我有Ubuntu 14.04(64位)KVM主机和2个NIC:
– eth0连接到“公共”网络
– eth1通过私有IP地址范围连接到br0网桥
– eth0连接到“公共”网络
– eth1通过私有IP地址范围连接到br0网桥
从主机我可以访问互联网,ping VM Guest并通过SSH连接到它.
从VM Guest我只能ping主机,但无法访问Internet而无法ping google.com
请帮助我在下面的设置中将VM Guest连接到互联网:
在主持人:
的/ etc /网络/接口
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.2.60 netmask 255.255.255.0 gateway 192.168.2.254 dns-nameservers 8.8.8.8 auto eth1 iface eth1 inet manual auto br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 bridge_ports eth1 bridge_stp off bridge_maxwait 0 bridge_fd 0 # Create and destroy the bridge automatically. pre-up brctl addbr br0 ip link set dev br0 up post-up /usr/sbin/brctl setfd br0 0 addif br0 eth1 post-down brctl delbr br0
KVM网络定义为:
<network> <name>br0-net</name> <uuid>9d24b473-0b4d-4cfa-8b12-7bf267d856ae</uuid> <forward mode='bridge'/> <bridge name='br0'/> </network>
#sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
#route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets,0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets,0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets,0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets,0 bytes) pkts bytes target prot opt in out source destination
在VM Guest:
的/ etc /网络/接口
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.0.11 netmask 255.255.255.0
Guest xml定义为
<interface type='bridge'> <mac address='52:54:00:6b:93:69'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </interface>
#route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets,0 bytes) pkts bytes target prot opt in out source destination
来自Guest的Ping KVM主机适用于10.0.0.1和192.168.2.60:
$ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.555 ms
$ping 192.168.2.60
PING 192.168.2.60 (192.168.2.60) 56(84) bytes of data. 64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.772 ms
从Guest ping另一台计算机192.168.2.3不起作用:
--- 192.168.2.3 ping statistics --- 277 packets transmitted,0 received,100% packet loss,time 276399ms
来自Guest的ping google.com不起作用:
ping: unknown host google.com
我认为你错过了假面舞会的iptable规则
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE