我有一台专用服务器(在 Hetzner),装有 Debian Jessie 和 KVM 用于虚拟化。对于两台虚拟机,我有两个额外的 IP 地址(带有额外的 MAC 地址),它们不属于子网(或与主 IP 相关)。
Main IP: WW.XX.YY.179
Additional IP 1: AA.BB.CC.DD
Additional IP 2: EE.FF.GG.HH
我想使用桥接设置将我的虚拟机连接到互联网,并使其可以从外部使用。基本上我使用了Hetzner 维基为了达成这个。
我可以使用外部 IP(WW.XX.YY.179、AA.BB.CC.DD、EE.FF.GG.HH)从服务器 ping(ssh)到虚拟机,但我无法从虚拟机访问外部互联网,也无法从外部访问虚拟机。
这里缺少什么?如果您能帮助我,我将不胜感激!非常感谢!干杯!
--
在服务器我在 /etc/network/interfaces 中使用以下配置
auto eth0
iface eth0 inet static
address WW.XX.YY.179
netmask 255.255.255.224
gateway WW.XX.YY.160
up route add -net WW.XX.YY.179 netmask 255.255.255.224 gw WW.XX.YY.160 eth0
auto br0
iface br0 inet static
address WW.XX.YY.179
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
up route add -host AA.BB.CC.DD dev br0
up route add -host EE.FF.GG.HH dev br0
还有客户使用以下网络配置:
auto eth0
iface eth0 inet static
address AA.BB.CC.DD
netmask 255.255.255.255
gateway WW.XX.YY.160
pointopoint WW.XX.YY.179
dns-nameservers 8.8.8.8 8.8.4.4
--
以下是在服务器:
root@server ~ # ifconfig
br0 Link encap:Ethernet HWaddr fe:50:56:00:3c:ae
inet addr:WW.XX.YY.179 Bcast:WW.XX.YY.179 Mask:255.255.255.255
inet6 addr: fe80::2020:30ff:fe08:631f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:188 errors:0 dropped:0 overruns:0 frame:0
TX packets:193 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25958 (25.3 KiB) TX bytes:22480 (21.9 KiB)
eth0 Link encap:Ethernet HWaddr 6c:62:6d:99:89:b1
inet addr:WW.XX.YY.179 Bcast:WW.XX.YY.BB Mask:255.255.255.224
inet6 addr: fe80::8f51:6dff:fe88:92b1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:825 errors:0 dropped:0 overruns:0 frame:0
TX packets:702 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:90106 (87.9 KiB) TX bytes:189776 (185.3 KiB)
*(omitted lo here...)*
vnet0 Link encap:Ethernet HWaddr fe:50:56:00:3c:af
inet6 addr: fe80::fc50:56ff:fe00:3caf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:120 errors:0 dropped:0 overruns:0 frame:0
TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:15247 (14.8 KiB) TX bytes:23643 (23.0 KiB)
vnet1 Link encap:Ethernet HWaddr fe:50:56:00:3c:ae
inet6 addr: fe80::fc50:56ff:fe00:3cae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:5351 (5.2 KiB) TX bytes:16307 (15.9 KiB)
root@server ~ # brctl show
bridge name bridge id STP enabled interfaces
br0 8000.fe5056003cae no vnet0
vnet1
root@server ~ # brctl showmacs br0
port no mac addr is local? ageing timer
1 00:50:56:00:3c:af no 58.00
3 fe:50:56:00:3c:ae yes 0.00
1 fe:50:56:00:3c:af yes 0.00
root@server ~ # ip route
default via WW.XX.YY.161 dev eth0
WW.XX.YY.160/27 via WW.XX.YY.161 dev eth0
WW.XX.YY.160/27 dev eth0 proto kernel scope link src WW.XX.YY.179
AA.BB.CC.DD dev br0 scope link
EE.FF.GG.HH dev br0 scope link
root@server ~ # ping AA.BB.CC.DD
PING AA.BB.CC.DD (AA.BB.CC.DD) 56(84) bytes of data.
64 bytes from AA.BB.CC.DD: icmp_seq=1 ttl=64 time=0.581 ms
*.... \o/*
root@server ~ # for file in `find /proc/ -iname send_redirects`; do echo $file; cat $file; done
/proc/sys/net/ipv4/conf/all/send_redirects
0
/proc/sys/net/ipv4/conf/br0/send_redirects
0
/proc/sys/net/ipv4/conf/default/send_redirects
0
/proc/sys/net/ipv4/conf/eth0/send_redirects
0
/proc/sys/net/ipv4/conf/lo/send_redirects
0
/proc/sys/net/ipv4/conf/vnet0/send_redirects
0
/proc/sys/net/ipv4/conf/vnet2/send_redirects
0
--
以下是在虚拟机:
root@vm1 ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:00:3c:af
inet addr:AA.BB.CC.DD Bcast:AA.BB.CC.DD Mask:255.255.255.255
inet6 addr: fe80::250:56ff:fe00:3caf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:192 errors:0 dropped:0 overruns:0 frame:0
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24463 (23.8 KiB) TX bytes:15857 (15.4 KiB)
*(omitted lo here...)*
root@vm1 ~ # ip route
WW.XX.YY.179 dev eth0 proto kernel scope link src AA.BB.CC.DD
root@vm1 ~ # ping 8.8.8.8
connect: Network is unreachable
root@vm1 ~ # ping WW.XX.YY.179
PING WW.XX.YY.179 (WW.XX.YY.179) 56(84) bytes of data.
64 bytes from WW.XX.YY.179 : icmp_req=1 ttl=64 time=0.104 ms
*.... \o/*
答案1
检查您的附加 IP 是否激活了单独的 Mac 地址,并尝试将它们与 vms 一起使用。
这个解决方案在 pfSense 上对我有用
答案2
auto br0
iface br0 inet static
address WW.XX.YY.179 (the one from eth0)
netmask 255.255.255.255 (the one from eth0)
gateway WW.XX.YY.160 (the one from eth0)
bridge_ports eth0
bridge_stp off
bridge_fd 1
bridge_hello 2
bridge_maxage 12
我的设置和你的一模一样,最后我使用 hetzner 的“完全桥接”设置完成了。(服务器也在 hetzner)
也许你和我一样是初学者,所以你害怕删除 eth0。我也有过这种恐惧。但它是有效的,因为 Hetzner 使用 MAC 路由,所以你的 eth0 不需要由你分配 mac。