locked
1 IP - 2 Virtual Machines - Settup Routing... RRS feed

  • Question

  • Hi everyone,

    I need  little bit help how to setip routing.

    I have a server which has 1 public IP. For security reasons the port at the switch is bind to the network adapters mac.

    Now I have 2 Virtual machines using Hyper-V with External chosen at the adapter settings.

    These VMs have no interet access, because first they get a dhcp ip from hyper-v and also cannot send packages because they will be blocked at the switch (another mac address,...)

    So my idea is now:

    I have another public IP.

    Can I setup up routing in the host system (windows server 2008 enterprise) to do the following:

    A) liste on both ip addresses.
    B) forward the second ip address to the internal ip address of the virtual machine
    C) forward all packages FROM the internal machine to the first ip addres (from the host) and send it out

    So, the server should get all packages and decide if its for ip 1 than handle the packages itself, it is for ip 2 thand send the packages to the virtual machine. I think this can be done, but I am not an expert to configure this, so I need some help what I need to get this working.

    Thank you very much.

    Bye,
    PipBoy3000
    Saturday, May 2, 2009 3:39 PM

All replies

  •    No that isn't how you handle the situation. You handle it in the same way as you would with physical machines. You use NAT to allow the machines on your LAN to share a single public IP address.

        You could run the host machines as a NAT router for the vms, but I would not recommend it. There are a fewproblems that come up. I would recommend running NAT in a virtual machine. I would also recommend that you do not run DHCP on the Hyper-V host (ie the parent partition) but in a vm. Microsoft recommends that you run nothing except the Hyper-V role in the parent partition.

      I run my virtual machines on a internal private network. Only the NAT router connects to the external network (and thence to the physical LAN and the Internet). You can run a Windows Server OS as your NAT router or a Linux OS if you are familiar with that.  eg

       Internet
              |
        physical LAN
               |
         External virtual network
             public IP
                NAT
           192.168.21.254    dg    blank
                     |
              other virtual machines
           192.168.21.x   dg   192.168.21.254
              virtual machines
            
    Bill
    Sunday, May 3, 2009 1:39 AM
  • Okay so as I am understand right:

    Internet
        |
      my Server (with a public IP) and Hyper-V Role
               |
           First Virtual Machine (with external network set) running RRAS for a NAT
                                |
                       Second  VM:  For example a webserver (configured with internal ip)
                      Third VM: For example an media server (configured with internal ip)



    So my questions is now, how can I go to a website which service runs on the second VM ?

    Thank you very much.

    Bye,
    PipBoy3000
    Sunday, May 3, 2009 8:54 PM
  •    You use port forwarding in NAT.
    Bill
    Tuesday, May 5, 2009 5:18 AM
  • Hi.

    I have got the same problem, or maybe just need the same solution. I have few public IPs and need to set up NAT for internal VMs.

    I've tried the setup recomended above, but there's one thing I don't get. How does the internal VMs find the NAT server? I've added two NICs to the virtual NAT server. One set up with a publicly accessable IP, but what about the other one? In a physical world I would cable to a switch and to the servers from there.

    Also tried to associate the second NIC with an internal virtual NIC on the host, and then associate the internal VMs with the same virtual NIC. No luck. The RRAS service should assign IPs to the servers in the network, right?

    Any thoughts?

    BR,
    Trond

    Tuesday, May 5, 2009 2:48 PM
  •   It really works just like it does with physical machines and networks. Put the internal NIC of the RRAS server and the NICs of the other vms in the same virtual network. The internal virtual switch works just like a physical switch. If you want auto-config, configure the DHCP options in NAT.

        The internal machines use the private NIC of the NAT router for default gateway and DNS address. The NAT server relays DNS requests and handles Internet requests for the client machines using its own public IP. (Note that you need to make changes if you are running a domain on the private LAN. NAT and AD don't work well together because of DNS).
    Bill
    • Proposed as answer by Trond Smaavik Thursday, May 7, 2009 10:01 AM
    Wednesday, May 6, 2009 12:58 AM
  • Thanks.

    I've made some steps of progress, but there's still something funky though.

    The NAT is handing out IPs in the private range with 192.168.0.1 (internal NIC on NAT server) as gateway. I've created an internal virtual network in Hyper-V manager and assigned it to the internal NAT NIC and the NIC of an internal VM. The virtual network on the host gets assigned 192.168.0.143 and the internal VM gets 192.168.0.53. From the ...53 VM I'm only able to ping ...143, but not the gateway at ...1. I find this kind of strange as it's ...1 that's assigning the IPs.

    As the ...143 adapter gets ...1 as gateway the host server also looses the Internet connection from the Internet gateway. I've tried to tick off VLAN identification on the internal network but that doesn't seem to do anything here.

    - Trond

    Wednesday, May 6, 2009 10:14 AM
  •    Afraid I can't follow that. Whre is the NAT server running? If it is a vm, does it have two NICs, one connected to virtual network linked to a physical NIC on the host and one connected to an internal virtual network?

       What really throws me is  "The virtual network on the host gets assigned 192.168.0.143"  . A virtual network does not have an IP, only individual NICs do. How is the host getting an IP from NAT? What interface on the host are we talking about?
    Bill
    Thursday, May 7, 2009 5:49 AM
  • Made it work. 

    Regarding your last question. It was the virtual NIC associated with the virtual network on the host I was refering to. By disabling this NIC the Internet connection was restored. This NIC got IP and gateway from the NAT. I guess that confused the routing out.

    Thanks alot for the help.

    -Trond
    Thursday, May 7, 2009 10:00 AM