[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Win 2008 R2 Server + Virtual Machine connected to Internet via 1 static IP

Posted on 2010-09-05
Medium Priority
Last Modified: 2012-06-27
The situation:
I have a Windows 2008 R2 server connected directly to the Internet (no router - Network1).
I've added a Windows 7 virtual machine (VM).

The desired outcome:
I want to give Internet access to the VM.

There are many ways to accomplish this so I'd like to get your opinion.
This is what I see as potential solutions:

1. Add a router - assign the static IP to the router and use NAT to give internal IP addresses to both the Server and VM.

2. Ask the ISP for another static IP and configure it for the VM

3. The server has 2 NICs. Close to the server is a switch that is part of a totally different network (Network2), so would this work?
- connect NIC1 to the switch and get the Internet Access for the server from Network2
- connect NIC2 to the Ethernet drop with the static IP (Network1) and have the VM use that connection.

Network1 and Network2 are totally separate (with different subnets, gateways, etc.).
It is mandatory that VM's traffic to stay in Network1 - so it should NOT go out with Network2's static IPs.

4. Can I enable NAT in Win 2008 so the VM would use an internal IP like 192.168.2.x and go out on the Internet via the server's static IP (software NAT)?
If yes, how do I redirect ports to the VM?

I'd prefer option 3 or 4 if possible since it would not require buying equipment or paying the ISP for an additional IP address.
Question by:mihaisz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
LVL 14

Expert Comment

ID: 33607807
Well done on providing excellent information.
I'm not certain what VM product you're using, but I'm familiar with VMWare Server 2, so I'll provide my answers in relatioin to what I've seen there.

1. I assume you're reluctant to do this because you want the public IP to reside on the VM.  You could config a router to have a DMZ and pass all traffic to the VM, so it's almost like having a public IP.

2. This should also work fine (mind you I've never tried bridging on an actual WAN link, so I hope there's no funny TCP/IP checking that messes it up).

3. This sounds like it would work fine.  You can choose which NIC you bind the VM to, so you can just force it to use NIC2.  The only prob would be that your server would have 2 paths to the internet, and I think the choice is random and arbitrary.  You might find from time-to-time that your traffic goes one way over the other.  You'd need to force the default route using the 'route add' command, and perhaps even organise that into a batch file so that you can run it again whenever you suspect that it's using the other route.

4. Yes you can do it and port forwarding should be available.  At least that's how VMWare Server 2 works.

On http://www.vmware.com/pdf/vmserver2.pdf page 215 lists the 3 basic network configs: bridged (your option 2), NAT, or host-only.  See page 251 for the port forwarding.

Author Comment

ID: 33607849
Thanks for the quick response.
I'm using the Hyper-V from Win 2008 for virtualization.

Option 3 would be the preferred one if I can be absolutely sure that traffic from the VM does not go through Network2.
This is very important to me: the VM has to show ALWAYS the public IP of Network1 (ex as shown in the top left cornet of www.dnsstuff.com when I open that site in a browser).

The server's traffic can go through either Network1 or Network2, but I'd preffer to use Network1.
Could you give me the route command?
LVL 14

Expert Comment

ID: 33607905
The command is 'route add mask' (where should be the immediate next hop on NIC1's network).
You can also do this manually if you look in TCP/IP Properties, Advanced, Default Gateways.  This is on XP, but should look the same.  I'm pretty sure when you have multiple options, you can arrange the order of priority here.

You know what...  Now that I think about it carefully, I don't think option 3 would work.  To use bridging, the server and VM need different IPs.  You only have 1 public IP, so you want that IP to be for the VM.  This leaves you needing to give the server a fake IP (same subnet but not the actual one given by the ISP).  The only prob is that the VM can't bridge through the server's NIC if the NIC doesn't have a valid connection in the first place.  Now you've got me doubting myself and wishing I had the necessary stuff to test it myself.  Sorry but I don't.

So for option 3 to work, you'd still need to use the parts of your other options anyway: NAT, router or extra public IP.

