我想从互联网连接到 VM1(192.168.122.101),即 Internet(xx5.5/ens3:4)<-> VM1(192.168.122.101)而不影响其他网络(ens3、ens3:0->3)。
问题是我的 VPS 只有一块物理网卡,其他 IP 都是别名,如下图所示,如果我桥接 ens3,别名不会被关闭吗?
我跟着本指南到信件,但ssh到虚拟机(@xx5.5)连接到主网卡/主机(@88.88.88.88)。ssh到本地 IP(@192.168.122.101)连接到虚拟机。
我应该如何配置 VPS 上的网络,使其为每个 VM(目前为一个 VM)分配一个可以连接到 Internet 并充当 Web 服务器的私有 IP?如果 Ubuntu 16.04 无法实现所需的设置,那么升级到 18/20.04 可以吗?
配置:
- OVH VPS
- Ubuntu 16.04
- 虚拟机
- 联邦快递
- virtualmin/webmin 简介
网络(简化):
Internet
\
|
+------------------------+
| Ubuntu server | virbr0 (192.168.122.1/24)
+------------------------+ NAT
| ens3: 88.88.88.88 | Static IP for VM
+----------------+-------------+------------+-----------------+
| ens3:0 x.x.1.1 | | site1.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:1 x.x.2.2 | | site2.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:2 x.x.3.3 | | site3.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:3 x.x.4.4 | | site4.com | Virtualmin->www
+----------------+-------------+------------+-----------------+
| ens3:4 x.x.5.5 | | VM1/Ubuntu | 192.168.122.101
+----------------+-------------+------------+-----------------+
当前 IP 配置:
root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff
inet 88.88.88.88/32 brd 88.88.88.88 scope global ens3
valid_lft forever preferred_lft forever
inet x.x.1.1/32 brd x.x.1.1 scope global ens3:0
valid_lft forever preferred_lft forever
inet x.x.2.2/32 brd x.x.2.2 scope global ens3:1
valid_lft forever preferred_lft forever
inet x.x.3.3/32 brd x.x.3.3 scope global ens3:2
valid_lft forever preferred_lft forever
inet x.x.4.4/32 brd x.x.4.4 scope global ens3:3
valid_lft forever preferred_lft forever
inet x.x.5.5/32 brd x.x.5.5 scope global ens3:4
valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UNKNOWN group default qlen 1000
link/ether 50:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff
root:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff
virsh 配置:
root:~# virsh net-dumpxml default
<network connections='1'>
<name>default</name>
<uuid>54b584b8-b2f5-45cb-a8e1-8d75540dc1a8</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='51:52:00:c9:9b:7d'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
root:~# virsh domifaddr dpcloud
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet0 50:54:00:46:ea:7c ipv4 192.168.122.101/24
root:~# ssh [email protected]
...
root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.122.101/24 brd 192.168.122.255 scope global dynamic ens2
valid_lft 3470sec preferred_lft 3470sec
inet6 fe80::5054:ff:fe46:ea7c/64 scope link
valid_lft forever preferred_lft forever
答案1
我最终听从了@ChaoxiangN 的建议这里:
- 删除别名
- 设置网桥(br0)并向其添加其他 IP
- 设置具有自己的桥接网络 (virbr0) 的 KVM VM
然后,我没有执行“4/在客户机内部,配置 ipv4 以使用其他 IP”,而是使用 iptables 启用了 NAT:
root:~# iptables -t nat -I PREROUTING -p tcp -d 111.122.133.144 --dport 1:65535 -j DNAT --to-destination 192.168.122.88:1-65535
root:~# iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
注意:111.122.133.144= 公网 IP,192.168.122.88= VM1 IP
ssh [email protected]
...
user@VM1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:32:00:11:20:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.88/24 brd 192.168.122.255 scope global dynamic enp1s0
valid_lft 3576sec preferred_lft 3576sec
inet6 fe80::5054:ff:fe73:2096/64 scope link
valid_lft forever preferred_lft forever