路由子网至接口

tag-icon tag-icon linux-networking
路由子网至接口

有人能告诉我我的设置有什么问题吗?我需要一个带有互联网的虚拟 10.0.0.x 子网来安装虚拟机。

来宾设置是:

ip 10.0.0.3
nm 255.255.255.0
gw 10.0.0.2 (also tried 10.0.0.1)

:(

#source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

#iface lo inet6 loopback

auto enp2s0
iface enp2s0 inet static
        address 153.9.147.85
        netmask 255.255.255.254
        gateway 153.9.147.65
        pointopoint 153.9.147.65
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
#        post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.2
        netmask 255.255.252.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

#        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
#        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o enp2s0 -j MASQUERADE
#        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o enp2s0 -j MASQUERADE

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether d4:3d:7e:f8:f0:67 brd ff:ff:ff:ff:ff:ff
    inet 153.9.147.85 peer 153.9.147.65/32 brd 255.255.255.255 scope global enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::d63d:7eff:fef8:f067/64 scope link 
       valid_lft forever preferred_lft forever
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 72:c4:7e:30:b3:c7 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/22 brd 10.0.3.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::70c4:7eff:fe30:b3c7/64 scope link 
       valid_lft forever preferred_lft forever

# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

ip route
default via 153.9.147.65 dev enp2s0 onlink 
10.0.0.0/22 dev vmbr0 proto kernel scope link src 10.0.0.2 
10.0.0.1 via 153.9.147.65 dev enp2s0 
10.0.0.2 via 153.9.147.65 dev enp2s0 
153.9.147.65 dev enp2s0 proto kernel scope link src 153.9.147.85

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         153.9.147.65    0.0.0.0         UG    0      0        0 enp2s0
10.0.0.0        0.0.0.0         255.255.252.0   U     0      0        0 vmbr0
10.0.0.1        153.9.147.65    255.255.255.255 UGH   0      0        0 enp2s0
10.0.0.2        153.9.147.65    255.255.255.255 UGH   0      0        0 enp2s0
153.9.147.65    0.0.0.0         255.255.255.255 UH    0      0        0 enp2s0

# ping -I vmbr0 www.example.com
PING www.example.com (93.184.216.34) from 10.0.0.2 vmbr0: 56(84) bytes of data.
^C
--- www.example.com ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 235ms
pipe 4

正如预期的那样,它只是互联网路由(https://i.stack.imgur.com/G5O4B.png)也无法使用:

root@vms ~ # iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
root@vms ~ # iptables -A FORWARD -i vmbr0 -o enp2s0 -j ACCEPT
root@vms ~ # iptables -A FORWARD -i enp2s0 -o vmbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT

相关内容