Windows 10: Firewall blocking access from Hyper-V VM to host over Internal network even though there is...

I have a Linux VM which is using a Internal network to connect to the host with NAT enabled. The host IP address is 192.168.215.1 and the Linux VM has an IP address of 192.168.215.2.


I have the following firewall rule which allows access from the Hyper-V subnet to the host:




However when I try to access the host from the VM, the packets are being dropped:




I've looked at the WFP filters and it's being dropped by this filter even though there is a filter above it which represents the rule:

<item>

<filterKey>{97969ea2-81ed-486d-94fd-1e7aa27a8e70}</filterKey>

<displayData>

<name>Query User</name>

<description>Prompt the User for a decision corresponding this Inbound Traffic</description>

</displayData>

<flags/>

<providerKey>{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}</providerKey>

<providerData>

<data>ab43000000000000</data>

<asString>.C......</asString>

</providerData>

<layerKey>FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4</layerKey>

<subLayerKey>{b3cdd441-af90-41ba-a745-7c6008ff2301}</subLayerKey>

<weight>

<type>FWP_UINT8</type>

<uint8>8</uint8>

</weight>

<filterCondition numItems="1">

<item>

<fieldKey>FWPM_CONDITION_ORIGINAL_PROFILE_ID</fieldKey>

<matchType>FWP_MATCH_EQUAL</matchType>

<conditionValue>

<type>FWP_UINT32</type>

<uint32>1</uint32>

</conditionValue>

</item>

</filterCondition>

<action>

<type>FWP_ACTION_BLOCK</type>

<filterType/>

</action>

<rawContext>0</rawContext>

<reserved/>

<filterId>142780</filterId>

<effectiveWeight>

<type>FWP_UINT64</type>

<uint64>9223372036854791168</uint64>

</effectiveWeight>

</item>


The odd thing is that I can access 192.168.50.81 which is the IP address of the Ethernet connection of the host but not the actual IP address of the virtual network adapter i.e. 192.168.215.1.


Any thoughts about what is blocking the access to the host IP address in the virtual network and how to fix it?

:)

 

Hyper-V host cannot RDP into local clients running in an internal network

I have installed Hyper-V on my Windows 10 machine and are running a few different test machines on it. My test machines have two Nics -- One is disabled and primarily used when I need them to connect with the internet for various downloads etc. The other
Nic is connected to an internal switch on the host with hardcoded IP's allowing the VMs to always communicate with each other.

My problem is when I attempt to RDP into the VMs from the host machine I am not able to reach them. IF I log into the machines first through the Hyper-V console and toggle a Nic (i.e. disable/enable one of the nics) I am able to RDP into the VM until it
is rebooted again (My host is a laptop so they are being shutdown nightly).

I did mess around with the network settings on a previous setup and had it working -- but I am unable to reproduce the same settings. Currently the host is all "auto" setup by the system with three switches:

• External linked to my Wireless Nic
• External Linked to my Physical Nic
• Internal switch used for the VM's communicate amongst each other

Any ideas on what network settings I am missing that will allow me to connect to the VM's instantly through an RDP connection? (I can console connect but prefer using RDCMan).

Thanks,

HP

 

Get access to VM machine on Hyper-V from login screen of Host PC

Hi Steven,

Thank you for writing to Microsoft Community Forums.

I understand that you want to get access to the VM machine on Hyper-V from the login screen of the host PC. However, as you are using Hyper-V and VM, I suggest you to post your query in

TechNet forums, where we have support professionals who are well equipped with the knowledge on Hyper-V and VM’s.

Hope it helps.

Nikhar Khare

Microsoft Community - Moderator

 

Providing Network Access to a Windows 10 Pro Guest Under Hyper-V Using an Internal Virtual Switch

I am running Windows 10 Pro 1903 on a physical machine. On that machine, I am running Hyper-V. I have a Windows 10 Pro 1903 guest running under Hyper-V.

I would like the guest to have network access beyond the host (i.e. access to my LAN and to the Internet). This should be possible in three ways:

1. The Hyper-V NAT-based default virtual switch
   
2. A Hyper-V external switch
   
3. A Hyper-V internal switch
   

Hyper-V NAT-Based Default Virtual Switch

The usual way to provide network access to a guest is to bind the guest's NIC to the Hyper-V default switch. This gives network access via NAT.

I prefer to not do this for two reasons:

1. When I perform network captures at various places in my network, traffic from the host and traffic from the guest are indistinguishable since all guest traffic gets NATed to have a source IP equal to that of the host.
   
2. Connections to the guest cannot be made without getting into port forwarding configuration via PowerShell.
   

Hyper-V External Virtual Switch

Network access can be provided by binding the guest's NIC to a Hyper-V external switch. This will put the guest directly on the physical LAN.

This solution works only if the host has a wired Ethernet connection. It does not work if the host's network connectivity is via Wi-Fi. Hence, this is not an option for me.

Hyper-V Internal Virtual Switch

It seems that one should be able to provide network access to a guest using these steps:

1. Binding the guest's NIC to a Hyper-V internal virtual switch that is shared with the host
   
2. Designating the host as the guest's default gateway
   
3. Enabling IP forwarding on the host
   

I have set up this configuration but have been unable to get it to work.

Unsure if IP Forwarding is Properly Enabled

To enable IP forwarding on the host, I made this registry setting:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
  
• REG_DWORD
  
• 1
  

I also enabled the Routing and Remote Access service.

My experience on Windows 7 and earlier was that only the registry modification was necessary. For Windows 10, I've seen many references that one must also enable Routing and Remote Access. I am unsure what the proper way to enable IP forwarding in Windows 10 is since I haven't seen it work with either the registry modification or the enabling of Routing and Remote Access, alone or in combination.

Firewall on Host

I have added / enabled both inbound and outbound firewall rules on the host that explicitly allow all traffic from the guest.

I had already tried disabling the firewall on the host and found no difference in behavior. So, I did not expect this to make a difference, and indeed it did not.

Request for Help

Is anybody able to see where I may be going wrong in attempting to provide network access to the guest via a Hyper-V internal switch?

If additional information is needed, I will be glad to provide it.

Thank you in advance for any assistance provided.