Windows Server 2019 Virtual NAT - VMs have no internet access

Question

We have a Win Server 2019 (Version 1809, OS Build 17763.1282) with Hyper-V. We want to run a number of Ubuntu VMs using the internal NAT, so we don't need separate external IPs for each VM. The steps we're using are the ones we've seen many examples of across the internet:-

New-VMSwitch –SwitchName "NATSwitch" –SwitchType Internal
Get-NetAdapter (to lookup the index of the new "vEthernet (NATSwitch)" - which is 24)
New-NetIPAddress –IPAddress 14.0.0.1 -PrefixLength 24 -InterfaceIndex 24
New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix 14.0.0.0/24

We set the properties for the VM network connection to use the NATSwitch, and then configure the VM to have static addresses - 14.0.0.1 for the gateway, and 14.0.0.2 for the VM itself. ie: /etc/netplan/00-installer-config.yaml looks like this:-

network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 14.0.0.2/24
      gateway4: 14.0.0.1
      nameservers:
          addresses: [14.0.0.1]

So on the VM, ip route says:

default via 14.0.0.1 dev eth0 proto static
14.0.0.0/24 dev eth0 proto kernel scope link src 14.0.0.2

and ip a includes:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:1a:84:01 brd ff:ff:ff:ff:ff:ff
    inet 14.0.0.2/24 brd 14.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe1a:8401/64 scope link
       valid_lft forever preferred_lft forever

After booting the VM from Hyper-V, I can successfully SSH into 14.0.0.2, with Putty, but the VM does not have access to the internet, and it cannot ping 14.0.0.1. So it looks like the NAT is not doing anything to bridge the 14.0.0.x network to the main NIC on the server (which has internet access of course). From the 2019 Server, I can ping both 14.0.0.1 (itself=the gateway), and 14.0.0.2 (the VM).

We can get things to work with an external address, on our network, by creating an "external switch" in Hyper-V, connecting to that, and using DHCP to get an IP address from our domain controller for the VM's MAC address - but we'd prefer not to have to assign external IP adddresses for all the VMs.

Does anyone have any ideas what we're missing?

The switch type MUST be an external switch to connect to the internet, OR connect to an external switch via a virtual router. — Davidw, Jun 26 '20 at 15:29
Is that something different to what the Virtual NAT does? None of the examples we've seen eg. [here](https://petri.com/using-nat-virtual-switch-hyper-v) mention any routing steps. (But then again, ours is not yet working, so the guides may be incomplete...) — Wes Hinsley, Jun 26 '20 at 15:42
After 2 days of frustration, and less than half an hour after posting the question, we have worked it out !! - it is to do with the Firewall settings on Win 2019. By default they prevent the virtual NAT from working. — Wes Hinsley, Jun 26 '20 at 16:07

score 0 · Answer 1 · answered Jul 06 '20 at 12:09

The answer was that out of the box, the firewall settings on our Windows Server 2019 setup on "Guest or public networks" prevented the host from ssh-ing to any of the VMs. Turning the firewall off on that network enabled ssh, although we should configure it properly...

Windows Server 2019 Virtual NAT - VMs have no internet access

1 Answers1