Adding NAT rules to Hyper-V Default Switch

Hello,

I've got a Linux VM running on Hyper-V to which I'd like to be able to SSH from the rest of my home network. I'm using the internal Default Switch but all I need is for it to forward the inbound SSH to the VM at port 22.

So, I attempted the following but it kept stating ObjectNotFound. Also tried "vEthernet(Default Switch)" but no change.

Code:

Add-NetNatStaticMapping -ExternalIPAddress "192.168.1.0/24" -ExternalPort 22 -Protocol TCP -InternalIPAddress "172.29.65.11" -InternalPort 22 -NatName "Default Switch"

The tutorials I've read keep stating to create a new internal virtual switch. Does the Default Switch not support NAT rules?

Thank you.

This is how I setup my NAT switch on HyperV

New-VMSwitch –SwitchName “NAT-Switch” –SwitchType Internal –Verbose

Get-NetAdapter
----get ifIndex number for new Nat-Switch. Mine was 57

New-NetIPAddress –IPAddress 192.168.200.1 -PrefixLength 24 -InterfaceIndex 57 –Verbose

New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix 192.168.200.0/24 –Verbose


Thus, I am setting up a network of 192.168.200.0/24, with my Host interface (Default gateway for VM's) being 192.168.200.1
You can obviously use a different range if you would like to.

pparks1 said:

This is how I setup my NAT switch on HyperV

New-VMSwitch –SwitchName “NAT-Switch” –SwitchType Internal –Verbose

Get-NetAdapter
----get ifIndex number for new Nat-Switch. Mine was 57

New-NetIPAddress –IPAddress 192.168.200.1 -PrefixLength 24 -InterfaceIndex 57 –Verbose

New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix 192.168.200.0/24 –Verbose


Thus, I am setting up a network of 192.168.200.0/24, with my Host interface (Default gateway for VM's) being 192.168.200.1
You can obviously use a different range if you would like to.

I don't think you read my post. I'm aware of that already.

As I said, the tutorials I've read suggested to create a new internal virtual switch -- exactly like you've shown here.

But my question was why do I need to create a new switch? Can I not add the NAT rule (the one I stated) to the Default Switch instead?

I don't think that the default-switch provided by HyperV can be modified in any way. In older versions of Hyper-V you didn't get a default switch and instead had to create your own external switch to gain access to the outside world. In Windows 10 1607+, they added in a virtual switch supporting NAT to make it super easy to spin up a machine that had access to your host computer as well as the Internet. But I think to keep it straight-forward and working, you don't have any ability to modify it. If you look at it via the GUI, you will see that everything is greyed out.

Therefore, in order to be able to setup and control IP address ranges and such, we all create a new HyperV NAT switch and modify it.

pparks1 said:

I don't think that the default-switch provided by HyperV can be modified in any way. In older versions of Hyper-V you didn't get a default switch and instead had to create your own external switch to gain access to the outside world. In Windows 10 1607+, they added in a virtual switch supporting NAT to make it super easy to spin up a machine that had access to your host computer as well as the Internet. But I think to keep it straight-forward and working, you don't have any ability to modify it. If you look at it via the GUI, you will see that everything is greyed out.

Therefore, in order to be able to setup and control IP address ranges and such, we all create a new HyperV NAT switch and modify it.

Ah okay, that makes sense. I was trying to be strict with my approach; didn't want to create a new switch unless I have to which, in this case, I suppose I do.

So, your instructions and my static NAT rule work. Well, sort of...the VM doesn't get the Internet though. Is that by design?

Somehow, the Default Switch has made things look really easy, hasn't it? But replicating it seems a bit difficult.

Thank you.

- - - Updated - - -

cereberus said:

It would be easier to use an external switch and install xrdp so vm can act as an tdp server. Then connect to it using rdp.

If you use an external switch, the vm is on the same subnet as host and thus does not need port forwarding.

Yes, might have to if this doesn't work lol. Still playing around it the config for now though.
All I need is the SSH to the VM. Not bothered about the GUI side of things.

raava said:

So, your instructions and my static NAT rule work. Well, sort of...the VM doesn't get the Internet though. Is that by design?

No, boxes on the NAT switch should hit the Internet no problem. Guess my first question would be to ascertain whether you have network access and just not DNS. If you boot into a VM and open a command prompt, can you type, ping 8.8.8.8 and do you get replies or timeouts? You should get 4 replies.

pparks1 said:

No, boxes on the NAT switch should hit the Internet no problem. Guess my first question would be to ascertain whether you have network access and just not DNS. If you boot into a VM and open a command prompt, can you type, ping 8.8.8.8 and do you get replies or timeouts? You should get 4 replies.

Okay, it's all working now!
I read it in the Microsoft article that WinNAT doesn't assign IP addresses so I manually did it in the VM along with gateway and DNS addresses. Then, I restarted the network service and et voila, it went live.

The port forwarding static rule works too. Now I can SSH into it from anywhere in the network.

Btw, I really can't figure this out...but do you know why Windows has created two virtual network adapters even though I had only done one?
I created a switch NATSwitch but it's done vEthernet(NATSwitch) and vEthernet(vEthernet(NATS).

Perhaps the former's a vswitch and the latter a vnic attached to the switch?? But then I can't find/see anywhere the association of the vnic with the VM?

Thank you.

- - - Updated - - -

cereberus said:

Pretty sure you will need xrdp

TenForums.com - Remote Desktop Windows 10 to Linux to Windows 10 - YouTube

No, I don't. Why on earth would I need xrdp to SSH into a Linux VM? lol

All I need is Putty and that's what I'm using now.

I only have 2 vSwitches setup on my host, one for my external switch and another for my NAT.


Glad you figured out you had to set the IP addresses statically.