我已经在 VirtualBox(嵌套 Vt)上设置了 KVM 环境。来宾虚拟机 Ubuntu 可以 ping 虚拟机主机 Centos7,反之亦然,但无法访问互联网,也无法 ping 我的 InternetLANrouter gw (192.168.0.1)。我已经创建了网桥 br0 并与接口 enp0s3 进行映射。 VMHostCentos7 能够 ping 我的 LAN、routerGW 并能够访问互联网。我创建了 VMGuestUbuntu16 并使用 br0 网络。 VMGuestUbuntu16 能够获取 dhcp ip (192.168.0.145) 并能够 ping VMHostCentos7,但无法 ping routerGW 192.168.0.1 并且无法访问互联网。我还关闭了 NetworkManager 并添加了 ipforwarding 'net.ipv4.ip_forward = 1' 请告知这里可能出了什么问题,也许我错过了一些配置。请帮忙。谢谢。
设置如下:-
PhysicalHost [virtualbox]---VMHostCentos7---KVM---VMGuestUbuntu16
IP:192.168.0.141 192.168.0.110 192.168.0.145
**VMHostCentos7**
**(1)IFCONFIG**
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.110 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412 prefixlen 64 scopeid 0x0<global>
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 54148 bytes 3915355 (3.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 77447 bytes 56912501 (54.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 53931 bytes 4689769 (4.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89777 bytes 73006443 (69.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 62865 bytes 847930152 (808.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62865 bytes 847930152 (808.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:62:dc:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
**(2) IP A**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 08:00:27:a4:15:07 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.110/24 brd 192.168.0.255 scope global dynamic br0
valid_lft 603473sec preferred_lft 603473sec
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412/64 scope global mngtmpaddr dynamic
valid_lft 86395sec preferred_lft 86395sec
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:a2:b5:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea2:b56d/64 scope link
valid_lft forever preferred_lft forever
**(3)bridge link show br0**
2: enp0s3 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
6: virbr0-nic state DOWN : <BROADCAST,MULTICAST> mtu 1500 master virbr0 state disabled priority 32 cost 100
7: vnet0 state UNKNOWN : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
**(4) ip route**
default via 192.168.0.1 dev br0
169.254.0.0/16 dev br0 scope link metric 1004
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.110
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
**(5) brctl show**
bridge name bridge id STP enabled interfaces
br0 8000.080027478412 yes enp0s3
vnet0
virbr0 8000.52540062dc29 yes virbr0-nic
**(6) virsh net-list**
Name State Autostart Persistent
----------------------------------------------------------
default active yes yes
**VMGuestUbuntu16**
(1) virsh edit U1604_BR0
.....
</controller>
<interface type='bridge'>
<mac address='52:54:00:a2:b5:6d'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</memballoon>
</devices>
</domain>
在我的虚拟机上允许所有混杂模式后,我的虚拟机能够 ping 物理主机 IP,但仍然无法访问互联网。仍然无法解决这个问题...我进行了搜索,但仍然没有解决我的问题。感谢您的帮助。
输出如下
VMCentos (Host)
No Output when VMUbuntu(guess) ping router gw.
[root@mykvm_01 ~]# tcpdump -i br0 -ne icmp
VMUbuntu (guess)
ping 192.168.0.1 ===> router gw
From 192.168.0.145 icmp_seq=1 Destination Host Unreachable
From 192.168.0.145 icmp_seq=2 Destination Host Unreachable
From 192.168.0.145 icmp_seq=3 Destination Host Unreachable
VMCentos (Host)
[root@mykvm_01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
22380 1455K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
27 7012 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 33030 packets, 26M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
36 4032 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
33030 26M OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * br0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
今天更新 7/8:- 我已经创建了新的虚拟机猜测并使用 virbr0 (NAT),并且该虚拟机能够 ping routergw 并能够访问互联网。这不是我想要的设置,因为我无法通过我的 LAN 或从其他电脑访问/ssh 猜测虚拟机。我仍然需要使用网桥 br0 接口并解决为什么无法 ping gw 并访问互联网的问题。我的设置中一定缺少某些东西..可能是防火墙?