I have a 2008 R2 Standard server with Hyper-V, DHCP, DNS, AD, IIS and two NICs both connected to my home LAN (192.168.2.0).
My LAN is served by a cable modem that NAT’s my home LAN to the exterior. The cable modem/router also includes DHCP and a DNS forwarder (normal everyday equipment).
The MAIN server has:
NIC1 (the IP 4 settings are manually set)
Ethernet adapter LAN:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) 82567LM-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-15-17-D3-A2-10
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd45:d8d:6150:b14c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234886423
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : ::1
10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Disabled
NIC 2 (fetches IP settings from the "home" router).
Ethernet adapter LAN2:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-15-17-D3-A2-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9594:ef85:ac76:ad0e%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : quinta-feira, 5 de Agosto de 2010 21:15:55
Lease Expires . . . . . . . . . . : sexta-feira, 6 de Agosto de 2010 17:15:57
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 318772503
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
The MAIN server has a virtual machine running 2008 R2 Standard. On the Hyper-V network configurations an "Internal" type of LAN was created and the VM has a virtual card on this "internal" network.
The MAIN server DHCP and DNS are bind to this internal network on the 10.10.10.0 subnet thus will not accept requests for 192.168.2.0.
The virtual NIC on MAIN as these setting for the "internal" network:
Ethernet adapter webDLAN:
Connection-specific DNS Suffix . : corp.mycompany.pt
Description . . . . . . . . . . . : mycompany Network
Physical Address. . . . . . . . . : 00-15-5D-02-14-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ad8c:2a04:ae7f:fbdf%19(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : [observe the empty gateway address]
DHCPv6 IAID . . . . . . . . . . . : 436213085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : ::1
10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled
If MAIN DNS cannot resolve the addresses then it is set to query 192.168.2.1 (the home router) that resolves with WAN DNS just fine. This is tested and working.
On my internal network everything is also working fine, the name resolution for other "internal" VM works (differente Linux OSs). Each internal VM fetches IP address from the DHCP pool (10.10.10.0) and each VM registers itself on the MAIN DNS.
The "internal" network works like a virtual LAN where I have my virtual machines that are isolated from the home LAN. (two diferent subnets). This is exactly the settting I need.
The problem! how to have each VM on the "Internal" reach the internet (WAN). After reading a lot and also experimenting a lot I am having unexpected difficulties on something that looks simple to do (especially because there is a RRAS wizard :))
The initial goal was to have on MAIN a VPN server into the "Internal" network and NAT for the "Internal" to go out, using RRAS. For the VPN I created a rule on the home router firewall to reverse NAT from the WAN into the home LAN pointing to the 192.168.2.20 on MAIN (NIC 1). The ports are all set fine for VPN although I was planning to just use the SSTP protocol (port 443) that was already set for my IIS HTTPS running on MAIN to support RDweb and remote apps.
Currently what is working OK is the "internal" 2008 R2 that has remote apps installed and the MAIN that is an RD gateway Server running.So from the internet I am able to run remote apps residing on the Internal 2008 server (on the 10.10.10.0 subnet). So connectivity is not the issue for inbound traffic.
As for VPN I am able to get inbound traffic also but then it looks like some sort of permissions problems arise (yes I allow access on the user’s AD). In the mean time I put my main efforts on at least providing WAN (Internet) access to the "Internal" VMs using NAT on RRAS on MAIN. Later I will worry about configuring the VPN.
I used RRAS wizard, read carefully each question, redone and redone, restarted and restarted, uninstalled and installed RRAS... and the thing just does not work fine!
After the reinstallation of RRAS the first time it seemed that the issue was resolved. The VMs reached the Internet fine... but then after a couple of hours I would loose all connectivity with the MAIN server from the home LAN (and thus from the internet via the home NAT device)and have to go personally to the MAIN server and choose "Disable Routing and Remote Access" to gain connectivity again.
This happen already 3 times.
In another ocasion I tried getting the main page from google.com (that on the DNS resolves to several addresses) using a small command line utility "wget". The utility would try each IP address with no sucess, and then at the end, on the last address it would work. So I had connectivity but is was cripled from the beggining.
This is all very weird.
Finaly before having this RRAS experiemnts everything was working fine using ICS on MAIN.
I have no new ideas! Did anybody had a similar experience before? Is this RRAS NAT something that causes problems? I tried to use ICS but then it is not compatible to RRAS and I still want to configure a VPN later on.
Is what I'm trying to do for 2 months hard to accomplish?
I do not want to have an additional NIC on the internal network server 2008 R2 to reach the home LAN and from there have ICS or even configure RRAS. The goal is having the internal network (10.10.10.1) isolated and as if it was a "normal" LAN and configure the host operating system (MAIN) have this "supporting/infrastructure" services.
Resume:
WAN --> HOME ROUTER/NAT (192.168.2.0) --> MAIN server (192.168.2.20 & 192.168.2.101 dhcp, 10.10.10.1 internal network on virtual switch) --> Internal virtual networl (10.10.10.0) where my VMs reside including a virtualized 2008 R2.
The settings for the Internal VM are (and all other VMs, since these come from the DHCP on MAIN)
C:\Windows\System32>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WDSRV02
Primary Dns Suffix . . . . . . . : corp.mycompany.pt
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.mycompany.pt
Ethernet adapter LAN:
Connection-specific DNS Suffix . : corp.mycompany.pt
Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-02-14-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::34d7:48e3:3236:7178%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : sexta-feira, 6 de Agosto de 2010 03:19:09
Lease Expires . . . . . . . . . . : sábado, 14 de Agosto de 2010 03:25:47
Default Gateway . . . . . . . . . : 10.10.10.1
DHCP Server . . . . . . . . . . . : 10.10.10.1
DHCPv6 IAID . . . . . . . . . . . : 234886493
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-27-45-22-00-15-5D-02-14-01
DNS Servers . . . . . . . . . . . : 10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.corp.mycompany.pt:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : corp.mycompany.pt
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
The full MAIN ipconfig/all below:
C:\Users\myuser>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WDSRV01
Primary Dns Suffix . . . . . . . : corp.mycompany.pt
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.mycompany.pt
home
Ethernet adapter webDLAN:
Connection-specific DNS Suffix . : corp.mycompany.pt
Description . . . . . . . . . . . : mycompany Network
Physical Address. . . . . . . . . : 00-15-5D-02-14-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ad8c:2a04:ae7f:fbdf%19(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 436213085
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : ::1
10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter LAN2:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-15-17-D3-A2-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9594:ef85:ac76:ad0e%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : quinta-feira, 5 de Agosto de 2010 21:15:55
Lease Expires . . . . . . . . . . : sexta-feira, 6 de Agosto de 2010 17:15:57
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 318772503
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter LAN:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) 82567LM-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-15-17-D3-A2-10
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd45:d8d:6150:b14c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234886423
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-26-9F-D4-00-15-17-D3-A2-10
DNS Servers . . . . . . . . . . . : ::1
10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.corp.mycompany.pt:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : corp.mycompany.pt
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.20%17(Preferred)
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.2.101%17(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ::1
10.10.10.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Reusable Microsoft 6To4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes