0

I've created a NAT switch on my Hyper-V host (host range 192.168.2.0/24), as described here. It works well, and I've got an old PDC running in its own subnet (subnet range 10.10.10.0/8).

Problem: that PDC contains an old backup that I need to restore to physical hardware. I can't justify shutting down the entire 192.168.2.0/24 network just to be able to connect to the old PDC from outside the host machine.

The host machine has two physical NICs, one of which is currently not in use and therefore is available for this task.

Is there a way to bind that second NIC to the NAT subnet 10.10.10.0/8?

I've reviewed two almost similar questions, here and here, but they're quite old and are specific to VMWare. I'm hoping for a way to accomplish this via PowerShell, if possible.

I haven't tried anything because, frankly, I don't know where to begin.

Community
  • 1
InteXX
  • 753
  • 2
  • 15
  • 33

1 Answers1

1

You basically want to try to bridge your spare NIC to your vSwitch. You can not use PowerShell or any command line tools (include netsh) to manage bridges as far as I am aware. It must be done through the 'Network Connections' panel. There is netsh bridge install but I have never seen it do anything other than return "Unsupported - Use Network Connections window".

  1. Create your vSwitch
    New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal
  2. Bridge the vSwitch to your spare NIC. Just select the physical and virtual NICs in the Network Connections panel ("Change Adapter Settings" in "Network and Sharing Centre"), right click then "Create Bridge".
  3. Assign IP address
    New-NetIPAddress -IPAddress 10.10.10.1 -PrefixLength 8 -InterfaceAlias "Network Bridge"
  4. Enable NAT
    New-NetNat -Name "NATnetwork" -InternalIPInterfaceAddressPrefix 10.10.10.1/8

However, if you only need to bind a single physical interface to your isolated network, naturally you would just create a new External vSwitch for the machines you want isolated. vSwitches can not communicate between each other unless you join the physical interfaces bound to them together outside of the host. E.g. connecting both ports to the same physical switch.

Gav
  • 191
  • 3
  • It seems I've already completed steps 1, 3 & 4. But #2 is going be troublesome; this is Hyper-V Server w/no GUI. If I can find a way to do it with scripting, is the order important? Is it OK to already have the others in place before I create the bridge? – InteXX Apr 03 '17 at 09:03
  • When you create the bridge, the IP config will be removed from the member interfaces. So you will need to apply the IP address configuration and recreate the NAT config on the new 'Network Bridge' interface. Give the `netsh bridge install` command a go, as maybe it is only for Server Core installations. I think you can then use `netsh bridge set` commands to add member interfaces, but I have never been able to get it to work on a standard GUI install. – Gav Apr 03 '17 at 09:18
  • OK, I'll give that a go. Thanks! Hold on a couple of days, though... there's plenty of other to do in the meantime. Also, I found these—[PowerShell/WMI](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/using-powershell-scripting-with-the-wmi-bridge-provider) and [.NET](http://stackoverflow.com/a/22201029/722393). What do you think of 'em? – InteXX Apr 03 '17 at 09:49
  • The bridgeutil program the guy wrote in that .NET question looks really promising. I would try that first. I think the WMI Bridge Provider is actually for something totally different, but haven't really looked that closely at it. – Gav Apr 03 '17 at 15:35
  • I'll look closer at the .NET one. Say... should I give my extra NIC a static IP, before I begin all this? I think I should. On the 10.10.10.0/8 range—probably one digit off the vSwitch. – InteXX Apr 03 '17 at 17:24
  • So never mind about that static IP question. I thought about it some more and I see now that we'll be binding the IP to the bridge—there'll be only one address. I'll let you know how it goes, once I get to the task. – InteXX Apr 03 '17 at 20:11
  • Hey, wait a minute! Why don't I just create a new external switch, bound to the second NIC? That'd isolate the old PDC from the other subnet, wouldn't it? – InteXX Apr 04 '17 at 04:23
  • Yes of course you can do that (External vSwitch). I thought for some reason that wasn't an option. – Gav Apr 04 '17 at 04:50
  • I appreciate the benefit of the doubt... but I am afraid you must assume the worst when dealing with me ;-) So is that correct, then—the old PDC's subnet will be isolated? – InteXX Apr 04 '17 at 05:19
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/56522/discussion-between-gav-and-intexx). – Gav Apr 04 '17 at 05:20