Ubuntu KVM - 无法通过桥接从访客访问网络,没有 DHCP,没有 ping

tag-icon tag-icon ubuntu linux-networking kvm-virtualization
Ubuntu KVM - 无法通过桥接从访客访问网络,没有 DHCP,没有 ping

我有一台运行 Ubuntu 16.04.3 LTS 图形界面的笔记本电脑(因此安装了 Network-Manager 等)。我认为我已经正确安装了 KVM 和 QEMU。当尝试从 netinstall ISO 设置 Debian VM 时,它无法从 DHCP 获取地址。我需要能够从笔记本电脑外部访问 VM,因此我不能使用 NAT。

我已尝试按照以下说明进行操作:
如何为虚拟机配置桥接网络
KVM-Guest 无法通过桥接 - 没有互联网连接
KVM 客户机无法访问互联网
但仍然没有运气。

笔记本电脑是戴尔 XPS 13,没有板载 NIC。相反,我连接了一个 TP-Link USB3.0 千兆以太网适配器,根据规格页面,它是 RTL8153 芯片组。主机上的以太网运行正常。Wifi 已禁用。

我尝试通过 Virt-Manager GUI、brctl 配置网桥,并在 /etc/network/interfaces 中定义它。据我所知,网桥已启动并正常工作,但尝试在虚拟机外部进行 ping 操作会导致失败。有一次,我可以 ping 主机笔记本电脑的 IP,但仅此而已(我不记得我做了什么导致这种情况,现在情况已经不同了,在同一子网上 ping 任何东西都会导致数据包消失,ping Google 会导致数据包消失Network is unreachable。我已停止 ufw 服务并刷新了 iptables 规则,但都无济于事。我在同一台机器上安装了 Docker,但我不知道这是否有任何区别。

主机:

ifconfig:

root@DB0277:~# ifconfig
br0       Link encap:Ethernet  HWaddr d4:6e:0e:06:29:c1  
          inet addr:10.11.x.44  Bcast:10.11.x.255  Mask:255.255.255.0
          inet6 addr: fe80::d66e:eff:fe06:29c1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:667579 errors:0 dropped:0 overruns:0 frame:0
          TX packets:351430 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:907499432 (907.4 MB)  TX bytes:21171832 (21.1 MB)

docker0   Link encap:Ethernet  HWaddr 02:42:54:45:ff:85  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

enxd46e0e0629c1 Link encap:Ethernet  HWaddr d4:6e:0e:06:29:c1  
          inet addr:10.11.x.44  Bcast:10.11.x.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:672999 errors:0 dropped:0 overruns:0 frame:0
          TX packets:354674 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:909372154 (909.3 MB)  TX bytes:21561645 (21.5 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:112607 errors:0 dropped:0 overruns:0 frame:0
          TX packets:112607 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:143555055 (143.5 MB)  TX bytes:143555055 (143.5 MB)

vnet0     Link encap:Ethernet  HWaddr fe:54:00:6d:02:e7  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2860 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:963296 (963.2 KB)  TX bytes:0 (0.0 B)

brctl:

root@DB0277:~# brctl show
bridge name bridge id           STP enabled interfaces
br0         8000.d46e0e0629c1   no          enxd46e0e0629c1
docker0     8000.02425445ff85   no      
virbr0      8000.fe54006d02e7   yes         vnet0

在 /etc/网络/接口:

auto lo
iface lo inet loopback

#auto br0
iface br0 inet dhcp
   bridge_ports enxd46e0e0629c1
   bridge_stp off
   bridge_fd 0.0

iptables:

root@DB0277:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

路线:

root@DB0277:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.11.x.1     0.0.0.0         UG    0      0        0 br0
10.11.x.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
10.11.y.21    10.11.x.1     255.255.255.255 UGH   100    0        0 enxd46e0e0629c1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

客户操作系统是未经修改的 Debian 9.0 netinstall。

将此发布到 ServerFault 是因为我已经成功设置了两个 KVM 主机,没有任何这些问题。我忽略了什么?

相关内容