我想從網際網路連接到 VM1 (192.168.122.101),即網際網路 (xx5.5/ens3:4) <-> VM1 (192.168.122.101),但不影響其他網路(ens3、ens3:0- >3)。
問題是我的 VPS 只有一個實體網卡。其他 IP 為別名,如下圖所示。如果我橋接 ens3,別名不會被刪除嗎?
我跟著本指南依照字母順序,但ssh將 VM (@xx5.5) 連接到主 NIC/主機 (@88.88.88.88)。ssh本機 IP (@192.168.122.101) 連接到 VM。
我應該如何配置 VPS 上的網絡,使其為每個虛擬機(目前是一個虛擬機)分配一個可以連接到互聯網並充當網絡伺服器的私人 IP?如果 Ubuntu 16.04 無法實現所需的設置,那麼升級到 18/20.04 可以嗎?
配置:
- OVH VPS
- 烏班圖16.04
- 鍵盤虛擬機
- 烏夫沃
- 虛擬min / webmin
網路(簡化):
Internet
\
|
+------------------------+
| Ubuntu server | virbr0 (192.168.122.1/24)
+------------------------+ NAT
| ens3: 88.88.88.88 | Static IP for VM
+----------------+-------------+------------+-----------------+
| ens3:0 x.x.1.1 | | site1.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:1 x.x.2.2 | | site2.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:2 x.x.3.3 | | site3.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:3 x.x.4.4 | | site4.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:4 x.x.5.5 | | VM1/Ubuntu | 192.168.122.101
+----------------+-------------+------------+-----------------+
目前IP配置:
root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff
inet 88.88.88.88/32 brd 88.88.88.88 scope global ens3
valid_lft forever preferred_lft forever
inet x.x.1.1/32 brd x.x.1.1 scope global ens3:0
valid_lft forever preferred_lft forever
inet x.x.2.2/32 brd x.x.2.2 scope global ens3:1
valid_lft forever preferred_lft forever
inet x.x.3.3/32 brd x.x.3.3 scope global ens3:2
valid_lft forever preferred_lft forever
inet x.x.4.4/32 brd x.x.4.4 scope global ens3:3
valid_lft forever preferred_lft forever
inet x.x.5.5/32 brd x.x.5.5 scope global ens3:4
valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UNKNOWN group default qlen 1000
link/ether 50:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff
root:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff
virsh配置:
root:~# virsh net-dumpxml default
<network connections='1'>
<name>default</name>
<uuid>54b584b8-b2f5-45cb-a8e1-8d75540dc1a8</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='51:52:00:c9:9b:7d'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
root:~# virsh domifaddr dpcloud
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet0 50:54:00:46:ea:7c ipv4 192.168.122.101/24
root:~# ssh [email protected]
...
root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.101/24 brd 192.168.122.255 scope global dynamic ens2
valid_lft 3470sec preferred_lft 3470sec
inet6 fe80::5054:ff:fe46:ea7c/64 scope link
valid_lft forever preferred_lft forever
答案1
我最終聽從了@ChaoxiangN的建議這裡:
- 刪除別名
- 設定網橋 (br0) 並向其新增其他 IP
- 使用自己的橋接網路 (virbr0) 設定 KVM 虛擬機
然後,我使用 iptables 啟用 NAT,而不是「4/ 在來賓內部,設定 ipv4 以使用其他 IP」:
root:~# iptables -t nat -I PREROUTING -p tcp -d 111.122.133.144 --dport 1:65535 -j DNAT --to-destination 192.168.122.88:1-65535
root:~# iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
注意:111.122.133.144=公用IP,192.168.122.88=VM1 IP
ssh [email protected]
...
user@VM1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:32:00:11:20:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.88/24 brd 192.168.122.255 scope global dynamic enp1s0
valid_lft 3576sec preferred_lft 3576sec
inet6 fe80::5054:ff:fe73:2096/64 scope link
valid_lft forever preferred_lft forever