Setup NAT (Network Address Translation) on Hyper-V.
Вставка
- Опубліковано 2 жов 2020
- Although Hyper-V now provides a preconfigured "Default Switch" to ease networking for VMs, it assigns dynamic addresses and doesn't provide a way to configure static IPs.
In this video, we will discuss the process of setting up a virtual switch and a NAT to gain control over static IP allocation to Hyper-V VMs and facilitate their LAN/Internet access. This technique can be used both on Windows 10 and Windows Server Hyper-V.
This is part of a bigger series where we will install Kubernetes (from scratch) on multiple CentOS VMs hosted on Hyper-V. Setting up a custom NAT and switch will help us set up a robust network infrastructure for our cluster.
My Other Videos:
► Cilium Kubernetes CNI Provider, Part 1: Overview of eBPF and Cilium and the Installation Process • Cilium Kubernetes CNI ...
►Cilium Kubernetes CNI Provider, Part 2: Security Policies and Observability Leveraging Hubble
• Cilium Kubernetes CNI ...
► Cilium Kubernetes CNI Provider, Part 3: Cluster Mesh
• Cilium Kubernetes CNI ...
► What is VXLAN and How It is Used as an Overlay Network in Kubernetes?
• What is VXLAN and How ...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 2- Join Linux Machines to AD:
• Managing Linux Logins,...
► Managing Linux Log-ins, Users, and Machines in Active Directory (AD): Part 1- Setup AD:
• Managing Linux Logins,...
► Sharing Resources between Windows and Linux:
• Sharing Resources betw...
► Kubernetes kube-proxy Modes: iptables and ipvs, Deep Dive:
• Kubernetes kube-proxy ...
►Kubernetes: Configuration as Data: Environment Variables, ConfigMaps, and Secrets:
• Kubernetes: Configurat...
►Configuring and Managing Storage in Kubernetes:
• Configuring and Managi...
► Istio Service Mesh - Securing Kubernetes Workloads:
• Istio Service Mesh - S...
► Istio Service Mesh - Intro
• Istio Service Mesh (si...
► Understanding Kubernetes Networking. Part 6: Calico Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 5: Intro to Kubernetes Network Policies:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 4: Kubernetes Services:
• Kubernetes services - ...
► Understanding Kubernetes Networking Part 3: Calico Kubernetes CNI Provider in-depth:
• Understanding Kubernet...
► Understanding Kubernetes Networking. Part 2: POD Network, CNI, and Flannel CNI: Plug-in: • Understanding Kubernet...
►Understanding Kubernetes Networking. Part 1: Container Networking: • Video
► A Docker and Kubernetes tutorial for beginners:
• A Docker and Kubernete...
► Setup a "Docker-less" Multi-node Kubernetes Cluster On Ubuntu Server:
• Setup a "Docker-less" ...
►Step by Step Instructions on Setting up Multi-Node Kubernetes Cluster on CentOS: • Step by Step Instructi...
►Setup and Configure CentOS Linux Server on A Windows 10 Hypervisor - UA-cam: • Setup and Configure Ce...
► Enable Nested Virtualization on Windows to run WSL 2 (Linux) and Hyper-V on a VM: • Enable Nested Virtuali...
►Setup a Multi-Node MicroK8S Cluster on Windows 10: • Setup a Multi Node Mic...
► Detailed Windows Terminal, (WSL 2), Linux, Docker, and Kubernetes Install Guide on Windows 10:
• Detailed Windows Termi... - Наука та технологія
All your teaching videos are so great, very detailed and giving practical guide!!!! We really like your teaching style. Expect more videos on tech subjects from you. Thank you!
Thank you very much! Glad they are helpful. Thanks again!
Thank you, I finally understand a good use for an internal vs external switch.
Glad it helped!
Thank you for sharing! Very helpful information.. keep up the good work!
Thanks for watching!
Thanks for this wonderful video.
This was very helpful. Thank you!
Thank you and glad it was helpful!
Thanks. Well-presented and useful.
Thank you very much for the kind words and glad you fount it useful!
This is really helpful, thank you man
Hi Yousf thank you and glad to hear you found it useful.
It really helped. :)
Thank you.
Glad to hear that!. Thank you for the feedback.
This is Perfect , Thank you
You are one person whom video really helped me. Thanks a lot! :)
Very welcome!
Thank you so much. This was helpful.
Glad it was helpful!
thank you so much
Thank you, that was very helpful. Question: are there any special considerations for a microk8s ubuntu vm? I edited the yaml file under /etc/netplan/ and then ran sudo netplan apply. It seems to work well, but just want to make sure it was done the proper way. Thanks!
Hi Edgar, thanks for your feedback and glad it was helpful! Netplan is the correct way to set network attributes on Ubuntu.
thank you man
Hi Hasantha, welcome!, Gald you found it useful.
this video helped me a lot, thx sir.
it's weird i have internet behind the NAT, i can't ping outside but in can connect with ssh, i thought i needed to port forward port 22 ssh.
