Vista - Networking question

04-22-2009

I need to setup a lab environment with the following requisites:

- Internal AD domain
- Internal DHCP server
- External connectivity using NAT (the internal network should be isolated)

I haven't found a way to do this using Virtual Server or Virtual PC, while
it was really easy to achieve using VMWare products. Please help if you can.

1) I can't use Virtual PC's "shared networking" feature, because it comes
with a built-in DHCP server which conflicts with the internal one.
2) I can't do it at all using Virtual Server, as it doesn't even have NAT
capabilities.
3) Someone suggested installing a loopback adapter on the host and enabling
Internet Connection Sharing on it; ok, but then ICS will enable its own DHCP
server too, effectively creating the same situation as #1.

Possible solutions I've come up with:

- Add a second network adapter on the host, add a VM connected to both the
internat network and the external one and install a firewall in the VM
(RRAS, ISA Server, etc.).
- Install Windows Server 2003 on the host, add a loopback adapter and use
RRAS instead of ICS to share the external connection.

Both solutions are quite cumberstome and not applicable in my case (the host
is my own client computer and it only has a single network adapter).

Or, of course, there's the easiest solution of all: use VMWare.

I'm really, REALLY, *REALLY* trying to get used to Virtual PC/Virtual
Server, but I'm always finding something that VMWare does a lot better... I
can't believe I can't do a simple NAT in 2009 when VMWare has been doing it
for YEARS!

Massimo

04-22-2009

On Wed, 22 Apr 2009 11:56:13 +0200, "Massimo" <barone@xxxxxx>
wrote:

Quote:

>I need to setup a lab environment with the following requisites:
>
>- Internal AD domain
>- Internal DHCP server
>- External connectivity using NAT (the internal network should be isolated)

This can be accomplished easily:

1) Put all participating virtual machines on Local Only networking.

2) Configure your internal DHCP server to hand out the IP addresses on
this isolated network. Of course the DHCP server will have a fixed
address.

3) Create a virtual machine for routing with *two* network adapters.
- The first is set to Local Only and configured with a fixed address
- The second NIC is set to use the host's physical NIC. Do not use
NAT since it just adds an extra layer of traffic through the host
PC.

4) Install Windows Server 2003 or 2008 on this virtial machine and set
its role as a router between the internal LAN and the external world.

5) Configure the DHCP server to hand out the gateway address as the
router address. Or better yet, combine the two roles in one virtual
machine by hosting the DHCP server on the router PC. This saves one
virtual machine.

Now you have an isolated network for all virtual machines that can
access the Internet ONLY via the router. The router is multi-homed
with one NIC on the internal isolated network and the other on the
external network in parallel with the host PC. But it has its own
external MAC and IP address so it is not the same as the host even
though the Ethernet hardware is shared.

Quote:

>
>I haven't found a way to do this using Virtual Server or Virtual PC, while
>it was really easy to achieve using VMWare products. Please help if you can.
>
>1) I can't use Virtual PC's "shared networking" feature, because it comes
>with a built-in DHCP server which conflicts with the internal one.
>2) I can't do it at all using Virtual Server, as it doesn't even have NAT
>capabilities.

You don't want to use NAT anyway....

Quote:

>3) Someone suggested installing a loopback adapter on the host and enabling
>Internet Connection Sharing on it; ok, but then ICS will enable its own DHCP
>server too, effectively creating the same situation as #1.

Do not use ICS either!

Quote:

>Possible solutions I've come up with:
>
>- Add a second network adapter on the host, add a VM connected to both the
>internat network and the external one and install a firewall in the VM
>(RRAS, ISA Server, etc.).

No need for an extra physical NIC to do this...

Quote:

>- Install Windows Server 2003 on the host, add a loopback adapter and use
>RRAS instead of ICS to share the external connection.

Somewhat like my suggestion above, but you'd probably combine DHCP and
RRAS services in one multi-homed machine.

