有一个 CentOS KVM 主机,上面的几个客户机通过 br0 桥接器与真实的外部 IP 一起工作良好
现在创建新的 Guest,为其提供真正的静态 IP(就像我对其他 GUEST 所做的那样),但不能上网。但新 GUEST 可以 ping 通 HOST 和此 HOST 上的其他 GUEST
主机 ifconfig
# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 62.*.*.44 netmask 255.255.255.0 broadcast 62.*.*.255
inet6 fe80::225:90ff:fe2e:d8a8 prefixlen 64 scopeid 0x20<link>
ether 00:25:90:2e:d8:a8 txqueuelen 1000 (Ethernet)
RX packets 681705441 bytes 1105019968953 (1.0 TiB)
RX errors 0 dropped 124860 overruns 0 frame 0
TX packets 193512123 bytes 107459762227 (100.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.19.254 netmask 255.255.255.0 broadcast 192.168.19.255
inet6 fe80::225:90ff:fe2e:d8a9 prefixlen 64 scopeid 0x20<link>
ether 00:25:90:2e:d8:a9 txqueuelen 1000 (Ethernet)
RX packets 167220 bytes 52175150 (49.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 174167 bytes 32975397 (31.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.254 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::221:91ff:fed6:daa8 prefixlen 64 scopeid 0x20<link>
ether 00:21:91:d6:da:a8 txqueuelen 1000 (Ethernet)
RX packets 145303 bytes 43515865 (41.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 132665 bytes 20911054 (19.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp1s4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::221:91ff:fed6:daa8 prefixlen 64 scopeid 0x20<link>
ether 00:21:91:d6:da:a8 txqueuelen 1000 (Ethernet)
RX packets 2503746 bytes 1017776995 (970.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2471034 bytes 991294789 (945.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp5s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::225:90ff:fe2e:d8a8 prefixlen 64 scopeid 0x20<link>
ether 00:25:90:2e:d8:a8 txqueuelen 1000 (Ethernet)
RX packets 869448632 bytes 1087851084640 (1013.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 342604014 bytes 203755604899 (189.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfafe0000-faffffff
enp5s0f1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::225:90ff:fe2e:d8a9 prefixlen 64 scopeid 0x20<link>
ether 00:25:90:2e:d8:a9 txqueuelen 1000 (Ethernet)
RX packets 21206229 bytes 6500554675 (6.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20805805 bytes 6408524379 (5.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfaf60000-faf7ffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 502370 bytes 78778656 (75.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 502370 bytes 78778656 (75.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:37:be:7d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:b8:21:24 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fee2:caae prefixlen 64 scopeid 0x20<link>
ether fe:54:00:e2:ca:ae txqueuelen 1000 (Ethernet)
RX packets 15369361 bytes 45420762336 (42.3 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23668906 bytes 8045283799 (7.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe75:4502 prefixlen 64 scopeid 0x20<link>
ether fe:54:00:75:45:02 txqueuelen 1000 (Ethernet)
RX packets 65372413 bytes 92323003967 (85.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 88528850 bytes 15240358919 (14.1 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe00:761d prefixlen 64 scopeid 0x20<link>
ether fe:54:00:00:76:1d txqueuelen 1000 (Ethernet)
RX packets 20630909 bytes 6375500628 (5.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21037136 bytes 6445910789 (6.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fec3:35e2 prefixlen 64 scopeid 0x20<link>
ether fe:54:00:c3:35:e2 txqueuelen 1000 (Ethernet)
RX packets 2338278 bytes 970377345 (925.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2359253 bytes 972272478 (927.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fefd:b505 prefixlen 64 scopeid 0x20<link>
ether fe:54:00:fd:b5:05 txqueuelen 1000 (Ethernet)
RX packets 112 bytes 5016 (4.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8480 bytes 614444 (600.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
主机 IP 地址
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UP qlen 1000
link/ether 00:21:91:d6:da:a8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::221:91ff:fed6:daa8/64 scope link
valid_lft forever preferred_lft forever
3: enp5s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP qlen 1000
link/ether 00:25:90:2e:d8:a8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::225:90ff:fe2e:d8a8/64 scope link
valid_lft forever preferred_lft forever
4: enp5s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br1 state UP qlen 1000
link/ether 00:25:90:2e:d8:a9 brd ff:ff:ff:ff:ff:ff
inet6 fe80::225:90ff:fe2e:d8a9/64 scope link
valid_lft forever preferred_lft forever
5: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:21:91:d6:da:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.20.254/24 brd 192.168.20.255 scope global br2
valid_lft forever preferred_lft forever
inet6 fe80::221:91ff:fed6:daa8/64 scope link
valid_lft forever preferred_lft forever
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:25:90:2e:d8:a8 brd ff:ff:ff:ff:ff:ff
inet *.*.16.44/24 brd *.*.16.255 scope global br0
valid_lft forever preferred_lft forever
inet 192.168.5.27/24 brd 192.168.5.255 scope global dynamic br0
valid_lft 227543sec preferred_lft 227543sec
inet6 fe80::225:90ff:fe2e:d8a8/64 scope link
valid_lft forever preferred_lft forever
7: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:25:90:2e:d8:a9 brd ff:ff:ff:ff:ff:ff