Hi, thanks for your feedback. So, your issue is that outward traffic from VMs doesn't work? Could you explain a bit more? Like you are not able to visit a site on the internet through your browser? Also, you mentioned unable to ping, does that mean you are not able to ping any other deice in your LAN? Can you perform those tasks from your Windows host?
Great video and at a good pace. How can I get each Ubuntu VM to ping each other? Thanks
Hi and thank you for your feedback! If you correctly set up the Hyper-V switch and assigned the IP addresses correctly to VMs, they will be able to ping each other as they are on the same switch and subnet. Please follow the steps exactly as I showed in the video and everything should work. If you still have issues please post here and I'll do my best to help. Thanks.
When the VM traffic goes out of vSwitch, the source IP is NATed to host’s ip right?
Correct.
In your example, if 10.0.0.145 was a computer, should it be able to ping 192.168.0.10? That is what I need to do but am not able to. From ip addresses in your example (and yes, in reality I'm using my own), from 192.168.0.10 I am able to ping 10.0.0.145, but not the other way around.
Hi @Quarkburger, no, not directly. "192.168.0.10" is behind the switch. The switch acts a router from VMs out to the greater LAN and provides Network Address Translation (to/from the network) for VMs. Other devices on the LAN have no visibility to the VMs. We could, however, open ports for apps running on VMs and map them to the ports on the host machine (10.0.0.87) where other devices on the LAN could call those services but by default other devices have no visibility to the VMs behind the switch. Hope this makes sense, please let me know otherwise. Thanks!
How do you split the command prompt window in 2, the one is upper, the other is lower. And they are syncing? What is the tool?
There are two parts to your question:
1- To add a terminal at the bottom, in VS code click "Terminal" and "New Terminal". That will add a new terminal at the bottom
To run a command when highlighted or the cursor is on a line, you need to bind a key to the command execution, follow these steps:
1- In VS, go "File/Preferences/Keyboard ShortCuts".
2- In there you’ll find a shortcut called “Terminal: Run Selected Text In Active Terminal”
3- Right-click and select "Add Keybinding"
4- Press "F8"
Now in the terminal when you press F8, it will execute your command.
from a security perspective, should a person use NAT with hyper v in 2023 if want vm to connect to internet? and if so, anything to keep in mind like internal firewall? using 'default switch' currently (also, other functions like copy paste between host and vm seems enabled by default ... not sure if that's very secure )
Hi, all the traffic within the VM and Hyper-V is on an internal and private network. These devices are not accessible from outside your firewall because they are not routable from the Internet and are perfectly safe.
If you have a service running on one of your VMs and want to expose it to the Internet, you must configure your firewall to allow address and port forwarding to your internal network. In that case, these are some of the security precautions I would recommend:
1) Make sure the service uses a secure TLS connection (i.e. https) otherwise a hacker will be able to intercept your unencrypted communications.
2) Make sure your service requires authentication so you can limit who can access it.
3) Limit incoming traffic only to the IP address of the VM that hosts the service and the port number that it is listening on.
Hope this helps.
Hello 👋,
I own a dedicated server running hyperv2019 at OVH.
I've got a single public ip set up on the main nic of the hyperv.
I followed the tutorial and my VM can contact the host vNic connected to the host virtual switch.
When I manually setup a DNS it seems to resolve my request but I can't ping wan.
Any idea ?
Hi, from your VM, if you open a browser, are you able to navigate to a site say yahoo.com? In other words, is your issue only pinging targets outside your LAN or you are not able to visit any site on the internet?
when i switch to my newly created network with powershell, the vm cant connect to the internet :'(
@Steve Steve
Hey Steve,
Are you able to connect to your LAN or can't connect to any destination outside the new network?
Here is the script I used for that demo if you want to double check:
New-VMSwitch -SwitchName "LabSwitch" -SwitchType Internal
#Gat all network adapter and make a note of "LabSwitch" as you need it in the next step "INDX_ID_OF_LabSwitch":
Get-NetAdapter
New-NetIPAddress -IPAddress 192.168.0.1 -PrefixLength 24 -InterfaceIndex "INDX_ID_OF_LabSwitch"
New-NetNat -Name NewInternalSwitch -InternalIPInterfaceAddressPrefix 192.168.0.0/24
Get-NetNat
##To remove those objects:
Remove-NetIPAddress -InterfaceAlias "vEthernet (LabSwitch)" -IPAddress 192.168.0.1
Remove-VMSwitch "LabSwitch"
Get-NetNat
Remove-NetNat LabNAT
Get-VMSwitch
i can not access internet via switch
When you set up your Ubuntu VM, make sure you set its gateway IP address to that of your virtual switch IP address.