Quote:

>Both solutions are quite cumberstome and not applicable in my case (the host
>is my own client computer and it only has a single network adapter).

This does not matter one bit!

Quote:

>Or, of course, there's the easiest solution of all: use VMWare.
>
>I'm really, REALLY, *REALLY* trying to get used to Virtual PC/Virtual
>Server, but I'm always finding something that VMWare does a lot better... I
>can't believe I can't do a simple NAT in 2009 when VMWare has been doing it
>for YEARS!
>

So why don't you stick with VMWare then??? Makes no sense to me to get
into a lot of grief by switching from a comfortable, known and working
solution to one that needs a lot of work and thinking to get going.
Stay with VMWare and be happy!

--

Bo Berglund (Sweden)

04-22-2009

There are several ways to do this. The simplest is to create a vm that will
be used as a gateway to the external world. You can install whatever OS you
want in this vm. It will need two (possibly virtual, possibly physical)
network adapters. The OS will have to be capable of being a DHCP server and
a router. I usually use a Windows server OS or an open source solution like
Untangle for this.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

"Massimo" <barone@xxxxxx> wrote in message
news:e$tiXCzwJHA.4636@xxxxxx

Quote:

> I need to setup a lab environment with the following requisites:
>
> - Internal AD domain
> - Internal DHCP server
> - External connectivity using NAT (the internal network should be
> isolated)
>
> I haven't found a way to do this using Virtual Server or Virtual PC, while
> it was really easy to achieve using VMWare products. Please help if you
> can.
>
> 1) I can't use Virtual PC's "shared networking" feature, because it comes
> with a built-in DHCP server which conflicts with the internal one.
> 2) I can't do it at all using Virtual Server, as it doesn't even have NAT
> capabilities.
> 3) Someone suggested installing a loopback adapter on the host and
> enabling Internet Connection Sharing on it; ok, but then ICS will enable
> its own DHCP server too, effectively creating the same situation as #1.
>
> Possible solutions I've come up with:
>
> - Add a second network adapter on the host, add a VM connected to both the
> internat network and the external one and install a firewall in the VM
> (RRAS, ISA Server, etc.).
> - Install Windows Server 2003 on the host, add a loopback adapter and use
> RRAS instead of ICS to share the external connection.
>
> Both solutions are quite cumberstome and not applicable in my case (the
> host is my own client computer and it only has a single network adapter).
>
> Or, of course, there's the easiest solution of all: use VMWare.
>
> I'm really, REALLY, *REALLY* trying to get used to Virtual PC/Virtual
> Server, but I'm always finding something that VMWare does a lot better...
> I can't believe I can't do a simple NAT in 2009 when VMWare has been doing
> it for YEARS!
>
>
> Massimo
>

04-22-2009

"Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio
news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx

Quote:

> So why don't you stick with VMWare then???

Company policy.

Massimo

04-22-2009

"Kerry Brown" <kerry@xxxxxx-tems.c*a*m> ha scritto nel messaggio
news:uuNgmg1wJHA.3364@xxxxxx

Quote:

> There are several ways to do this. The simplest is to create a vm that
> will be used as a gateway to the external world. You can install whatever
> OS you want in this vm. It will need two (possibly virtual, possibly
> physical) network adapters. The OS will have to be capable of being a DHCP
> server and a router. I usually use a Windows server OS or an open source
> solution like Untangle for this.

Yes, I did the same in many test labs where I had to put good firewall
capabilities in (using ISA Server).
But for a simple setup where you only need Internet connectivity, an
integrated NAT is simpler *and* it also saves a VM, which is good when you
have to run a full SCCM test lab...

Massimo

04-22-2009

"Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio
news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx

Quote:

> 3) Create a virtual machine for routing with *two* network adapters.

Yes, that's also what I had in mind (I don't know why I was talking about a
second network adapter on the host, that was actually useless).
But when memory is scarce, running a full VM only to get some routing is
really a waste...

