Virtual machines on a private network with internet access ?

[Christopher Taagaard]

Hi guys

English is not my native language, but I hope you understand it anyway

Right now im trying to configure a virtual server environment in a Virtual network on my laptop computer in Hyper-V.

I want to have servers on my virtual network with static IP adresses and clients with dynamic IP adresses. I have tried many configurations but I can't get it to work. I want my virtual network to be mobile also, so my virtual switch connected to my Wifi adapter has to have dynamic settings so it can connect to any Wifi network where I have my computer connected to.

First i tried with two external switches attached to my domain controller on the virtual network. One attached to my Ethernet adapter and one attached to my Wifi adapter. I only get access to the internet on my domain controller since it has the external switch attached to my Wifi adapter.

Where all my other virtual machines have only one eternal switch attached to them, all connected to the Ethernet adapter.

I also tried with an internal switch on all my virtual machines (to create a private network) and an external switch to the wifi adapter on my domain controller also. So my virtual machines has to use my domain controller as a gateway to the internet, since it has internal ethernet adapter and the external switch wifi adapter attached to i.

Thank you for your help

 

[pricklypunter]

What I think is missing from your setup is a routing process of some kind. I would imagine you could use RRAS in your windows DC to point to your external network using either your LAN or Wifi adapter and use NAT to provide your internal networks with access. Either way, you will need to provide a single gateway that you can distribute via DHCP to your clients

 

[Christopher Taagaard]

I actually made my DC a RRAS and then it would function. But I couldn't join clients to my domain and I was told it was because the DC was a multihome because I used it as RRAS. So I tried to make a RRAS member server but then I couldn't get internet access on my Internal network, only when I had my DC run the RRAS.

In this setup I have my RRAS with two attached virtual switches internal and external.

Here is some screenshots from my setup:

DHCP config (DC)

https://s32.postimg.org/kw6obj4d1/dhcp_indstillinger.png

My domain controller is also a DNS and DHCP server, IP address: 192.168.10.2

Remote Access server has IP: 192.168.10.3

DC IP config:

https://s31.postimg.org/f7yldxzij/ip_domain_controller.png


IP config on my RRAS on the internal switch:

https://s31.postimg.org/4dziuo4p7/lan_forbindelse_remote.png

IP config is dynamic on the external switch on the RRAS:

https://s31.postimg.org/vyunawm3f/eksternt_netkort_remote.png

And here you can see there is no internet connection on my lan (internal switch) this is from the RRAS:

https://s31.postimg.org/fxvmenl2j/netv_rks_forbindelser_remote.png

 

[pricklypunter]

Here's a link that's doing something very similar to what you are trying to achieve. He has a link to a video on it as well, where he explains what he's doing. Maybe this will help you better than I can here

Deployment Research > Research

 

[Christopher Taagaard]

Thank you very much for the link

I followed his guide I can ping 8.8.8.8 on my DC, but I can't find google.com in my browser and it still says I don't have Internet access. His setup is exactly what I want, I just want a single internal and external network and not three internal networks like he has.

 

[pricklypunter]

Yup, I figured it was close enough to what you needed that you could just use a single internal LAN. Johan is actually quite informative in his blog, I have picked up all sorts of little tricks from him

If you can ping 8.8.8.8, but can't open Giggle in a browser, you have a DNS configuration issue. That's also the reason why your windows DC is complaining that you have no Internet. You do have Internet, just can't resolve DNS. Make sure you have a DNS entry in your DC pointing to a valid server for forwarding lookup's to and also that you have set your DHCP server to pass that information along to the clients

The irony is, that you are able to ping one of Google's public DNS servers (8.8.8.8)

 

[cesmith9999]

normally I would recommend that you have an internal Switch that all of your servers attach to. and then have VM using pfsense and have that one attached to the external Adapter and the internal adapter.

then you can configure all of the servers and clients as a real network and have a router to the internet.

Chris

 

[Christopher Taagaard]

If you can ping 8.8.8.8, but can't open Giggle in a browser, you have a DNS configuration issue. That's also the reason why your windows DC is complaining that you have no Internet. You do have Internet, just can't resolve DNS. Make sure you have a DNS entry in your DC pointing to a valid server for forwarding lookup's to and also that you have set your DHCP server to pass that information along to the clients

Yea thats true about the internet hehe, I was very tired when writing my post

Chris I don't know pfsense maybe I should look into that if I can't get this to work with DNS.

 

[Christopher Taagaard]

It seems to work now I put 8.8.8.8 as a forwarder, should I just delete the rest of the forwarders that can't resolve anything ?

https://s31.postimg.org/5u1e1ztx7/forwarders.png

 

[F1ydave]

This may or may not help, but I recently went through some DNS problems. I can ping my server internally from all workstations but FQDN wont work, no matter what I try (I gave up, network is running faster than ever thanks to my accidential genius).

Anyway, what I did was delete the forwarders...which forces the DNS to use Root Hints. At least give that a try and see what happens. You can always add the forwarders back if it doesn't resolve your issue.

If you really want to optimize your forwarder/DNS at a later time, you can run DNS Benchmark, its a free application and gives the fastest dns available to your location.

 

[pricklypunter]

Congrats on getting it working

There's nothing wrong with having primary/ secondary forwarders, or several that can be used on a round robin etc, but obviously, whatever you do put in there must be reachable and valid. PFsense, as Chris pointed out, is also an excellent option if you want to explore that further. Besides simplifying your internal configuration a bit, there are additional benefits beyond basic networking to be had by using it