编辑

tag-icon tag-icon networking virtualization kvm-virtualization centos7 host
编辑

我找了几天的答案,任何配置都适合我来设置网络工作。

我有 CentOS 7 (10.120.0.57) 上安装了 KVM。我创建了简单的客户机 (10.120.0.58) vm 也安装了 CentOS7,但我在客户机上遇到了一些网络问题。主机可以访问互联网,并且可以 ping 客户机。客户机也可以 ping 主机,但当它 ping 其他 IP 时,它会得到:无法到达目的地。我提前在两台机器上禁用了firewalld和selinux,以消除问题。

我的主机桥应该传递流量,因为我设置了 /etc/sysctl.conf(!!!)

net.ipv4.ip_forward = 1
net.ipv4.conf.all.proxy_arp = 1

在主机上tcpdump我可以看到来自客户机的 ICMP 数据包,但它只是单向请求(没有回复),当我尝试 ping 网络的真实网关时(10.120.0.1

IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 1, length 64
IP 10.120.0.58 > gateway: ICMP echo request, id 3716, seq 2, length 64

如果我从访客(例如 google.com) ping (来自主机的 tcpdump):

 IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64
 IP localhost.localdomain > 10.120.0.58: ICMP localhost.localdomain udp port domain unreachable, length 64

但当我 ping Guest 时,ping 当然可以正常工作(10.120.0.58)<=> 主持人(10.120.0.57):

10.120.0.58 > localhost.localdomain: ICMP echo request, id 3719, seq 8, length 64
localhost.localdomain > 10.120.0.58: ICMP echo reply, id 3719, seq 8, length 64

有人能告诉我我的主机/客户机配置出了什么问题吗?

主持人: ifconfig-a:

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.120.0.57  netmask 255.255.255.0  broadcast 10.120.0.255
        inet6 fe80::20c:29ff:fed5:14fa  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:d5:14:fa  txqueuelen 1000  (Ethernet)
        RX packets 74849  bytes 6444652 (6.1 MiB)
        RX errors 0  dropped 100  overruns 0  frame 0
        TX packets 1033  bytes 88046 (85.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno16780032: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::20c:29ff:fed5:14fa  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:d5:14:fa  txqueuelen 1000  (Ethernet)
        RX packets 2975  bytes 239252 (233.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 164  bytes 23286 (22.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 6  bytes 644 (644.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 644 (644.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:9f:de:66  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:9f:de:66  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether fe:54:00:7f:c5:c5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 5885 overruns 0  carrier 0  collisions 0

vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether fe:54:00:b0:3d:40  txqueuelen 1000  (Ethernet)
        RX packets 420  bytes 34697 (33.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 111762  bytes 9374955 (8.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br0配置:

DEVICE=br0
BOOTPROTO=static
TYPE=Bridge
ONBOOT=yes
IPADDR="10.120.0.57"
NETMASK="255.255.255.0"
#GATEWAY="10.120.0.1"
#DNS1="10.120.0.1"
#DNS2="8.8.8.8"
STP=yes
DELAY=0
NM_CONTROLLED=no

eno16780032配置:

TYPE="Ethernet"
#NAME="eno16780032"
#UUID="4fc9740c-536a-4330-aab4-bdef7489582f"
DEVICE="eno16780032"
ONBOOT="yes"
NM_CONTROLLED=no
BRIDGE=br0

桥:

bridge name     bridge id               STP enabled     interfaces
br0             8000.000c29d514fa       yes             eno16780032
                                                        vnet0
                                                        vnet1
virbr0          8000.5254009fde66       yes             virbr0-nic

主机 /etc/sysconfig/network:

# Created by anaconda
NETWORKING=yes
GATEWAY=10.120.0.1

客户 eth0 配置:

DEVICE=eth0
NAME=eth0
TYPE=Ethernet
BOOTPROTO=static
ONBOOT=yes
IPADDR="10.120.0.58"
NETMASK="255.255.255.0"
GATEWAY="10.120.0.57" (!?)
DNS1="10.120.0.57"
DNS2="8.8.8.8"

提前感谢您的观看。

编辑

我从主机添加 iptables 结果:

[root@localhost ~]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 59 packets, 4981 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain INPUT (policy ACCEPT 34 packets, 3619 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 2 packets, 103 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 2 packets, 103 bytes)
 pkts bytes target     prot opt in     out     source               destination

来自来宾的 Iptables:

[root@localhost ~]# iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

来自客户的跟踪路径(10.120.0.58)至8.8.8.8:

 1?: [LOCALHOST]                                         pmtu 1500
 1:  10.120.0.58                                         3012.516ms !H
                   Resume: pmtu 1500

编辑2

我加iptables -L -v -n结果。来自主持人:

[root@localhost ~]# iptables -L -v -n
Chain INPUT (policy ACCEPT 162K packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 8 packets, 476 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 3894 packets, 309K bytes)
 pkts bytes target     prot opt in     out     source               destination

来自访客:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

答案1

由于您将主机的物理设备与虚拟机桥接(我猜vnet0vnet1用于虚拟机的设备),因此您可以10.120.0.0/24在虚拟机内物理访问网络。
因此您应该替换

GATEWAY="10.120.0.57" (!?)
DNS1="10.120.0.57"

经过

GATEWAY="110.120.0.1"
DNS1="10.120.0.1"

答案2

我遇到了完全相同的问题。这看起来像是 virtio 网络驱动程序中的一个错误。为了解决这个问题,我做了以下更改:

在 Centos 7 上 - KVM -->

  1. 在运行 KVM 的 Centos 7 上禁用 NetworkManager 服务并启用旧的“网络”服务。
  2. 在 /etc/sysconfig/network 中定义您的网关,并在 /etc/sysconfig/network-scripts/ifcfg-eth0(或类似文件)中进行所有必要的更改。设置 IPADDR、NETMASK 等。
  3. 更改您的客户机的虚拟网络驱动程序(通过 virt-manager)。将其设置为“e1000”

在您的访客 -->

  1. 做同样的事情。禁用 NetworkManager 并启用网络服务。
  2. 此更改会影响网络接口名称,因此请使用命令 #cat /proc/net/dev (centos 客户机) 检查新名称

以上对我有用。我花了一个多星期才找到解决方案。

相关内容