Out of interest, what is the network mask for your WAN link? or .248?
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 33607907
For option 3, just to make sure I won’t have to go to the data center again after this:

•      configure NIC1 with Public IP and connect NIC2 to the switch (will leave it with ‘Obtain IP address automatically’ since Network 2 has a DHCP server).
•      configure NIC1 as the adaptor for the VM

The problem might be that VM’s adaptor has IPv4 configured to ‘Obtain IP address automatically’ but Network1 does not have a DHCP. So I have to add IP information.
If I add the Public IP info, it will conflict with what I have for NIC1 on the server.

How do I resolve this?
Should I leave NIC1 with ‘Obtain IP address automatically’ so it will then get 2 IPs from Network2?
In that case, will the VM still be isolated to use Network1’s public IP?

Author Comment

ID: 33607917
Looks like I was writing my comment at the same time with you.

So I cannot do option 3...

I'll then just buy a router and solve it that way.

The subnet of the public IP is
LVL 14

Expert Comment

ID: 33607920
Yeah see you found my mistake too. :<

It doesn't matter now, but in your last post you got the NICs wrong on the bullet-point bit.  NIC2 needs the public IP and binds to the VM, while NIC1 connects to the switch.  At least that's how your original looked.

Author Comment

ID: 33607938
yes, you are right: NIC1 goes to the switch and NIC2 to the Public IP.
Thanks for your help. It saved me a trip to the data center.
LVL 14

Expert Comment

ID: 33607941
Yep it definitely sounds the cleanest.  There's something safe and secure about having a little box between you and the big, bad world.  Besides, routers were designed to do this stuff.

However, I still think option 4 would have worked and is not so different to option 1 in regards to the VM still being NATted.  In regards to the server, the difference is that the server is publicly exposed on option 4, but behind the NAT router on option 1.  It depends if you can find the port forwarding on your VM NAT config, and if it works well.
LVL 14

Expert Comment

ID: 33607957
NP.  Best of luck.  At least you stretched my brain a little.

Author Comment

ID: 33607964
So how do I do option 4?
I don't mind the server to be exposed directly to the Internet - I'll use Win 2008's firewall to controll access.

How do I configre NAT in Win 2008 so I can assign an internal IP to the VM?
I'm not good with commands, so is there a UI for it in Win 2008?
LVL 14

Expert Comment

ID: 33607980
Ahh no it's not a Server 2008 feature like in RRAS.  It's something that the Hyper-V config would have to do.  You'll notice in the manual for VMWare that there's like an extra piece of software at Start, Programs, VMWare Server, Manage Virtual Networks.  This program doesn't manage the VMs at all, but just manages the settings of the virtual NIC attached to your physical NIC.

I'll see if I can find a manual or something that would show me how they do it in Hyper-V.
LVL 14

Accepted Solution

theras2000 earned 2000 total points
ID: 33608017
It sounds like I'm only half-right.  The 'Virtual Network Manager' is the tool to setup just the virtual networks, (awfully similar to the 'Manage Virtual Networks' that I mentioned, but then you use ICS or RRAS to do the port-forwarding.  Clever.

http://www.petri.co.il/configuring-virtual-networks-with-hyper-v.htm - VNM setup
http://bryantlikes.com/SettingUpHyperVVirtualNetworking.aspx - VNM + ICS
http://blog.jim80.net/2010/01/19/setting-up-hyper-v-with-nat/ - RRAS (text only)

I can't find much better than those, but I think they point you to the right places.  Looks pretty simple, really.  I gotta go to bed, but I'll check in on this tomorrow.

Author Comment

ID: 33608170
I followed the steps from http://bryantlikes.com/SettingUpHyperVVirtualNetworking.aspx and it worked!

My VM is sharing the connection with the server and has Internet access.

The only remaining step is to forward port 4111 to the VM (so I do telnet <Public IP> 4111 to get to the VM).

How do I do that?

LVL 14

Expert Comment

ID: 33609443
Here's what it looked like in XPsp1 I think http://www.dslreports.com/r0/download/181339;bd105dc7c26c9fbad8be83372f13319d/icsconfigXP.jpg
or http://forum.portforward.com/YaBB.cgi?num=1134525903
It's probably within the Settings button that you could see on that guide you already followed.

Author Comment

ID: 33623770
Worked like a charm!
Thanks for your help!

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question