question

karezza avatar image
0 Votes"
karezza asked DSPatrick commented

route to allow local lan access to vms using hyper-v 'internal' virtual switch

My local lan is 192.168.1., I wanted to setup another ip range 192.168.100. in hyper-v using virtual switch so I did the following on windows server 2019:

Via Powershell:
New-VMSwitch -SwitchName "k-dmz" -SwitchType Internal
New-NetIPAddress -IPAddress 192.168.100.1 -PrefixLength 24 -InterfaceAlias "vEthernet (k-dmz)"
New-NetNAT -Name "k-dmz" -InternalIPInterfaceAddressPrefix 192.168.100.0/24

This worked & I can access VMs using the virtual switch from the hyper-v host system, however, as expected it is not possible for systems using the local lan 192.168.1.* to access the VMs. Only the host system running hyper-v can access the VMs.

I've used my local router, and have also tried adding routes on my client systems on the local lan. The traffic destined for 192.168.100. gets routed to the hosting system running hyper-v but the traffic does not reach the VMs running on the 192.168.100. subnet.

I set this after finding an article telling me to do so:
Set-ItemProperty -Path HKLM:\system\CurrentControlSet\services\Tcpip\Parameters -Name IpEnableRouter -Value 1

I enabled the service 'Routing and Remote Access' which is disabled by default, after an article told me to do so.

I installed the role 'Remote Access' and when configuring enabled the "LAN" option. I did reboots after performing each technique.

I also tried disabling the firewall completely, without noticing any improvements.

I can actually see the "Incoming bytes" of my Interface increasing when viewing in the Routing and Remote Access console if I try to connect to a VM on the 192.168.100.* subnet. The bytes increase as would be expected when I try to connect to a VM in the network, but the connection is not established.

tracepath shows that from a client system on the local lan the traffic is routed to the hyper-v host and then to the ip of the vm, but any attempt to connect to the vm timesout. Since I can connect to the VM from the hyper-v host system I believe we can eliminate a firewall on the target VM as being the issue.

I must be missing a step. What additional step is required to setup a route to the VMs running on the hyper-v host? I can take care of setting up a route on my router, or adding a route on my client systems, but something seems to be stopping the traffic on the hyper-v host itsself.

windows-server-2019windows-server-hyper-v
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

karezza avatar image
0 Votes"
karezza answered DSPatrick commented

I ended up using the two nic technique with a linux vm:
- disabled the firewall
- enabled ip_forward
- set all vms on the subnet to use the two nic vm as their gateway

Thank you for your help to go with the two nics, seems like there should be an easier way, but this works.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--







0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered karezza commented

You can configure a dedicated virtual machine to route between the internal and external vSwitches.
https://www.dell.com/support/kbdoc/en-us/000118763/configuring-windows-server-2012-r2-as-a-router

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

thank you for taking the time to assist. I've investigated your suggestion.

The article is how to connect a local lan to the internet via Windows Server 2012 as a router using a NAT.

This doesn't solve the issue. I'm trying to access a ip range different from the local lan which exists in via a virtual switch in hyper-v.

It may in the right direction though, giving a VM two nics with the 2nd being connected to the local lan does seem like it would work if the routing were set up correctly. I've added a 2nd nic to the VM which is attached to the local lan and am working to configure the routing. So far no luck, working on it.

0 Votes 0 ·