无法启动 virhs 网络:iptables:没有该名称的链/目标/匹配

tag-icon tag-icon networking iptables firewall
无法启动 virhs 网络:iptables:没有该名称的链/目标/匹配

我正在安装 Minishift 和部分安装需要配置virsh网络。
状态为inactive

root@ubuntu-aws:~# virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              inactive   yes           yes

我尝试启动它但收到错误:

root@ubuntu-aws:~# virsh net-start default
error: Failed to start network default
error: internal error: Failed to apply firewall rules /sbin/iptables -w --table filter --insert INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT: iptables: No chain/target/match by that name.

我在 AWS 上运行 ubuntu,所有外部流量目前都已打开。

root@ubuntu-aws:~# uname -a && lsb_release -a
Linux ip-172-31-27-9 4.4.0-1057-aws #66-Ubuntu SMP Thu May 3 12:49:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

编辑:

root@ubuntu-aws:~# iptables -L -t filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-FIREWALL  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KUBE-FIREWALL  all  --  anywhere             anywhere

Chain DOCKER (1 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain KUBE-FIREWALL (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000

答案1

当我在 SuSE 系统上从 NetworkManager 切换到 suse 自己的网络管理器时,就发生了这种情况。我不得不重新启动 libvirtd,即使重启了三次。

libvirtd 中最终发生了一些变化。

sudo 服务 libvirtd 重启

遇到此错误的其他人也需要

sudo mobprobe tun

答案2

看来我使用的 Amazon EC2 不支持嵌套 VM。
我尝试virsh在我的 ubuntu VMware 上安装网络并Virtualize Intel VT-x/EPT or AMD-V/RVI在 CPU 属性中启用该字段,并且能够做到这一点。

我还需要修复一些网络问题,因此我将我的界面添加ens33/etc/network/interfaces

root@ubuntu:~/minishift-1.32.0-linux-amd64# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto ens33
iface ens33 inet dhcp

已禁用网络管理器,因为它每次都会删除 resolv.conf 文件:

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service

相关内容