Massimo

04-22-2009

"Massimo" <barone@xxxxxx> wrote in message
news:uMNGMu1wJHA.1492@xxxxxx

Quote:

> "Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio
> news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx
>

Quote:

>> 3) Create a virtual machine for routing with *two* network adapters.

>
> Yes, that's also what I had in mind (I don't know why I was talking about
> a second network adapter on the host, that was actually useless).
> But when memory is scarce, running a full VM only to get some routing is
> really a waste...
>
>
> Massimo
>

If you are running a server OS on the host you can use RRAS as a NAT
router between the physical and virtual networks. If you are running on a
client OS, ICS is not really suitable for running a domain on the virtuals
because it cannot be configured. Ditto for the Shared Networking (NAT) built
into VPC.

You could run third party NAT software, but ICS won't do it for you.

04-23-2009

"Bill Grant" <not.available@xxxxxx> ha scritto nel messaggio
news:OEczTZ7wJHA.5684@xxxxxx

Quote:

> If you are running a server OS on the host you can use RRAS as a NAT
> router between the physical and virtual networks. If you are running on a
> client OS, ICS is not really suitable for running a domain on the virtuals
> because it cannot be configured. Ditto for the Shared Networking (NAT)
> built into VPC.

Agreed.
And this is one of the most annoying limitations of VPC/VS when compared to
"other similar products" :-(

Massimo

04-24-2009

So give one of the servers in the test lab two NICs then install DHCP and
RRAS. Neither take a lot of resources and if it's a test lab I wouldn't
worry too much about running multiple roles on a server. Even if you use a
separate vm you only need about 512 MB to run a 2003 server with those
roles, less if you use Linux.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/

"Massimo" <barone@xxxxxx> wrote in message
news:uS9NPs1wJHA.3832@xxxxxx

Quote:

> "Kerry Brown" <kerry@xxxxxx-tems.c*a*m> ha scritto nel messaggio
> news:uuNgmg1wJHA.3364@xxxxxx
>

Quote:

>> There are several ways to do this. The simplest is to create a vm that
>> will be used as a gateway to the external world. You can install whatever
>> OS you want in this vm. It will need two (possibly virtual, possibly
>> physical) network adapters. The OS will have to be capable of being a
>> DHCP server and a router. I usually use a Windows server OS or an open
>> source solution like Untangle for this.

>
> Yes, I did the same in many test labs where I had to put good firewall
> capabilities in (using ISA Server).
> But for a simple setup where you only need Internet connectivity, an
> integrated NAT is simpler *and* it also saves a VM, which is good when you
> have to run a full SCCM test lab...
>
>
> Massimo
>

04-25-2009

"Kerry Brown" <kerry@xxxxxx-tems.c*a*m> ha scritto nel messaggio
news:%232nqwkTxJHA.3460@xxxxxx

Quote:

> So give one of the servers in the test lab two NICs then install DHCP and
> RRAS. Neither take a lot of resources and if it's a test lab I wouldn't
> worry too much about running multiple roles on a server. Even if you use a
> separate vm you only need about 512 MB to run a 2003 server with those
> roles, less if you use Linux.

I know, and it can actually run with only 256 MB if you use RRAS (512 is a
must if you put ISA Server on it). But you still need to set up a VM only
for this... while VMWare gives you this feature out-of-the-box.

I just can't understand why the NAT feature of VPC is 1) so buggy (that
"duplicate name" error is really annoying) and 2) totally not customizable,
you just can't change the network addresses and/or stop its integrated DHCP
service.

