使用 Ubuntu 上的 virt-manager、KVM,我创建了一个具有默认网络配置(NAT)的 VM,如下所述:https://wiki.libvirt.org/page/VirtualNetworking在NAT模式下。
默认情况下,该虚拟机应具有互联网连接。但我无法从虚拟机 ping 通互联网地址。相反,我从相应的主机接口收到无法访问目标端口的信息
我怀疑这与下面转发表中的 iptables“reject-with icmp-port unreachable”配置有关。这些规则是由 virt manager 自动创建的,但即使我删除了这些规则,我仍然会遇到同样的问题。请提出任何想法
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.150.0/24 ctstate RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.150.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
6 ACCEPT all -- anywhere 192.168.100.0/24 ctstate RELATED,ESTABLISHED
7 ACCEPT all -- 192.168.100.0/24 anywhere
8 ACCEPT all -- anywhere anywhere
9 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
10 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
11 ACCEPT all -- anywhere anywhere
12 ACCEPT all -- anywhere anywhere
13 ACCEPT all -- anywhere anywhere
14 DOCKER-USER all -- anywhere anywhere
15 DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
16 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
17 DOCKER all -- anywhere anywhere
18 ACCEPT all -- anywhere anywhere
19 ACCEPT all -- anywhere anywhere
和 NAT 规则
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 RETURN all -- 192.168.150.0/24 base-address.mcast.net/24
2 RETURN all -- 192.168.150.0/24 255.255.255.255
3 MASQUERADE tcp -- 192.168.150.0/24 !192.168.150.0/24 masq ports: 1024-65535
4 MASQUERADE udp -- 192.168.150.0/24 !192.168.150.0/24 masq ports: 1024-65535
5 MASQUERADE all -- 192.168.150.0/24 !192.168.150.0/24
6 RETURN all -- 192.168.100.0/24 base-address.mcast.net/24
7 RETURN all -- 192.168.100.0/24 255.255.255.255
8 MASQUERADE tcp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: 1024-65535
9 MASQUERADE udp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: 1024-65535
10 MASQUERADE all -- 192.168.100.0/24 !192.168.100.0/24
11 MASQUERADE all -- 172.17.0.0/16 anywhere
12 MASQUERADE all -- 192.168.122.0/24 anywhere
13 MASQUERADE all -- 192.168.223.0/24 anywhere
谢谢,