我想让托管在 Google Compute Engine 上的虚拟机拥有 2 个静态 IP 地址。为此,我创建了具有两个网络适配器 (NIC) 的虚拟机,每个适配器都允许我从各自的网络中“挑选” 1 个静态 IP 地址。正如 GCE 文档所述,这是让虚拟机拥有 2 个地址的唯一可能方法。一个适配器不能有多个静态地址 :(
到目前为止,我能够实现的只是每次只让一个 IP 工作。绝不会同时让两个 IP 工作。系统是 Debian,我的系统/etc/network/interfaces如下:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.1.2
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
gateway 10.0.1.1
dns-nameservers 8.8.8.8 8.8.4.4
dns-search example.com
auto eth1
iface eth1 inet static
address 10.0.2.2
netmask 255.255.255.0
network 10.0.2.0
broadcast 10.0.2.255
... 尽管'ifconfig'输出显示一切正常,甚至显示两个接口(和 NIC)上都有流量,但永远不可能同时连接两个 IP(10.0.1.2并且10.0.2.2同时连接)。我只能连接到其中一个10.0.1.2或10.0.2.2从外部连接,具体取决于我将哪一个设置为 eth0 并重新启动网络:
eth0 Link encap:Ethernet HWaddr 42:01:0a:00:01:02
inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2552 errors:0 dropped:0 overruns:0 frame:0
TX packets:2553 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:306760 (306.7 KB) TX bytes:1392278 (1.3 MB)
eth1 Link encap:Ethernet HWaddr 42:01:0a:00:02:02
inet addr:10.0.2.2 Bcast:10.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:621 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:51913 (51.9 KB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:149 errors:0 dropped:0 overruns:0 frame:0
TX packets:149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:44874 (44.8 KB) TX bytes:44874 (44.8 KB)
lshw -class network显示:
*-network:0
description: Ethernet interface
product: Virtio network device
vendor: Red Hat, Inc
physical id: 4
bus info: pci@0000:00:04.0
logical name: eth0
version: 00
serial: 42:01:0a:00:01:02
width: 32 bits
clock: 33MHz
capabilities: msix bus_master cap_list ethernet physical
configuration: broadcast=yes driver=virtio_net driverversion=1.0.0 ip=10.0.1.2 latency=0 link=yes multicast=yes
resources: irq:10 ioport:c040(size=64) memory:febfe000-febfe03f
*-network:1
description: Ethernet interface
product: Virtio network device
vendor: Red Hat, Inc
physical id: 5
bus info: pci@0000:00:05.0
logical name: eth1
version: 00
serial: 42:01:0a:00:02:02
width: 32 bits
clock: 33MHz
capabilities: msix bus_master cap_list ethernet physical
configuration: broadcast=yes driver=virtio_net driverversion=1.0.0 ip=10.0.2.2 latency=0 link=yes multicast=yes
resources: irq:10 ioport:c080(size=64) memory:febff000-febff03f
PS 我正在添加命令的结果iptables -nvL:
Chain INPUT (policy ACCEPT 1578 packets, 354K bytes)
pkts bytes target prot opt in out source destination
8781 544K f2b-dovecot-pop3imap tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
1132 61887 f2b-pureftpd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21
1457 564K f2b-postfix-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25
20120 2175K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
11287 688K f2b-dovecot-pop3imap tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
1511 82441 f2b-pureftpd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21
1773 585K f2b-postfix-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25
30811 3348K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
12528 760K f2b-dovecot-pop3imap tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
1691 92225 f2b-pureftpd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21
1960 632K f2b-postfix-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25
36156 3948K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
16013 963K f2b-dovecot-pop3imap tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 110,995,143,993
2352 128K f2b-pureftpd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21
2656 846K f2b-postfix-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 25
48399 5280K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1735 packets, 987K bytes)
pkts bytes target prot opt in out source destination
Chain f2b-dovecot-pop3imap (4 references)
pkts bytes target prot opt in out source destination
48609 2955K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-postfix-sasl (4 references)
pkts bytes target prot opt in out source destination
7846 2628K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-pureftpd (4 references)
pkts bytes target prot opt in out source destination
6669 364K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (4 references)
pkts bytes target prot opt in out source destination
22 1728 REJECT all -- * * 52.21.230.131 0.0.0.0/0 reject-with icmp-port-unreachable
22 1728 REJECT all -- * * 185.207.232.232 0.0.0.0/0 reject-with icmp-port-unreachable
22 1728 REJECT all -- * * 136.159.103.234 0.0.0.0/0 reject-with icmp-port-unreachable
17 1232 REJECT all -- * * 118.97.22.162 0.0.0.0/0 reject-with icmp-port-unreachable
132K 15M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
还有来自命令的输出route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.1.1 0.0.0.0 UG 0 0 0 eth0
10.0.1.0 * 255.255.255.0 U 0 0 0 eth0
10.0.2.0 * 255.255.255.0 U 0 0 0 eth1
如何使两个 IP 和两个 NIC 都正常工作。从外部无法 ping 通其中任何一个,具体取决于哪个 eth 列在前面/etc/network/interfaces?
答案1
乍一看,你忽略了:
gateway 10.0.1.1
dns-nameservers 8.8.8.8 8.8.4.4
对于第二个适配器。另外,您的输出结果如下:
iptables -nvL
路线
答案2
最后,我终于成功了。以下文章对我有帮助: https://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System
为了使两个网卡能够同时使用不同的网关,我们需要第二个路由表。我们将其命名为rt2。请按照以下步骤操作:
- 确保已安装
iproute2:sudo apt-get install iproute2 通过编辑添加第二个路由表
/etc/iproute2/rt_tables,在文件中添加以下行:1 rt2确保第二个接口
eth1才不是有一个gateway明确的在
/etc/network/interfaces第二个接口中添加以下几行eth1:post-up ip route add 10.0.2.0/24 dev eth1 src 10.0.2.2 table rt2 post-up ip route add default via 10.0.2.1 dev eth1 table rt2 post-up ip rule add from 10.0.2.2/32 table rt2 post-up ip rule add to 10.0.2.2/32 table rt2
更改是永久性的,重启后,我确实可以从外到内(传入)访问两个 IP 地址。当从内到外(传出)建立连接时,将使用eth0,因为它是默认设置。
我的最终结果/etc/network/interfaces现在如下所示:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.1.2
netmask 255.255.255.0
network 10.0.1.0
broadcast 10.0.1.255
gateway 10.0.1.1
dns-nameservers 8.8.8.8 8.8.4.4
dns-search example.com
auto eth1
iface eth1 inet static
address 10.0.2.2
netmask 255.255.255.0
network 10.0.2.0
broadcast 10.0.2.255
###################################################################### gateway 10.0.2.1
dns-nameservers 8.8.8.8 8.8.4.4
dns-search example.com
post-up ip route add 10.0.2.0/24 dev eth1 src 10.0.2.2 table rt2
post-up ip route add default via 10.0.2.1 dev eth1 table rt2
post-up ip rule add from 10.0.2.2/32 table rt2
post-up ip rule add to 10.0.2.2/32 table rt2