Massimo

04-22-2009	#1 (permalink)
Massimo n/a posts	Networking question I need to setup a lab environment with the following requisites: - Internal AD domain - Internal DHCP server - External connectivity using NAT (the internal network should be isolated) I haven't found a way to do this using Virtual Server or Virtual PC, while it was really easy to achieve using VMWare products. Please help if you can. 1) I can't use Virtual PC's "shared networking" feature, because it comes with a built-in DHCP server which conflicts with the internal one. 2) I can't do it at all using Virtual Server, as it doesn't even have NAT capabilities. 3) Someone suggested installing a loopback adapter on the host and enabling Internet Connection Sharing on it; ok, but then ICS will enable its own DHCP server too, effectively creating the same situation as #1. Possible solutions I've come up with: - Add a second network adapter on the host, add a VM connected to both the internat network and the external one and install a firewall in the VM (RRAS, ISA Server, etc.). - Install Windows Server 2003 on the host, add a loopback adapter and use RRAS instead of ICS to share the external connection. Both solutions are quite cumberstome and not applicable in my case (the host is my own client computer and it only has a single network adapter). Or, of course, there's the easiest solution of all: use VMWare. I'm really, REALLY, REALLY trying to get used to Virtual PC/Virtual Server, but I'm always finding something that VMWare does a lot better... I can't believe I can't do a simple NAT in 2009 when VMWare has been doing it for YEARS! Massimo
My System Specs

04-22-2009	#2 (permalink)
Bo Berglund n/a posts	Re: Networking question On Wed, 22 Apr 2009 11:56:13 +0200, "Massimo" <barone@xxxxxx> wrote: Quote: >I need to setup a lab environment with the following requisites: > >- Internal AD domain >- Internal DHCP server >- External connectivity using NAT (the internal network should be isolated) This can be accomplished easily: 1) Put all participating virtual machines on Local Only networking. 2) Configure your internal DHCP server to hand out the IP addresses on this isolated network. Of course the DHCP server will have a fixed address. 3) Create a virtual machine for routing with two network adapters. - The first is set to Local Only and configured with a fixed address - The second NIC is set to use the host's physical NIC. Do not use NAT since it just adds an extra layer of traffic through the host PC. 4) Install Windows Server 2003 or 2008 on this virtial machine and set its role as a router between the internal LAN and the external world. 5) Configure the DHCP server to hand out the gateway address as the router address. Or better yet, combine the two roles in one virtual machine by hosting the DHCP server on the router PC. This saves one virtual machine. Now you have an isolated network for all virtual machines that can access the Internet ONLY via the router. The router is multi-homed with one NIC on the internal isolated network and the other on the external network in parallel with the host PC. But it has its own external MAC and IP address so it is not the same as the host even though the Ethernet hardware is shared. Quote: > >I haven't found a way to do this using Virtual Server or Virtual PC, while >it was really easy to achieve using VMWare products. Please help if you can. > >1) I can't use Virtual PC's "shared networking" feature, because it comes >with a built-in DHCP server which conflicts with the internal one. >2) I can't do it at all using Virtual Server, as it doesn't even have NAT >capabilities. You don't want to use NAT anyway.... Quote: >3) Someone suggested installing a loopback adapter on the host and enabling >Internet Connection Sharing on it; ok, but then ICS will enable its own DHCP >server too, effectively creating the same situation as #1. Do not use ICS either! Quote: >Possible solutions I've come up with: > >- Add a second network adapter on the host, add a VM connected to both the >internat network and the external one and install a firewall in the VM >(RRAS, ISA Server, etc.). No need for an extra physical NIC to do this... Quote: >- Install Windows Server 2003 on the host, add a loopback adapter and use >RRAS instead of ICS to share the external connection. Somewhat like my suggestion above, but you'd probably combine DHCP and RRAS services in one multi-homed machine. Quote: >Both solutions are quite cumberstome and not applicable in my case (the host >is my own client computer and it only has a single network adapter). This does not matter one bit! Quote: >Or, of course, there's the easiest solution of all: use VMWare. > >I'm really, REALLY, REALLY trying to get used to Virtual PC/Virtual >Server, but I'm always finding something that VMWare does a lot better... I >can't believe I can't do a simple NAT in 2009 when VMWare has been doing it >for YEARS! > So why don't you stick with VMWare then??? Makes no sense to me to get into a lot of grief by switching from a comfortable, known and working solution to one that needs a lot of work and thinking to get going. Stay with VMWare and be happy! -- Bo Berglund (Sweden)
My System Specs

