我已将 CentOS 6.4 服务器配置为运行多个 VM 的 KVM 主机。在此 KVM 主机上运行的 VM 正常。问题是:主机本身无法连接到互联网。
外部地址响应 ping,但外部域名解析失败(内部名称解析正常)。两个接口都指定了 DNS 服务器,并且这些服务器均可访问(响应 ping)。
主机操作系统:
$ cat /etc/redhat-release
CentOS release 6.4 (Final)
虚拟机配置为共享桥接网络接口br0,该接口已桥接至eth0主机。还有另一个 NIC ( eth1),也是桥接的 ( br1),目前未使用。
界面:
$ vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
HWADDR="5C:F3:FC:E3:7C:80"
ONBOOT="yes"
BRIDGE=br0
NM_CONTROLLED="no"
DNS1=10.0.0.11
DNS2=10.0.0.138
DOMAIN=[REDACTED]
TYPE=Ethernet
桥:
$ vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.0.18
NETMASK=255.255.255.0
DELAY=0
GATEWAY=10.0.0.138
STP=on
DNS1=10.0.0.11
DNS2=10.0.0.138
我自己也进行了一些故障排除,但无济于事。以下是一些故障排除信息:
ifconfig:
$ ifconfig
br0 Link encap:Ethernet HWaddr 5C:F3:FC:E3:7C:80
inet addr:10.0.0.18 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::5ef3:fcff:fee3:7c80/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68525 errors:0 dropped:0 overruns:0 frame:0
TX packets:25810 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3761359 (3.5 MiB) TX bytes:68108886 (64.9 MiB)
br1 Link encap:Ethernet HWaddr 00:1B:21:C5:65:A3
inet6 addr: fe80::21b:21ff:fec5:65a3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:578 (578.0 b)
eth0 Link encap:Ethernet HWaddr 5C:F3:FC:E3:7C:80
inet6 addr: fe80::5ef3:fcff:fee3:7c80/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:72703 errors:0 dropped:0 overruns:0 frame:0
TX packets:65806 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6750000 (6.4 MiB) TX bytes:70637683 (67.3 MiB)
eth1 Link encap:Ethernet HWaddr 5C:F3:FC:E3:7C:82
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1440 (1.4 KiB) TX bytes:1440 (1.4 KiB)
IP 路由表:
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br1
0.0.0.0 10.0.0.138 0.0.0.0 UG 0 0 0 br0
防火墙规则:
$ sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5905
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination