我正在尝试向 KVM 客户机添加三个接口(我的托管服务提供商要求),但运气不佳!我一次只能让一个接口在客户机上工作。如果我nmtui
在 CentOS 7 客户机上启用内部适配器,同时禁用其他适配器,它将工作,但其他适配器甚至不再 ping 通。我认为我对桥接工作原理的理解存在问题,希望得到一些指点。
目标:在主机上设置网桥,在客户机上设置三个接口(服务器提供商分配 MAC 地址供我使用)
信息:
xxx.yyy.107.27 - assume main IP address of the Host machine
xxx.yyy.107.1 - gateway for the above
255.255.255.192 - netmask for the above
xxx.yyy.168.170 - IP address #1 for Guest
xxx.yyy.168.171 - IP address #2 for Guest
xxx.yyy.168.174 - IP address #3 for Guest
xxx.yyy.168.169 - Gateway for IPs 1-3 given by Provider
255.255.255.248 - Netmask for IPs 1-3 given by Provider
00:50:56:00:a4:33 - MAC for IP 1
00:50:56:00:9a:97 - MAC for IP 2
00:50:56:00:ad:04 - MAC for IP 3
Debian 8 主机 /etc/network/interfaces:
# Loopback device:
auto lo
iface lo inet loopback
# eth0
auto eth0
iface eth0 inet manual
iface eth0 inet6 static
address 2a01:4f8:171:101a::2
netmask 64
gateway fe80::1
auto br0
iface br0 inet static
address xxx.yyy.107.27
netmask 255.255.255.192
gateway xxx.yyy.107.1
broadcast xxx.yyy.107.63
bridge_ports eth0
bridge_fd 0
bridge_stp off
bridge_waitport 0
bridge_hello 2
bridge_maxage 12
Libvirt 网络:
<network>
<name>Host</name>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
Guest 相关接口的 XML 配置:
<interface type='network'>
<mac address='00:50:56:00:a4:33'/>
<source network='Host'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<interface type='network'>
<mac address='00:50:56:00:9a:97'/>
<source network='Host'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
<interface type='network'>
<mac address='00:50:56:00:ad:04'/>
<source network='Host'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</interface>
CentOS 7 客户机/etc/sysconfig/network-interfaces/ifcfg-eth0-1:
HWADDR=00:50:56:00:A4:33
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=18f3808e-335a-4932-93e4-683b987ddc07
DEVICE=eth0
ONBOOT=yes
PREFIX=32
PEERDNS=yes
PEERROUTES=yes
CentOS 7 客户机 /etc/sysconfig/network-interfaces/ifcfg-eth1:
HWADDR=00:50:56:00:9A:97
TYPE=Ethernet
BOOTPROTO=dhcp
DNS1=213.133.98.98
DNS2=213.133.99.99
DNS3=213.133.100.100
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME=eth1
UUID=a2c6c1e3-bfb2-4401-99e0-40f723d6d713
DEVICE=eth1
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
我没有看到第三个接口的任何文件,这与网络管理器有关吗?
客户的 /etc/sysconfig/network:
GATEWAY=xxx.yyy.107.1
Guest 上的 route -n 输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xxx.yyy.168.169 0.0.0.0 UG 100 0 0 ens8
0.0.0.0 xxx.yyy.168.169 0.0.0.0 UG 101 0 0 eth0
xxx.yyy.168.168 0.0.0.0 255.255.255.248 U 100 0 0 ens8
xxx.yyy.168.169 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
xxx.yyy.168.170 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
188.40.24.199 xxx.yyy.168.169 255.255.255.255 UGH 100 0 0 ens8
主机上的 route -n 输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 xxx.yyy.107.1 0.0.0.0 UG 0 0 0 br0
xxx.yyy.107.0 0.0.0.0 255.255.255.192 U 0 0 0 br0
看起来我的桥接器在任何给定时间只允许其中一个接口连接到外部世界。我想修复这个问题,但我不确定我的设置和理解是否正确。我可能设置得非常错误,并且发生了奇怪的事情,所以非常感谢任何帮助。
编辑 1: 客人的 ifconfig 上的当前状态:
ens8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xxx.yyy.168.174 netmask 255.255.255.248 broadcast xxx.yyy.168.175
inet6 fe80::250:56ff:fe00:ad04 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:00:ad:04 txqueuelen 1000 (Ethernet)
RX packets 6456 bytes 3735538 (3.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4987 bytes 548563 (535.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xxx.yyy.168.170 netmask 255.255.255.248 broadcast xxx.yyy.168.170
inet6 fe80::250:56ff:fe00:a433 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:00:a4:33 txqueuelen 1000 (Ethernet)
RX packets 1012 bytes 75375 (73.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47 bytes 5110 (4.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet xxx.yyy.168.171 netmask 255.255.255.248 broadcast xxx.yyy.168.175
inet6 fe80::250:56ff:fe00:9a97 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:00:9a:97 txqueuelen 1000 (Ethernet)
RX packets 1048 bytes 77065 (75.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22 bytes 2808 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 12243 bytes 1881497 (1.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12243 bytes 1881497 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
目前,只有 xxx.yyy.168.170 可以从客户机外部访问。其余的甚至不在主机上。
主机的ifconfig:
br0 Link encap:Ethernet HWaddr f8:32:e4:71:a2:87
inet addr:xxx.yyy.107.27 Bcast:xxx.yyy.107.63 Mask:255.255.255.192
inet6 addr: fe80::fa32:e4ff:fe71:a287/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20661927 errors:0 dropped:0 overruns:0 frame:0
TX packets:14207667 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3370784779 (3.1 GiB) TX bytes:2529369626 (2.3 GiB)
eth0 Link encap:Ethernet HWaddr f8:32:e4:71:a2:87
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22402779 errors:0 dropped:0 overruns:0 frame:0
TX packets:15423843 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4010564000 (3.7 GiB) TX bytes:2731403072 (2.5 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:21145 errors:0 dropped:0 overruns:0 frame:0
TX packets:21145 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2619801 (2.4 MiB) TX bytes:2619801 (2.4 MiB)
vnet0 Link encap:Ethernet HWaddr fe:50:56:00:a4:33
inet6 addr: fe80::fc50:56ff:fe00:a433/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2028 errors:0 dropped:0 overruns:0 frame:0
TX packets:7634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1219855 (1.1 MiB) TX bytes:692099 (675.8 KiB)
vnet1 Link encap:Ethernet HWaddr fe:50:56:00:9a:97
inet6 addr: fe80::fc50:56ff:fe00:9a97/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:6348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:5154 (5.0 KiB) TX bytes:520891 (508.6 KiB)
vnet2 Link encap:Ethernet HWaddr fe:50:56:00:ad:04
inet6 addr: fe80::fc50:56ff:fe00:ad04/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5080 errors:0 dropped:0 overruns:0 frame:0
TX packets:12829 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:560230 (547.0 KiB) TX bytes:4342111 (4.1 MiB)
答案1
Hetzner 不幸地告诉我,由于他们的过滤,虚拟机中一次只能有一个 IP 地址处于活动状态 (?)。如果您从 Hetzner 订购用于 VM 的附加 IP 地址,则每个 VM 在任何给定时间只能有一个 IP 地址可用。为了在 VM 上拥有多个 IP,Hetzner 提供了子网(目前最小为 /29)。我希望这对遇到类似问题的人有所帮助,因为他们的文档中没有概述这一点。
编辑:这已“解决” - 我需要等待几个小时才能接受我的答案。