04-22-2009	#3 (permalink)
Kerry Brown n/a posts	Re: Networking question There are several ways to do this. The simplest is to create a vm that will be used as a gateway to the external world. You can install whatever OS you want in this vm. It will need two (possibly virtual, possibly physical) network adapters. The OS will have to be capable of being a DHCP server and a router. I usually use a Windows server OS or an open source solution like Untangle for this. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Massimo" <barone@xxxxxx> wrote in message news:e$tiXCzwJHA.4636@xxxxxx Quote: > I need to setup a lab environment with the following requisites: > > - Internal AD domain > - Internal DHCP server > - External connectivity using NAT (the internal network should be > isolated) > > I haven't found a way to do this using Virtual Server or Virtual PC, while > it was really easy to achieve using VMWare products. Please help if you > can. > > 1) I can't use Virtual PC's "shared networking" feature, because it comes > with a built-in DHCP server which conflicts with the internal one. > 2) I can't do it at all using Virtual Server, as it doesn't even have NAT > capabilities. > 3) Someone suggested installing a loopback adapter on the host and > enabling Internet Connection Sharing on it; ok, but then ICS will enable > its own DHCP server too, effectively creating the same situation as #1. > > Possible solutions I've come up with: > > - Add a second network adapter on the host, add a VM connected to both the > internat network and the external one and install a firewall in the VM > (RRAS, ISA Server, etc.). > - Install Windows Server 2003 on the host, add a loopback adapter and use > RRAS instead of ICS to share the external connection. > > Both solutions are quite cumberstome and not applicable in my case (the > host is my own client computer and it only has a single network adapter). > > Or, of course, there's the easiest solution of all: use VMWare. > > I'm really, REALLY, REALLY trying to get used to Virtual PC/Virtual > Server, but I'm always finding something that VMWare does a lot better... > I can't believe I can't do a simple NAT in 2009 when VMWare has been doing > it for YEARS! > > > Massimo >
My System Specs

04-22-2009	#4 (permalink)
Massimo n/a posts	Re: Networking question "Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx Quote: > So why don't you stick with VMWare then??? Company policy. Massimo
My System Specs

04-22-2009	#5 (permalink)
Massimo n/a posts	Re: Networking question "Kerry Brown" <kerry@xxxxxx-tems.cam> ha scritto nel messaggio news:uuNgmg1wJHA.3364@xxxxxx Quote: > There are several ways to do this. The simplest is to create a vm that > will be used as a gateway to the external world. You can install whatever > OS you want in this vm. It will need two (possibly virtual, possibly > physical) network adapters. The OS will have to be capable of being a DHCP > server and a router. I usually use a Windows server OS or an open source > solution like Untangle for this. Yes, I did the same in many test labs where I had to put good firewall capabilities in (using ISA Server). But for a simple setup where you only need Internet connectivity, an integrated NAT is simpler and it also saves a VM, which is good when you have to run a full SCCM test lab... Massimo
My System Specs

04-22-2009	#6 (permalink)
Massimo n/a posts	Re: Networking question "Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx Quote: > 3) Create a virtual machine for routing with two network adapters. Yes, that's also what I had in mind (I don't know why I was talking about a second network adapter on the host, that was actually useless). But when memory is scarce, running a full VM only to get some routing is really a waste... Massimo
My System Specs

