从客户虚拟机到互联网的 ping 操作中端口无法访问。(KVM Virt-Manager 默认 NAT 网络)

tag-icon tag-icon 16.04 kvm-virtualization nat virt-manager
从客户虚拟机到互联网的 ping 操作中端口无法访问。(KVM Virt-Manager 默认 NAT 网络)

使用 Ubuntu 上的 virt-manager、KVM,我创建了一个具有默认网络配置(NAT)的 VM,如下所述:https://wiki.libvirt.org/page/VirtualNetworking在NAT模式下。

默认情况下,该虚拟机应具有互联网连接。但我无法从虚拟机 ping 通互联网地址。相反,我从相应的主机接口收到无法访问目标端口的信息

ping 结果

我怀疑这与下面转发表中的 iptables“reject-with icmp-port unreachable”配置有关。这些规则是由 virt manager 自动创建的,但即使我删除了这些规则,我仍然会遇到同样的问题。请提出任何想法

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             192.168.150.0/24     ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.150.0/24     anywhere            
3    ACCEPT     all  --  anywhere             anywhere            
4    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
5    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
6    ACCEPT     all  --  anywhere             192.168.100.0/24     ctstate RELATED,ESTABLISHED
7    ACCEPT     all  --  192.168.100.0/24     anywhere            
8    ACCEPT     all  --  anywhere             anywhere            
9    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
10   REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
11   ACCEPT     all  --  anywhere             anywhere            
12   ACCEPT     all  --  anywhere             anywhere            
13   ACCEPT     all  --  anywhere             anywhere            
14   DOCKER-USER  all  --  anywhere             anywhere            
15   DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
16   ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
17   DOCKER     all  --  anywhere             anywhere            
18   ACCEPT     all  --  anywhere             anywhere            
19   ACCEPT     all  --  anywhere             anywhere

和 NAT 规则

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    RETURN     all  --  192.168.150.0/24     base-address.mcast.net/24 
2    RETURN     all  --  192.168.150.0/24     255.255.255.255     
3    MASQUERADE  tcp  --  192.168.150.0/24    !192.168.150.0/24     masq ports: 1024-65535
4    MASQUERADE  udp  --  192.168.150.0/24    !192.168.150.0/24     masq ports: 1024-65535
5    MASQUERADE  all  --  192.168.150.0/24    !192.168.150.0/24    
6    RETURN     all  --  192.168.100.0/24     base-address.mcast.net/24 
7    RETURN     all  --  192.168.100.0/24     255.255.255.255     
8    MASQUERADE  tcp  --  192.168.100.0/24    !192.168.100.0/24     masq ports: 1024-65535
9    MASQUERADE  udp  --  192.168.100.0/24    !192.168.100.0/24     masq ports: 1024-65535
10   MASQUERADE  all  --  192.168.100.0/24    !192.168.100.0/24    
11   MASQUERADE  all  --  172.17.0.0/16        anywhere            
12   MASQUERADE  all  --  192.168.122.0/24     anywhere            
13   MASQUERADE  all  --  192.168.223.0/24     anywhere

谢谢,

相关内容