inet 192.168.19.254/24 brd 192.168.19.255 scope global br1
valid_lft forever preferred_lft forever
inet6 fe80::225:90ff:fe2e:d8a9/64 scope link
valid_lft forever preferred_lft forever
8: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:b8:21:24 brd ff:ff:ff:ff:ff:ff
9: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 1000
link/ether 52:54:00:b8:21:24 brd ff:ff:ff:ff:ff:ff
10: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:37:be:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
11: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
link/ether 52:54:00:37:be:7d brd ff:ff:ff:ff:ff:ff
16: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
link/ether fe:54:00:75:45:02 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe75:4502/64 scope link
valid_lft forever preferred_lft forever
17: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN qlen 1000
link/ether fe:54:00:00:76:1d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe00:761d/64 scope link
valid_lft forever preferred_lft forever
18: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br2 state UNKNOWN qlen 1000
link/ether fe:54:00:c3:35:e2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fec3:35e2/64 scope link
valid_lft forever preferred_lft forever
30: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
link/ether fe:54:00:e2:ca:ae brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fee2:caae/64 scope link
valid_lft forever preferred_lft forever
48: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 1000
link/ether fe:54:00:fd:b5:05 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fefd:b505/64 scope link
valid_lft forever preferred_lft forever
HOST 路由
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default cc4-gw.colocall 0.0.0.0 UG 0 0 0 br0
62.*.*.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
link-local 0.0.0.0 255.255.0.0 U 1005 0 0 br2
link-local 0.0.0.0 255.255.0.0 U 1006 0 0 br0
link-local 0.0.0.0 255.255.0.0 U 1007 0 0 br1
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 br1
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 br2
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
主机 brctl 显示
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0025902ed8a8 no enp5s0f0
vnet0
vnet1
vnet4
br1 8000.0025902ed8a9 no enp5s0f1
vnet2
br2 8000.002191d6daa8 no enp1s4
vnet3
virbr0 8000.52540037be7d yes virbr0-nic
virbr1 8000.525400b82124 yes virbr1-nic
HOST ping 访客
# ping 62.*.*.61
PING 62.*.*.61 (62.*.*.61) 56(84) bytes of data.
64 bytes from 62.*.*.61: icmp_seq=1 ttl=64 time=0.406 ms
64 bytes from 62.*.*.61: icmp_seq=2 ttl=64 time=0.496 ms
64 bytes from 62.*.*.61: icmp_seq=3 ttl=64 time=0.371 ms
^C
--- 62.*.*.61 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.371/0.424/0.496/0.055 ms
主机 KVM 网络设置
<interface type='bridge'>
<mac address='52:54:00:fd:b5:05'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
访客 ifconfig
$ ifconfig
ens3 Link encap:Ethernet HWaddr 52:54:00:fd:b5:05
inet addr:62.*.*.61 Bcast:62.*.*.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fefd:b505/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11209 errors:0 dropped:5 overruns:0 frame:0
TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:815753 (815.7 KB) TX bytes:11211 (11.2 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:9989 errors:0 dropped:0 overruns:0 frame:0
TX packets:9989 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:742656 (742.6 KB) TX bytes:742656 (742.6 KB)
GUEST ip a
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:fd:b5:05 brd ff:ff:ff:ff:ff:ff
inet 62.*.*.61/24 brd 62.*.*.255 scope global ens3
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fefd:b505/64 scope link
valid_lft forever preferred_lft forever
客人路线
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 62.*.*.2 0.0.0.0 UG 0 0 0 ens3
localnet * 255.255.255.0 U 0 0 0 ens3
访客 ping 主机
$ ping 62.*.*.44
PING 62.*.*.44 (62.*.*.44) 56(84) bytes of data.
64 bytes from 62.*.*.44: icmp_seq=1 ttl=64 time=0.324 ms
64 bytes from 62.*.*.44: icmp_seq=2 ttl=64 time=0.290 ms
^C
--- 62.*.*.44 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.290/0.307/0.324/0.017 ms
GUEST ping 该 HOST 上的其他 GUEST
$ ping 62.*.*.42
PING 62.*.*.42 (62.*.*.42) 56(84) bytes of data.
64 bytes from 62.*.*.42: icmp_seq=1 ttl=64 time=1.21 ms
64 bytes from 62.*.*.42: icmp_seq=2 ttl=64 time=0.635 ms
^C
--- 62.*.*.42 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.635/0.927/1.219/0.292 ms
$ ping 62.*.*.17
PING 62.*.*.17 (62.*.*.17) 56(84) bytes of data.
64 bytes from 62.*.*.17: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 62.*.*.17: icmp_seq=2 ttl=64 time=0.744 ms
^C
--- 62.*.*.17 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.744/0.947/1.150/0.203 ms
GUEST ping 到 8.8.8.8
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 62.*.*.61 icmp_seq=1 Destination Host Unreachable
From 62.*.*.61 icmp_seq=2 Destination Host Unreachable
From 62.*.*.61 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3016ms pipe 3
访客 /etc/network/interfaces
$ tail -n50 /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto ens3
iface ens3 inet static
address 62.*.*.61
netmask 255.255.255.0
# network 62.*.*.0
broadcast 62.*.*.255
gateway 62.*.*.2
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8 62.149.2.52 62.149.2.60
访客 iptables
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我很困惑,不知道我需要做什么(((
答案1
是啊!我找到了解决这个问题的方法:我只需要建立新的 Guest 关系网络。然后一切就开始正常工作了!