KVM 网桥:无法从外部访问 VM

tag-icon tag-icon networking debian kvm-virtualization
KVM 网桥:无法从外部访问 VM

我有一台运行 Debian 稳定版的主机和一台在该主机上运行 Windows 的 KVM 虚拟机。我为虚拟机设置了网络桥接器,但无法从主机或同一网络上的其他计算机访问虚拟机(ping、连接……)。另一方面,虚拟机可以访问网络上的计算机以及互联网,只是外部到虚拟机的方向不起作用。

/etc/network/interfaces

auto lo
iface lo inet loopback

iface enp5s0 inet manual

auto br0
iface br0 inet dhcp
    bridge_ports    enp5s0
    bridge_stp      on
    bridge_maxwait  0
    bridge_fd       0

ifconfig

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.24.10.10  netmask 255.255.0.0  broadcast 10.24.255.255
        inet6 fe80::1276:44ff:fe93:e5d5  prefixlen 64  scopeid 0x20<link>
        ether 10:76:44:93:e5:d5  txqueuelen 1000  (Ethernet)
        RX packets 134578  bytes 6829887 (6.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1998  bytes 13852642 (13.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 10:7b:44:93:e9:d5  txqueuelen 1000  (Ethernet)
        RX packets 136408  bytes 9378239 (8.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11162  bytes 14598770 (13.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xefc00000-efc1ffff  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 4  bytes 246 (246.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 246 (246.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fee0:fa4  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:e0:0f:a4  txqueuelen 1000  (Ethernet)
        RX packets 786  bytes 196127 (191.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 130674  bytes 8943783 (8.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

虚拟机网络配置:

<interface type='bridge'>
  <mac address='52:54:00:e0:0f:a4'/>
  <source bridge='br0'/>
  <model type='virtio'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.24.255.254   0.0.0.0         UG    0      0        0 br0
10.24.0.0       0.0.0.0         255.255.0.0     U     0      0        0 br0

sysctl -n net.ipv4.ip_forward

1

模块br_netfilter未加载。

在虚拟机内部,virtio-net 驱动程序似乎工作正常,并且适配器从 DHCP 接收 IP。它可以 ping/连接到主机,但主机无法 ping VM 的 IP,也无法与其建立 TCP 连接。

知道可能是什么问题吗?

答案1

好的,事实证明主机配置正确,这是Windows 防火墙阻止连接尽管网络被标记为私有网络。(天啊,Windows 真的是这样吗?)

相关内容