我尝试设置具有桥接网络的 KVM 服务器。我按照文档操作,但仍然无法使其工作。客户系统可以 ping 主机系统,主机可以 ping 客户系统,因此这两者之间的连接似乎可以正常工作。
我基本上只是希望 KVM 客户机与主机系统位于同一网络中,并且它们共享以太网端口。
如果有人能给我一些提示如何让它工作,我将不胜感激。
在/etc/config/接口:
auto lo
iface lo inet loopback
iface eth1 inet manual
auto br0
iface br0 inet static
address 172.16.66.22
network 172.16.66.0
netmask 255.255.255.0
gateway 172.16.66.254
broadcast 172.16.66.255
bridge_stp off
bridge_ports eth1
bridge_maxwait 0
bridge_fd 0
服务器上 ifconfig 的输出:
br0 Link encap:Ethernet HWaddr 00:c0:dd:0b:84:3e
inet addr:172.16.66.22 Bcast:172.16.66.255 Mask:255.255.255.0
inet6 addr: 2401:f000:3:0:2c0:ddff:fe0b:843e/64 Scope:Global
inet6 addr: fe80::2c0:ddff:fe0b:843e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12363 errors:0 dropped:0 overruns:0 frame:0
TX packets:853 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1939520 (1.8 MiB) TX bytes:308716 (301.4 KiB)
eth1 Link encap:Ethernet HWaddr 00:c0:dd:0b:84:3e
inet6 addr: fe80::2c0:ddff:fe0b:843e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12444 errors:0 dropped:0 overruns:0 frame:0
TX packets:915 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:256
RX bytes:2133993 (2.0 MiB) TX bytes:312032 (304.7 KiB)
Interrupt:18
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:976 errors:0 dropped:0 overruns:0 frame:0
TX packets:976 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:323811 (316.2 KiB) TX bytes:323811 (316.2 KiB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:9a:a0:14
inet6 addr: fe80::fc54:ff:fe9a:a014/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:71 errors:0 dropped:0 overruns:0 frame:0
TX packets:11443 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:3946 (3.8 KiB) TX bytes:1969514 (1.8 MiB
$ cat /proc/sys/net/ipv4/ip_forward
1
$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.00c0dd0b843e no eth1
vnet0
$ ps -ef | egrep '(qemu|kvm)'
root 1346 2 0 13:20 ? 00:00:00 [kvm-irqfd-clean]
105 1823 1 3 13:22 ? 00:04:45 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name secondserver -uuid 3c31fa7d-6fe7-26fa-e62e-3b948a4023a4 -nodefaults -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/secondserver.monitor,server,nowait -mon chardev=monitor,mode=readline -rtc base=utc -boot c -drive file=/dev/kvm-server/secondserver,if=none,id=drive-virtio-disk0,boot=on,format=raw,cache=none -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -drive if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -device virtio-net-pci,vlan=0,id=net0,mac=52:54:00:9a:a0:14,bus=pci.0,addr=0x3 -net tap,fd=66,vlan=0,name=hostnet0 -chardev pty,id=serial0 -device isa-serial,chardev=serial0 -usb -device usb-tablet,id=input0 -vnc 127.0.0.1:0 -k en-us -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
$ iptables -L && iptables -L -t nat
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ brctl showmacs br0
port no mac addr is local? ageing timer
1 00:0c:42:30:ef:cb no 5.94
1 00:0e:08:d7:32:dd no 41.34
1 00:0e:08:dd:9f:94 no 30.49
1 00:0e:08:dd:9f:96 no 46.45
1 00:19:b9:08:2f:6d no 0.00
1 00:1a:c1:f3:95:66 no 1.98
1 00:c0:dd:0b:84:3e yes 0.00
1 3c:ce:73:d2:67:2f no 53.84
1 3c:ce:73:d2:67:3c no 6.84
1 44:d3:ca:78:b4:b1 no 13.97
1 98:d6:bb:61:44:43 no 186.44
1 f4:ce:46:48:ef:1f no 4.46
2 fe:54:00:9a:a0:14 yes 0.00
$ tail -n 3 /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
我还在服务器上执行了 tcpdump,当我尝试从客户端到网关时,我得到以下输出:
16:12:32.533844 ARP, Request who-has 172.16.66.254 tell 172.16.66.36, length 28
...
最后它失败了,因为它无法到达网关。
我还截取了客户端网络配置的屏幕截图,因为我还没有互联网连接来安装 openssh。
答案1
问题似乎不是出在主机或客户机配置上,而是出在相邻的网络设备上。
初步猜测,您可以想象您在交换机上启用了端口安全功能,仅允许 1 个设备进行以太网连接。但可能还有很多其他原因。