Blog Post

Virtualization
8 MIN READ

Windows NAT (WinNAT) -- Capabilities and limitations

scooley's avatar
scooley
Icon for Microsoft rankMicrosoft
Mar 21, 2019
First published on TECHNET on May 25, 2016 Author: Jason Messer How many devices (e.g. laptops, smart phones, tablets, DVRs, etc.) do you have at ho...
Updated Mar 22, 2019
Version 2.0
hyper v
NAT
Network Virtualization
networking
virtual machine
Tweltin's avatar
Tweltin
Copper Contributor
Aug 25, 2020

Hello Sarah,

 

Thanks for the write-up, this is very useful for a project I'm working on. 

 

Is there any way to add static mapping rules for specific external IP addresses on the NAT? For instance, if I had a computer with three network cards with these IPs: 10.95.1.135, 10.95.1.136 and 192.168.1.1 and my NAT was set up so the internal prefix is 192.168.1.0/24, could I set up the NAT so that 10.95.1.135 forwards to 192.168.1.135 for ports 1-65535 but 10.95.1.136 forwards to 192.168.1.136 for ports 1-65535?

 

Basically I'm trying to get pseudo 1:1 NAT working rather than just PAT. I've tried to set this up, but the Add-NetNatStaticMapping cmdlet fails with any other external IP address other than 0.0.0.0. If I try to add an external address and port range, I get an error saying "Element Not Found".

 

PS C:\WINDOWS\system32> get-netnat


Name                             : NATNetwork
ExternalIPInterfaceAddressPrefix :
InternalIPInterfaceAddressPrefix : 192.168.1.0/24
IcmpQueryTimeout                 : 30
TcpEstablishedConnectionTimeout  : 1800
TcpTransientConnectionTimeout    : 120
TcpFilteringBehavior             : AddressDependentFiltering
UdpFilteringBehavior             : AddressDependentFiltering
UdpIdleSessionTimeout            : 120
UdpInboundRefresh                : False
Store                            : Local
Active                           : True



PS C:\WINDOWS\system32> Add-NetNatStaticMapping -NatName NATNetwork -Protocol TCP -ExternalIPAddress 10.95.1.135 -ExternalPort 80 -InternalIPAddress 192.168.1.135 -InternalPort 80
Add-NetNatStaticMapping : The external IP address 10.95.1.135 and port number 80 for the static mapping does not match
an existing ExternalAddress' IP address or port range. Use Add-NetNatExternalAddress to add an ExternalAddress.
At line:1 char:1
+ Add-NetNatStaticMapping -NatName NATNetwork -Protocol TCP -ExternalIP ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_NetNatStaticMapping:root/StandardCi...atStaticMapping) [Add-NetNatSt
   aticMapping], CimException
    + FullyQualifiedErrorId : Windows System Error 1169,Add-NetNatStaticMapping

PS C:\WINDOWS\system32> Get-NetNatExternalAddress | where-object {$_.NatName -eq "NATNetwork" -and $_.IPAddress -eq "10.95.1.135"}


ExternalAddressID : 30
NatName           : NATNetwork
IPAddress         : 10.95.1.135
PortStart         : 6609
PortEnd           : 6708
Active            : True

ExternalAddressID : 31
NatName           : NATNetwork
IPAddress         : 10.95.1.135
PortStart         : 62065
PortEnd           : 62164
Active            : True



PS C:\WINDOWS\system32> Add-NetNatExternalAddress -NatName NATNetwork -IPAddress 10.95.1.135 -PortStart 80 -PortEnd 80
Add-NetNatExternalAddress : Element not found.
At line:1 char:1
+ Add-NetNatExternalAddress -NatName NATNetwork -IPAddress 10.95.1.135  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (MSFT_NetNatExternalAddress:root/StandardCi...ExternalAddress) [Add-NetN
   atExternalAddress], CimException
    + FullyQualifiedErrorId : Windows System Error 1168,Add-NetNatExternalAddress