In Windows Server 2016 (TP4) and Windows 10 1511 it is possible to create a Hyper-V Switch with NAT functionality, including publishing rules. The purpose is to run containers, but it can of course be used to run normal virtual machines. This means that you can very easy build an infrastructure environment with access to Internet and reverse without having a virtual router or firewall, pretty neat IMHO. Currently, the only way to create the switch is using PowerShell, but hey, I don’t mind…
Create the Switch
The following command will create a VM Switch for NAT usage with a subnet of 192.168.1.0/24. The net result will be a switch and an Internal network adapter with the IP address 192.168.1.1
New-VMSwitch -Name ViaMonstraNAT -SwitchType NAT -NATSubnetAddress 192.168.1.0/24
Create the NAT rule to get out
The following command will create a NAT rule for all machines connected to the Switch that uses the default gateway to get out.
New-NetNat -Name ViaMonstraNAT -InternalIPInterfaceAddressPrefix 192.168.1.0/24
Create a publishing rule
The following rule will open the “firewall” and redirect traffic on the hyper-v host port tcp/80 to the machine on the VM Switch with the IP address 192.168.1.200 to tcp/80
Add-NetNatStaticMapping -NatName ViaMonstraNAT -Protocol TCP -ExternalPort 80 -InternalIPAddress 192.168.1.200 -InternalPort 80 -ExternalIPAddress 0.0.0.0
Check if it works
You can use the following PowerShell commandlets to see the configuration after it has been done.
Get-VMSwitch will show you the switch with SwitchType NAT.
Get-NetNat will show you the NAT configuration bound to the switch.
Get-NetNatStaticMapping will show you the publishing rule.
Get-NetNatSession will show you current NAT sessions.
/Mike
Share this:
Categories: Hyper-V, Windows 10, Windows Server 2016
The Deployment Bunny 
I have previously did this on my 1511 build. However, now on the most recent build of Windows 10, the NAT switch isn’t a viable option again. Can you confirm this?
I did it on my Windows 10 Build 14291 (Insider Preview) and it works.
Darn. Yeah, when I tell it the switch -Switchtype the only options are external, Internal, and private now. This was on my personal laptop that is running Professional not Enterprise so not sure if that can be the case. I will spin up a VM and test later. It works for my work laptop without a problem. Then again, I am still on 1511 right now. Looking forward to seeing you out here in the oven of Phoenix in a few weeks.