네트워크의 다른 실제 서버처럼 로컬 네트워크에 KVM 게스트(Ubuntu 18.04)를 추가하려고 합니다. 호스트 시스템(Ubuntu 18.04)에서 KVM 브리지 인터페이스를 구성했는데 연결이 제대로 작동합니다. 호스트 시스템은 로컬 네트워크를 통해 다른 서버에 연결할 수 있습니다.
호스트 시스템에 대한 netplan 구성:
$ cat 01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: false
bridges:
br0:
interfaces: [eno1]
addresses: [192.168.1.105/24]
gateway4: 192.168.1.1
nameservers:
addresses: [x.x.x.x, x.x.x.x]
dhcp4: false
ip a브리지 인터페이스를 보여주는 출력:
10697: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 62:cb:37:3c:c0:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.105/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::60cb:37ff:fe3c:c070/64 scope link
valid_lft forever preferred_lft forever
브리지 br0을 사용하여 KVM 네트워크 인터페이스를 만들었습니다.
virsh net-edit br0산출:
<network>
<name>br0</name>
<uuid>d277e3d1-b34e-4b1f-ae69-6a3c8f75626c</uuid>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
developer@serv31:~$ virsh net-list
Name State Autostart Persistent
----------------------------------------------------------
br0 active yes yes
default active yes yes
KVM 게스트 도메인의 인터페이스 정보:
<interface type='network'>
<mac address='52:54:00:14:dc:af'/>
<source network='br0'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
게스트 VM에서 고정 IP를 제공하도록 netplan을 구성했습니다. 구성된 IP로 부팅되었습니다.
$ cat 50-cloud-init.yaml
network:
version: 2
ethernets:
ens3:
addresses: [192.168.1.50/24]
gateway4: 192.168.1.1
nameservers:
addresses: [x.x.x.x, x.x.x.x]
dhcp4: false
게스트 VM ip a출력:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:14:dc:af brd ff:ff:ff:ff:ff:ff
inet 192.168.1.50/24 brd 192.168.1.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe14:dcaf/64 scope link
valid_lft forever preferred_lft forever
게스트 VM은 호스트 시스템에 연결할 수 있고(ping, telnet) 호스트 시스템은 게스트 VM에 연결할 수 있습니다. 그러나 네트워크의 다른 서버는 게스트 VM에 연결할 수 없으며 게스트 VM도 인터넷에 액세스할 수 없습니다. 이 문제를 해결하도록 도와주세요. 더 많은 정보가 필요하면 알려주시기 바랍니다.
편집하다 :
ip link출력 :
:~$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default qlen 1000
link/ether 00:21:9b:9a:f2:be brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:21:9b:9a:f2:c0 brd ff:ff:ff:ff:ff:ff
4: eno3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:21:9b:9a:f2:c2 brd ff:ff:ff:ff:ff:ff
5: eno4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:21:9b:9a:f2:c4 brd ff:ff:ff:ff:ff:ff
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:b3:0f:d6:24 brd ff:ff:ff:ff:ff:ff
9: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:56:08:1e brd ff:ff:ff:ff:ff:ff
10: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:56:08:1e brd ff:ff:ff:ff:ff:ff
19219: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:14:dc:af brd ff:ff:ff:ff:ff:ff
8744: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:6f:20:0f brd ff:ff:ff:ff:ff:ff
10950: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:c1:0e:86 brd ff:ff:ff:ff:ff:ff
10697: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 62:cb:37:3c:c0:70 brd ff:ff:ff:ff:ff:ff
10971: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:a4:13:1c brd ff:ff:ff:ff:ff:ff
virbr0 및 br0을 포함하는 iptable 규칙
:~$ sudo iptables-save | grep br0
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o br0 -j MASQUERADE
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i br0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i virbr0 -o br0 -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
답변1
sudo iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
sudo iptables -A FORWARD -i br0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i virbr0 -o br0 -j ACCEPT
sudo iptables -I FORWARD 1 -i br0 -o br0 -j ACCEPT
위의 규칙으로 문제가 해결되었습니다.