Xen 网络 - dom0 收到 ARP 请求但无法访问

tag-icon tag-icon xen vlan bridge arp tcpdump
Xen 网络 - dom0 收到 ARP 请求但无法访问

dom0 和 domU 都是 Debian 8。

Dom0 网络配置为:

auto xenbr0
iface xenbr0 inet manual
    bridge_ports eth1
    bridge_stp off
    bridge_waitport 0
    bridge_fd 0

auto xenbr0.4
iface xenbr0.4 inet static
    address 192.168.4.13
    broadcast 192.168.4.255
    netmask 255.255.255.0
    gateway 192.168.4.1
    vlan-raw-device xenbr0

在主机上,我还更改了某些内核参数以允许转发并通过防火墙传递数据包。

# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.xenbr0.proxy_arp = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

/etc/xen/ 中的配置文件包含以下行:

vif = ['bridge=xenbr0,mac=00:16:3e:40:27:fa,ip=192.168.4.21']

现在这是 domU 网络配置。

auto eth0
iface eth0 inet static
    address 192.168.4.21
    broadcast 192.168.4.255
    netmask 255.255.255.0
    gateway 192.168.4.1

重新启动网络后,我们可以看到默认路由和 ARP 表。

在 dom0 上:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 xenbr0.4
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 xenbr0.4

# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.4.21                     (incomplete)                              xenbr0.4
192.168.4.21             ether   00:16:3e:40:27:fa   C                     xenbr0
192.168.4.1              ether   00:00:5e:00:01:05   C                     xenbr0.4
192.168.4.2              ether   00:17:7c:41:7c:ce   C                     xenbr0.4

多米诺骨牌:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.4.1     0.0.0.0         UG    0      0        0 eth0
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.4.1              ether   20:47:47:8c:d0:4c   C                     eth0

那么,如果我从 domU ping 192.168.4.1 并在 dom0 上运行 tcpdump,会发生什么?

在 dom0 上:

# tcpdump -vv host 192.168.4.21
tcpdump: listening on xenbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:14:57.603076 IP (tos 0x0, ttl 64, id 55216, offset 0, flags [DF], proto ICMP (1), length 84)
    domU > 192.168.4.1: ICMP echo request, id 725, seq 1, length 64
11:14:57.603086 IP (tos 0x0, ttl 63, id 55216, offset 0, flags [DF], proto ICMP (1), length 84)
    domU > 192.168.4.1: ICMP echo request, id 725, seq 1, length 64
11:14:57.621871 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has domU tell 192.168.4.1, length 46
...
8 packets captured
11 packets received by filter
0 packets dropped by kernel

多米诺骨牌:

# ping 192.168.4.1
PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data.
^C
--- 192.168.4.1 ping statistics ---
148 packets transmitted, 0 received, 100% packet loss, time 147000ms

当我 ping 192.168.4.13 时,我得到了类似的结果,当然 dom0 能够访问外部 IP 地址,但 domU 却不能。有人知道下一步该怎么做吗?谢谢。

相关内容