我有两个虚拟机。U1 和 U2
虚拟机U1有两个适配器,enp0s3 桥接到我主机上的无线适配器,enp0s8 连接到名为“inet”的内部网络。此外,我还在 enp0s8 接口上运行 dhcp 服务器。我还使用 /etc/network/interfaces 文件为 U1 的 enp0s8 接口配置静态 ip 地址
虚拟机U2有一个适配器 enp0s3,它连接到名为“inet”的内部网络。
现在当我启动 U1 然后启动 U2 并执行
ping <u1_enp0s8_ip_address>
我收到了 U2 的回复
但是当我尝试
ping <u1_enp0s3_ip_address>
U2 没有回应
我也尝试过
ping -I enp0s8 <u1_enp0s3_ip_address>
在 U1 中,没有响应。
我需要做什么才能使 U1 上的 enp0s8 能够与 U1 上的 enp0s3 通信?
任何建议/回复都将不胜感激。我已经被这个问题困扰了好几天了。
(编辑1)
sudo iptables -L
命令输出
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(编辑2)
sudo iptables -L
命令输出
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(编辑3)
route -n
命令输出
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp0s3
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s8
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
enp0s3(外部网络接口)的网络为 192.168.0.0/24,enp0s8(内部网络接口)的网络为 10.0.1.0/24
sysctl net.ipv4.ip_forward
命令输出
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
问候
答案1
在 U1 上,您需要为内部专用网络设置 NAT,或者将其打开并只转发数据包。如果选择第二种方式,您需要在物理 LAN 上要连接到虚拟 LAN 的任何机器上设置适当的路由。
如果要设置 NAT,则必须启用数据包转发并设置一些iptables
规则。这是我使用的脚本 -
#!/bin/bash
# a very simple set of iptables commands
# to allow forwarding between ethernet
# devices
# which device is the one that connects to The World (or at least your
# non virtual LAN - this would be a Bridged or NAT (not NAT Network) type
# in VirtualBox
WAN_DEVICE="enp0s3"
# which device is the one that connects to Internal Only or Host Only network?
LAN_DEVICE="enp0s8"
# enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# where is iptables located?
iptables=`which iptables`
# flush all existing rules
$iptables -F
# this is for NAT
# enable masquerading
$iptables -t nat -A POSTROUTING -o $WAN_DEVICE -j MASQUERADE
# don't forward packets from off-lan to lan if
# they are a brand new connection being formed
$iptables -A FORWARD -i $WAN_DEVICE -o $LAN_DEVICE -m state --state NEW -j REJECT
# if the packets come from off-lan but they are
# related to a connection that was established from
# within the lan, go ahead and forward them
$iptables -A FORWARD -i $WAN_DEVICE -o $LAN_DEVICE -m state --state RELATED,ESTABLISHED -j ACCEPT
# whatever traffic comes from the lan to go to
# the world allow thru
$iptables -A FORWARD -i $LAN_DEVICE -o $WAN_DEVICE -j ACCEPT
运行此命令后,你的 iptables 应该如下所示
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere state NEW reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
直接打开它有点过头了,但您可以简单地更改上面的规则以接受所有连接并在两个接口上转发输入/输出。这样做,您还将删除 NAT/Masquerade 命令,但您需要在要从物理 LAN 连接到虚拟 LAN 的任何机器上设置路由。只需注释掉其他$iptables
调用(flush 调用除外)并复制最后一行,并将设备引用反转,这样可以将脚本简化为 -
#!/bin/bash
# a very simple set of iptables commands
# to allow forwarding between ethernet
# devices
# which device is the one that connects to The World (or at least your
# non virtual LAN - this would be a Bridged or NAT (not NAT Network) type
# in VirtualBox
WAN_DEVICE="enp0s3"
# which device is the one that connects to Internal Only network?
LAN_DEVICE="enp0s8"
# enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# where is iptables located?
iptables=`which iptables`
# flush all existing rules
$iptables -F
# whatever traffic comes from the lan to go to
# the world allow thru
$iptables -A FORWARD -i $LAN_DEVICE -o $WAN_DEVICE -j ACCEPT
# whatever traffic comes from the world to go to
# the lan allow thru
$iptables -A FORWARD -i $WAN_DEVICE -o $LAN_DEVICE -j ACCEPT
使用这个之后,你的 iptables 应该看起来像
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
答案2
在 U1 上启用转发。大多数操作系统默认不进行接口到接口路由,除非您明确告知。
检查 U1 上的操作系统级防火墙规则。nat
也不要忘记表格。