04-22-2009	#7 (permalink)
Bill Grant n/a posts	Re: Networking question "Massimo" <barone@xxxxxx> wrote in message news:uMNGMu1wJHA.1492@xxxxxx Quote: > "Bo Berglund" <boberglund@xxxxxx> ha scritto nel messaggio > news:ih8uu4hmdlh1n8n53s7mlgo8ooobl1mc3i@xxxxxx > Quote: >> 3) Create a virtual machine for routing with two network adapters. > > Yes, that's also what I had in mind (I don't know why I was talking about > a second network adapter on the host, that was actually useless). > But when memory is scarce, running a full VM only to get some routing is > really a waste... > > > Massimo > If you are running a server OS on the host you can use RRAS as a NAT router between the physical and virtual networks. If you are running on a client OS, ICS is not really suitable for running a domain on the virtuals because it cannot be configured. Ditto for the Shared Networking (NAT) built into VPC. You could run third party NAT software, but ICS won't do it for you.
My System Specs

04-23-2009	#8 (permalink)
Massimo n/a posts	Re: Networking question "Bill Grant" <not.available@xxxxxx> ha scritto nel messaggio news:OEczTZ7wJHA.5684@xxxxxx Quote: > If you are running a server OS on the host you can use RRAS as a NAT > router between the physical and virtual networks. If you are running on a > client OS, ICS is not really suitable for running a domain on the virtuals > because it cannot be configured. Ditto for the Shared Networking (NAT) > built into VPC. Agreed. And this is one of the most annoying limitations of VPC/VS when compared to "other similar products" :-( Massimo
My System Specs

04-24-2009	#9 (permalink)
Kerry Brown n/a posts	Re: Networking question So give one of the servers in the test lab two NICs then install DHCP and RRAS. Neither take a lot of resources and if it's a test lab I wouldn't worry too much about running multiple roles on a server. Even if you use a separate vm you only need about 512 MB to run a 2003 server with those roles, less if you use Linux. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ "Massimo" <barone@xxxxxx> wrote in message news:uS9NPs1wJHA.3832@xxxxxx Quote: > "Kerry Brown" <kerry@xxxxxx-tems.cam> ha scritto nel messaggio > news:uuNgmg1wJHA.3364@xxxxxx > Quote: >> There are several ways to do this. The simplest is to create a vm that >> will be used as a gateway to the external world. You can install whatever >> OS you want in this vm. It will need two (possibly virtual, possibly >> physical) network adapters. The OS will have to be capable of being a >> DHCP server and a router. I usually use a Windows server OS or an open >> source solution like Untangle for this. > > Yes, I did the same in many test labs where I had to put good firewall > capabilities in (using ISA Server). > But for a simple setup where you only need Internet connectivity, an > integrated NAT is simpler and it also saves a VM, which is good when you > have to run a full SCCM test lab... > > > Massimo >
My System Specs

04-25-2009	#10 (permalink)
Massimo n/a posts	Re: Networking question "Kerry Brown" <kerry@xxxxxx-tems.cam> ha scritto nel messaggio news:%232nqwkTxJHA.3460@xxxxxx Quote: > So give one of the servers in the test lab two NICs then install DHCP and > RRAS. Neither take a lot of resources and if it's a test lab I wouldn't > worry too much about running multiple roles on a server. Even if you use a > separate vm you only need about 512 MB to run a 2003 server with those > roles, less if you use Linux. I know, and it can actually run with only 256 MB if you use RRAS (512 is a must if you put ISA Server on it). But you still need to set up a VM only for this... while VMWare gives you this feature out-of-the-box. I just can't understand why the NAT feature of VPC is 1) so buggy (that "duplicate name" error is really annoying) and 2) totally not customizable, you just can't change the network addresses and/or stop its integrated DHCP service. Massimo
My System Specs

Similar Threads
Thread	Forum
Question about Home Networking	Vista networking & sharing
Networking question.	Network & Sharing
Networking Bug Question	Vista General
Vista x64 Networking question	Vista networking & sharing
Vista x64 Networking question	Vista networking & sharing