我正在尝试使网络桥接在 Debian squeeze 上运行(我正在尝试制作一个 QEMU/KVM 虚拟机,它将对外部网络可见,就像它是一台不同的机器一样)。问题是,当我输入 时,brctl addif br0 eth0我会失去与网络的连接,直到我输入brctl delif br0 eth0。
更具体地说,在我执行任何操作之前,我的机器是这样的(基本上eth0是在监听 147.102.160.153):
root@laura:/home/anthony# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 8c:73:6e:db:1c:1b brd ff:ff:ff:ff:ff:ff
inet 147.102.160.153/24 brd 147.102.160.255 scope global eth0
inet6 2001:648:2000:a0:8e73:6eff:fedb:1c1b/64 scope global dynamic
valid_lft 2591848sec preferred_lft 604648sec
inet6 fe80::8e73:6eff:fedb:1c1b/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 4c:ed:de:8e:44:d7 brd ff:ff:ff:ff:ff:ff
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
5: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether ee:7c:88:59:d0:e8 brd ff:ff:ff:ff:ff:ff
现在让我添加桥梁:
root@laura:/home/anthony# brctl addbr br0
root@laura:/home/anthony# ip tuntap add dev tap0 mode tap
root@laura:/home/anthony# ip link set tap0 up
root@laura:/home/anthony# brctl addif br0 tap0
到这里一切都继续正常工作。最后,我尝试添加eth0到桥中:
root@laura:/home/anthony# brctl addif br0 eth0
此时,我不再有网络连接。如果我尝试做某事ping,它会提示“目标主机无法访问”。输出ip addr show似乎正常:
root@laura:/home/anthony# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 8c:73:6e:db:1c:1b brd ff:ff:ff:ff:ff:ff
inet 147.102.160.153/24 brd 147.102.160.255 scope global eth0
inet6 2001:648:2000:a0:8e73:6eff:fedb:1c1b/64 scope global dynamic
valid_lft 2591908sec preferred_lft 604708sec
inet6 fe80::8e73:6eff:fedb:1c1b/64 scope link
valid_lft forever preferred_lft forever
[snip wlan0, vboxnet0 and pan0, which are down and irrelevant]
8: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 16:30:f2:67:ab:75 brd ff:ff:ff:ff:ff:ff
9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether 16:30:f2:67:ab:75 brd ff:ff:ff:ff:ff:ff
inet6 fe80::1430:f2ff:fe67:ab75/64 scope link
valid_lft forever preferred_lft forever
还:
root@laura:/home/anthony# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
147.102.160.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 147.102.160.200 0.0.0.0 UG 0 0 0 eth0
我不明白我做错了什么。我希望机器继续在 上监听 147.102.160.153 eth0,此外,我还希望有一个tap0桥接到 的接口eth0,该接口可供客户机使用,以便后者在另一个 IP 地址(例如 147.102.160.205)上监听。(如果有其他方法可以实现我想要的,我也很感兴趣。)
答案1
在 Linux 上,可以在将接口添加到网桥之前为接口分配 IP 地址(但不应该),而是将其分配给网桥接口。
- 将接口添加到网桥。
- 将地址添加到桥接器。
- 将桥接器的所有桥接端口都设置为开启。
顺便说一句,route来自 net-tools 包,该包已弃用。请使用ip route(或简写ip r)代替。