我正在寻找几天的答案,任何configuration适合我设置networking工作。
我已经安装了KVM的CentOS 7( 10.120.0.57 )。 我用CentOS7创build了简单的guest( 10.120.0.58 )vm,但是我在guest虚拟机上有一些networking问题。 主机可以访问互联网,并可以ping客户机。 客人也可以ping主机,但是当它ping一些其他IP时,它会得到: Destination Unreachable 。 我提前禁用了两台机器上的firewalld和selinux以消除问题。
我的主机桥应该通过stream量,因为我设置了/etc/sysctl.conf(!!!)
net.ipv4.ip_forward = 1 net.ipv4.conf.all.proxy_arp = 1 在tcpdump的主机上,我可以看到来自guest 虚拟机的ICMP数据包,但只有一种方式请求(无应答),当我尝试pingnetworking的真实网关( 10.120.0.1 )时,
IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 1, length 64 IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 2, length 64
如果我从客人,如google.com( 来自主机tcpdump )ping:
IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64 IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64
但当然ping 平板电脑当我ping客户( 10.120.0.58 )<=>主机( 10.120.0.57 ):
10.120.0.58 > localhost.localdomain: ICMP echo request, id 3719, seq 8, length 64 localhost.localdomain > 10.120.0.58: ICMP echo reply, id 3719, seq 8, length 64
有人能告诉我我的Host / Guestconfiguration有什么问题吗?
HOST: ifconfig -a:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.120.0.57 netmask 255.255.255.0 broadcast 10.120.0.255 inet6 fe80::20c:29ff:fed5:14fa prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d5:14:fa txqueuelen 1000 (Ethernet) RX packets 74849 bytes 6444652 (6.1 MiB) RX errors 0 dropped 100 overruns 0 frame 0 TX packets 1033 bytes 88046 (85.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno16780032: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 inet6 fe80::20c:29ff:fed5:14fa prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d5:14:fa txqueuelen 1000 (Ethernet) RX packets 2975 bytes 239252 (233.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 164 bytes 23286 (22.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 6 bytes 644 (644.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 644 (644.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:9f:de:66 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 52:54:00:9f:de:66 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether fe:54:00:7f:c5:c5 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 5885 overruns 0 carrier 0 collisions 0 vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether fe:54:00:b0:3d:40 txqueuelen 1000 (Ethernet) RX packets 420 bytes 34697 (33.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 111762 bytes 9374955 (8.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0configuration:
DEVICE=br0 BOOTPROTO=static TYPE=Bridge ONBOOT=yes IPADDR="10.120.0.57" NETMASK="255.255.255.0" #GATEWAY="10.120.0.1" #DNS1="10.120.0.1" #DNS2="8.8.8.8" STP=yes DELAY=0 NM_CONTROLLED=no
eno16780032configuration:
TYPE="Ethernet" #NAME="eno16780032" #UUID="4fc9740c-536a-4330-aab4-bdef7489582f" DEVICE="eno16780032" ONBOOT="yes" NM_CONTROLLED=no BRIDGE=br0
桥:
bridge name bridge id STP enabled interfaces br0 8000.000c29d514fa yes eno16780032 vnet0 vnet1 virbr0 8000.5254009fde66 yes virbr0-nic
主机/ etc / sysconfig / network:
# Created by anaconda NETWORKING=yes GATEWAY=10.120.0.1
Guest eth0configuration:
DEVICE=eth0 NAME=eth0 TYPE=Ethernet BOOTPROTO=static ONBOOT=yes IPADDR="10.120.0.58" NETMASK="255.255.255.0" GATEWAY="10.120.0.57" (!?) DNS1="10.120.0.57" DNS2="8.8.8.8"
预先感谢您的采访。
我从主机添加iptables结果:
[root@localhost ~]# iptables -L -v -n -t nat Chain PREROUTING (policy ACCEPT 59 packets, 4981 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 34 packets, 3619 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2 packets, 103 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2 packets, 103 bytes) pkts bytes target prot opt in out source destination
来自客户的iptables:
[root@localhost ~]# iptables -L -v -n -t nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
来宾( 10.120.0.58 )到8.8.8.8的Tracepath :
1?: [LOCALHOST] pmtu 1500 1: 10.120.0.58 3012.516ms !H Resume: pmtu 1500
我添加iptables -L -v -n结果。 从主持人:
[root@localhost ~]# iptables -L -v -n Chain INPUT (policy ACCEPT 162K packets, 17M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 8 packets, 476 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3894 packets, 309K bytes) pkts bytes target prot opt in out source destination
来宾:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
由于您使用虚拟机桥接了主机的物理设备(我猜vnet0和/或vnet1是用于虚拟机的设备),因此您可以物理访问虚拟机中的10.120.0.0/24networking。
所以你应该更换
GATEWAY="10.120.0.57" (!?) DNS1="10.120.0.57"
通过
GATEWAY="110.120.0.1" DNS1="10.120.0.1"