 in your host firewall); but I’ll take it!
This seems to be known as “container networking”, for search in case that source is lost.
Danger guys: windows preview users are reporting in April 2016 that they may have just gotten a build that guys this Microsoft NAT VMSwitch may be getting revoked. Keep an eye at April comments over at http://www.thomasmaurer.ch/2015/11/hyper-v-virtual-switch-using-nat-configuration
The Preview builds have always had a bad habit of breaking Hyper-V Virtual Switches… I really wish they would get that straightened out.
Two years late, but for posterity, the following article seems to cover exactly what you’re after, and there is no mention of Docker and container networking, two terms I find very misleading and beside the point, which probably distract more than they help, since we’re talking about NAT in pure form:
https://www.petri.com/create-nat-rules-hyper-v-nat-virtual-switch
Hope someone in dire need to forward ports sees this 🙂
Very helpful article, thank you. How come setting up a new NetNat does not require to specify the public IP to be used by the NAT? Which IP would be used by default?
I would also love to see an example of how to set up a port forwarding. I tried but didn’t get very far (http://stackoverflow.com/questions/34238308/set-up-port-forwarding-on-windows-10-nat-virtual-switch).
Hello,
Thanks for the post this feature is really interesting as it allows IT Pro to use Windows 10 instead of Windows Server for test VM. I’ve a question, is there a way to use the NAT object for any non-Hyper-V adapter. For example with the Windows Wi-Fi Hosted network feature as with RRAS? Thanks you!
That’s really outside the scope of this article. In theory, it should work… but you’re most likely treading into territory that is unsupported by Microsoft. RRAS on its own is capable of doing NAT.
Thx for your answer !
Actually, the idea is, indeed, to use the NAT Object for Hyper-V VMs AND share it with any other private network and the Wi-Fi Hosted Network in particular allowing, for example, a Tablet to access Internet AND VMs for Demonstration purposes.
For now, I didn’t succeed to make it works this way as I suspect the NAT HPV Virtual Switch type to have something more than the “regular” Internal VS one.
Regards.
Hi Kyle:
In windows 10, we could use NAT switch, but in previous versions, there is only NetNat module, not NAT switch, do you know how to set NAT using NetNat without NAT switch?
And it seems that most people prefer RRAS, do you ever tried RRAS in windows 10 for those vms?
worked like a charm.
I found that this did not work until I created the NAT gateway with “New-NetIPAddress -IPAddress <GatewayIP> -PrefixLength 24 -InterfaceIndex <The ifIndex of vEthernet (your VMSwitch SwitchName) found using Get-NetAdapter>”
Reference: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/setup_nat_network
I was fighting with the issue for a couple of hours until I stumbled upon this tutorial. It fixed the hyper-v wifi issue immediately for me.
The new Anniversary Update for Windows broke this feature !
@Mastaba
I can confirm build 1607 breaks this feature.
It seems related to
https://blogs.technet.microsoft.com/virtualization/2016/05/14/what-happened-to-the-nat-vmswitch/
Still to find an alternative (Did someone say VMware or Virtualbox ?)
Found this:
https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/setup_nat_network
Confirm that these commands work on Windows 10 build 1607 (aka “Anniversary Update”):
Bye!
I’ve been battling Hyper-V connectivity as well and finally found a workaround for the seriously missing NAT capability I like from VMWare. Here’s a simple workaround. I don’t want to call it a solution because this is something Microsoft will need to provide. I consider this a major gap in usability for Hyper-V on Windows 10.
Steps:
1 – Install VMWare 6.0.7. Nothing else you need to do with VMWare, we just need the VMnet8 NAT adapter.
2 – Use the Hyper-V Virtual Switch Manager to create an external switch connected to the adapter created by the VMPlayer install identified by VMnet8 (NAT adapter).
3 – In your VM network setting, select the VSwitch you created in step 2.
4 – Fire up your VM and you’re off to the races.
No need to use PowerShell, soon unsupported NAT options…
Cheers, I hope this helps anyone else looking for a workaround.
I just found this blog post from Thomas Vochten detailing the same VMware based workaround. He has an update note from 17/12/2015 that the workaround is obsolete with the latest Windows 10 builds.
I can confirm it still works with 10.0.10586. I’ll reply here if the Windows 10 Anniversary Build update breaks this workaround.
In addition, from my guest VM I also need access to my companies internal network resources through a VPN connection on my laptop (the Hyper-V host). The VMware NAT workaround detailed also supports this network access without a problem.
Cheers,
John
Tried without much luck (via Vagrant) ,Vmware Workstation vSwitch and Win 10 (1o.0.14393 , already with Anniversary update). I ended up configuring new vNIC and vSwitch, basically followed after instructions in https://quotidian-ennui.github.io/blog/2016/08/17/vagrant-windows10-hyperv/
Hi,
Does anyone know if it’s possible to block access to the Hyper-V host’s network (i.e. the LAN) whilst still providing VM guest access to the internet?
Cheers,
Kev
For every new feature, I always come up with something crazy missing…
I have several internal networks, different segments, 10.0.0.0/8, 192.168.19.0/24, 172.19.0.0/16 and I want them all to have access to internet, so I can get my Linux apps, update and etc. Be able to test Lync/Skype4B upgrade with multiple sites. Fun stuff.
I try to add a second segment to the NAT and it chokes on it every time, the error is simply invalid parameter, but which parameter? I figured it just doesn’t like the idea.
the windows 10 1809 doesn't have NAT option anymore. the only allowed values for -SwitchType are Internal or Private
https://docs.microsoft.com/en-us/virtualization/community/team-blog/2016/20160514-what-happened-to-the-nat-vmswitch
Check David's comment above for the upgraded ps script.
Also, for details refer link https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/setup-nat-network
after the Microsoft Windows 10 Pro 10.0.18362 Build 18362 release the GUI can now create the VMswitch from scratch. But it cannot remove the default v-switch which seems to be the cause of my sandbox lack of internet. The sandbox keeps trying to only use the default and refuses to pickup any new V-switch I create. I disabled and removed it with the PowerShell commands but it is still visible in the VM manager and somehow to the Windows Sandbox.