我正在使用 QubesOS 操作系统,但无法通过另一台虚拟机中的网桥连接虚拟机。初始配置如下所示:
路由器虚拟机:
[user@lab-adsis2-router ~]$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: vif12.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 32 link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff inet 192.168.100.0/32 scope global vif12.0 valid_lft forever preferred_lft forever inet6 fe80::fcff:ffff:feff:ffff/64 scope link valid_lft forever preferred_lft forever 3: vif11.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 32 link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff inet 192.168.100.0/32 scope global vif11.0 valid_lft forever preferred_lft forever inet6 fe80::fcff:ffff:feff:ffff/64 scope link valid_lft forever preferred_lft forever 4: vif13.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 32 link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff inet 192.168.100.0/32 scope global vif13.0 valid_lft forever preferred_lft forever inet6 fe80::fcff:ffff:feff:ffff/64 scope link valid_lft forever preferred_lft forever 5: vif14.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 32 link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff inet 192.168.100.0/32 scope global vif14.0 valid_lft forever preferred_lft forever inet6 fe80::fcff:ffff:feff:ffff/64 scope link valid_lft forever preferred_lft forever [user@lab-adsis2-router ~]$ ip r 192.168.100.1 dev vif12.0 scope link metric 32740 192.168.100.2 dev vif11.0 scope link metric 32741 192.168.100.3 dev vif13.0 scope link metric 32739 192.168.100.4 dev vif14.0 scope link metric 32738
路由器虚拟机中的 sysconf 的 IPv4 转发参数也已正确设置。
客户端虚拟机:
[user@lab-adsis2-box1 ~]$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/32 brd 192.168.100.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::216:3eff:fe5e:6c00/64 scope link valid_lft forever preferred_lft forever [user@lab-adsis2-box1 ~]$ ip r default via 192.168.100.0 dev eth0 192.168.100.0 dev eth0 scope link
这样虚拟机就可以互相 ping 通了,所以路由器正常工作了。但是当我尝试设置一个网桥来统一路由器的所有接口时,问题出现了:
[user@lab-adsis2-router ~]$ sudo ip l a name br0 type bridge
[user@lab-adsis2-router ~]$ sudo ip link set br0 up
[user@lab-adsis2-router ~]$ sudo ip link set br0 up
[user@lab-adsis2-router ~]$ sudo ip l set vif11.0 master br0
[user@lab-adsis2-router ~]$ sudo ip l set vif12.0 master br0
[user@lab-adsis2-router ~]$ sudo ip l set vif13.0 master br0
[user@lab-adsis2-router ~]$ sudo ip l set vif14.0 master br0
[user@lab-adsis2-router ~]$ sudo ip a a dev br0 192.168.100.0/16
[user@lab-adsis2-router ~]$ bridge link
2: vif12.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
3: vif11.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
4: vif13.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
5: vif14.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
完成此操作后,我无法在客户端之间 ping 通,而且我不知道原因。
所有机器都是 Fedora 29,并且未安装 ebtables。