虚拟网络、路由网络
虚拟网络、路由网络
提问于 2014-05-21 20:39:34
我已经安装了一个centos 6.5。
我已经安装了一个由virt管理器管理的主机管理程序libvirt ( kvm),我已经安装了两个VM(带有kvm),centos每个也安装了6.5。例如centos65_1和centos65_2。
第一个centos65_1使用默认的虚拟网络(NAT)
name: default
device: virbr0
state: active
autoboot: yes
ipv4 configuration
net: 192.168.122.0/24
dhcp:
start: 192.168.122.2
end: 192.168.122.254
forward: NAT第二个centos65_2使用我创建的另一个虚拟网络(路由网络)
name: routed_network
device: virbr1
state: active
autoboot: yes
ipv4 configuration
net: 192.168.100.0/24
dhcp:
start: 192.168.100.128
end: 192.168.100.254
forward: Routed主办单位:
两个vms运行时的ifconfig
[root@isis jvr]# ifconfig
Auto_eth0 Link encap:Ethernet HWaddr 20:CF:30:AE:65:47
inet addr:192.168.1.15 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::22cf:30ff:feae:6547/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19218 (18.7 KiB) TX bytes:2888 (2.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4958 errors:0 dropped:0 overruns:0 frame:0
TX packets:4958 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1546831 (1.4 MiB) TX bytes:1546831 (1.4 MiB)
virbr0 Link encap:Ethernet HWaddr 52:54:00:96:45:DE
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1886 (1.8 KiB) TX bytes:1344 (1.3 KiB)
virbr1 Link encap:Ethernet HWaddr 52:54:00:2C:02:F9
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1774 (1.7 KiB) TX bytes:1204 (1.1 KiB)
vnet0 Link encap:Ethernet HWaddr FE:54:00:77:ED:C8
inet6 addr: fe80::fc54:ff:fe77:edc8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2320 (2.2 KiB) TX bytes:10756 (10.5 KiB)
vnet1 Link encap:Ethernet HWaddr FE:54:00:A2:8D:8B
inet6 addr: fe80::fc54:ff:fea2:8d8b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:148 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2180 (2.1 KiB) TX bytes:8328 (8.1 KiB)
[root@isis jvr]# iptables -v -n -L --line-numbers
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
5 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
7 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
9 4997 1566K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
10 4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
11 4 240 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
12 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
13 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5900
14 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5903
15 10 572 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 6 504 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.100.0/24
2 6 504 ACCEPT all -- virbr1 * 192.168.100.0/24 0.0.0.0/0
3 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0
4 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
5 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
6 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
7 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
8 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
9 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
10 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
11 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 5015 packets, 1551K bytes)
num pkts bytes target prot opt in out source destination[root@isis jvr]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 virbr1
192.168.1.0 * 255.255.255.0 U 1 0 0 Auto_eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
default 192.168.1.1 0.0.0.0 UG 0 0 0 Auto_eth0
[root@isis jvr]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.5254009645de yes virbr0-nic
vnet0
virbr1 8000.5254002c02f9 yes virbr1-nic
vnet1ping to clients(vms)正在工作。
客户端(VM)
centos65_1
它有静态ip
/etc/sysconfig/network-scripts/ifcfg-eth0纳米
DEVICE=eth0 TYPE=Ethernet UUID=2b991cfa-4c3f-4619-8073-806710299fef ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=192.168.122.5 PREFIX=24 GATEWAY=192.168.122.1 DNS1=192.168.122.1 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0" HWADDR=52:54:00:77:ed:c8 NETMASK=255.255.255.0 USERCTL=no 在centos65_1,平到第二个vm 192.168.100.130,到192.168.1.15和到192.168.122.1工作。ping 192.168.1.1正在向google.com工作它可以工作 NAT模式有效。
centos65_2
它有静态ip
/etc/sysconfig/network-scripts/ifcfg-eth0纳米
DEVICE=eth0 HWADDR=52:54:00:a2:8d:8b TYPE=Ethernet UUID=d61375fb-6e4f-4f43-8015-9f7a218e1b39 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none DNS1=192.168.100.1 IPV6INIT=no USERCTL=no IPADDR=192.168.100.130 NETMASK=255.255.255.0 GATEWAY=192.168.100.1 在centos65_2,平到第二个vm 192.168.122.5,到192.168.1.15和到192.168.100.1工作。 平到192.168.1.1不工作,google.com不工作路由模式不工作 我怎么可能不能去外面的世界? 这个想法是在centos主机上安装了vms的virt管理器router+firewall。我以为新的虚拟网络(routed_network)已经把所有的网络东西都做好了。 我需要做什么,路由网络正常工作吗?我是虚拟网络的新手。 我不使用DMZ在我的本地网络,我想要相同的网络配置在我的本地网络和服务器。 谢谢。致以问候。
回答 1
Server Fault用户
发布于 2014-05-21 22:22:49
是否启用IP转发?检查sysctl net.ipv4.ip_forward。如果不是,则使用sysctl -w net.ipv4.ip_forward=1启用它(要使更改永久化,请将net.ipv4.ip_forward = 1添加到/etc/sysctl.conf。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/597620
复制相关文章
相似问题
腾讯云开发者
