我花了幾天時間尋找答案,任何配置都適合我設定網路工作。
我有 CentOS 7 (10.120.0.57)並安裝了 KVM。我創建了簡單的訪客(10.120.0.58)也使用 CentOS7 的虛擬機,但我在來賓上的網路有一些問題。主機可以存取互聯網,並且可以 ping 通訪客電腦。來賓也可以 ping 主機,但是當它 ping 其他 IP 時,它會得到:目的地無法到達。我提前在兩台機器上停用了firewalld和selinux以消除問題。
我的主機橋應該傳遞流量,因為我設定了 /etc/sysctl.conf (!!!)
net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1
在主機上tcp轉儲當我嘗試 ping 網路的真實網關(10.120.0.1)
IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 1, length 64
IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 2, length 64
如果我從訪客處 ping,例如 google.com (來自主機的 tcpdump):
IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64
IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64
當然,當我 ping 訪客 (10.120.0.58)<=> 主機(10.120.0.57):
10.120.0.58 > localhost.localdomain: ICMP echo request, id 3719, seq 8, length 64
localhost.localdomain > 10.120.0.58: ICMP echo reply, id 3719, seq 8, length 64
有人可以告訴我我的主機/來賓配置有問題嗎?
主持人: ifconfig -a:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.120.0.57 netmask 255.255.255.0 broadcast 10.120.0.255
inet6 fe80::20c:29ff:fed5:14fa prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d5:14:fa txqueuelen 1000 (Ethernet)
RX packets 74849 bytes 6444652 (6.1 MiB)
RX errors 0 dropped 100 overruns 0 frame 0
TX packets 1033 bytes 88046 (85.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16780032: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fed5:14fa prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d5:14:fa txqueuelen 1000 (Ethernet)
RX packets 2975 bytes 239252 (233.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 164 bytes 23286 (22.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 6 bytes 644 (644.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 644 (644.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:9f:de:66 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:9f:de:66 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether fe:54:00:7f:c5:c5 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 5885 overruns 0 carrier 0 collisions 0
vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether fe:54:00:b0:3d:40 txqueuelen 1000 (Ethernet)
RX packets 420 bytes 34697 (33.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 111762 bytes 9374955 (8.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0配置:
DEVICE=br0
BOOTPROTO=static
TYPE=Bridge
ONBOOT=yes
IPADDR="10.120.0.57"
NETMASK="255.255.255.0"
#GATEWAY="10.120.0.1"
#DNS1="10.120.0.1"
#DNS2="8.8.8.8"
STP=yes
DELAY=0
NM_CONTROLLED=no
eno16780032配置:
TYPE="Ethernet"
#NAME="eno16780032"
#UUID="4fc9740c-536a-4330-aab4-bdef7489582f"
DEVICE="eno16780032"
ONBOOT="yes"
NM_CONTROLLED=no
BRIDGE=br0
橋:
bridge name bridge id STP enabled interfaces
br0 8000.000c29d514fa yes eno16780032
vnet0
vnet1
virbr0 8000.5254009fde66 yes virbr0-nic
主機/etc/sysconfig/network:
# Created by anaconda
NETWORKING=yes
GATEWAY=10.120.0.1
訪客eth0配置:
DEVICE=eth0
NAME=eth0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR="10.120.0.58"
NETMASK="255.255.255.0"
GATEWAY="10.120.0.57" (!?)
DNS1="10.120.0.57"
DNS2="8.8.8.8"
預先感謝您的瀏覽。
編輯
我新增來自主機的 iptables 結果:
[root@localhost ~]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 59 packets, 4981 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 34 packets, 3619 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 103 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 2 packets, 103 bytes)
pkts bytes target prot opt in out source destination
來自訪客的 iptables:
[root@localhost ~]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
來自訪客的追蹤路徑(10.120.0.58) 至 8.8.8.8:
1?: [LOCALHOST] pmtu 1500
1: 10.120.0.58 3012.516ms !H
Resume: pmtu 1500
編輯2
我加iptables -L -v -n結果。來自主持人:
[root@localhost ~]# iptables -L -v -n
Chain INPUT (policy ACCEPT 162K packets, 17M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 8 packets, 476 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3894 packets, 309K bytes)
pkts bytes target prot opt in out source destination
來自客人:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
答案1
由於您將主機的實體設備與虛擬機器橋接(我猜vnet0和/或是vnet1用於虛擬機器的設備),因此您可以實體存取10.120.0.0/24虛擬機器內的網路。
所以你應該更換
GATEWAY="10.120.0.57" (!?)
DNS1="10.120.0.57"
經過
GATEWAY="110.120.0.1"
DNS1="10.120.0.1"
答案2
我也有完全一樣的問題。它看起來像是 virtio 網路驅動程式中的一個錯誤。為了解決該問題我做了以下更改:
在 Centos 7 上 - KVM -->
- 在執行 KVM 的 Centos 7 上停用 NetworkManager 服務並啟用舊的「網路」服務。
- 在 /etc/sysconfig/network 中定義網關,並在 /etc/sysconfig/network-scripts/ifcfg-eth0 (或類似檔案)中進行所有必要的變更。設定IPADDR、NETMASK等
- 更改來賓電腦的虛擬網路驅動程式(透過 virt-manager)。將其設為“e1000”
在您的客人上 -->
- 完全一樣。停用 NetworkManager 並啟用網路服務。
- 此變更可能會影響網路介面名稱,因此請使用指令 #cat /proc/net/dev (centos guest) 檢查新名稱
以上對我有用。我花了一個多星期才找到解決方案。