Hyper-V NAT disable TCP source port translation

pumaikar 20 Reputation points
2023-01-16T08:08:22.9233333+00:00

my question: Is there possibilty to disable port translation in Hyper-V NAT? I could do this in Oracle VM VirtualBox but i could not find it in Hyper-V.

I have Hyper-V VM with Debian on windows host where one my service-client is running. That client exchanges some packets with server on public internet. Problem is that when TCP packet is sent from client (Debian VM), the TCP source port is changed by Hyper-V NAT. I can see it inside packet trace in wireshark in windows. This is problem because client and server exchanges ports during handshake and then they communicate over UDP on those ports. So server and clinet expect UDP packets on these ports.

For info: I created my own virtual switch of type Internal in Hyper-V.

Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,792 questions
0 comments No comments
{count} votes

Accepted answer
  1. Eric Siron 1,566 Reputation points MVP
    2023-01-17T17:38:50.6466667+00:00

    I've read your post a couple of times and I'm still confused on a few points. No service should ever negotiate source ports because they're not reliable. I'm also confused as to which endpoint is the client and which is the server in this communication stream.

    You can prevent some port translation with port forwarding. Use the Add-NetNatStaticMapping cmdlet. The example shows a static translation from 80 to 8080, but if you omit the InternalPort parameter, then Hyper-V won't change it. If you just don't know which port it will be, then you could call the script enough times to set all port values in the expected range. But, if you're going to do that, then I don't understand why you'd use NAT at all. Just set up a standard External Hyper-V switch and give the guest an IP on the same network as the host.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. pumaikar 20 Reputation points
    2023-01-18T12:55:20.5466667+00:00

    Thank you for response. The Add-NetNatStaticMapping cmdlet works as expected. I set 0.0.0.0 for parameter -ExternalIPAddress to work for all endpoints in windows. I set UDP for -Protocol. Now the source port is not changed when UDP packet is sent from client (Debian) to server (public IP). Unfortunately there is no option to enter port range so i have to enter each port manually.

    I can't use External switch because i accessing internet sometimes by ethernet adapter and sometimes by USB modem (mobile network). It is not possible to bind modem in External switch. Internet access is controled in windows by automated software 24/7.

    The service that negotiate source and destionation ports exists, it is Twamp, it has own protocol. The server has option to disable checking negotiated source port and i use this option. But for documentation i wanted to know how to disable port translation in Hyper-V. Maybe in future i will need it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.