VirtualBox(중첩 Vt)에 KVM 환경을 설정했습니다. 게스트 VM Ubuntu는 VM 호스트 Centos7을 핑할 수 있고 그 반대의 경우도 마찬가지지만 인터넷에 액세스할 수 없고 내 InternetLANrouter gw(192.168.0.1)를 핑할 수 없습니다. 브릿지 br0을 생성하고 이를 enp0s3 인터페이스로 매핑했습니다. VMHostCentos7은 내 LAN, routerGW를 ping하고 인터넷에 액세스할 수 있습니다. VMGuestUbuntu16을 생성하고 br0 네트워크를 사용합니다. VMGuestUbuntu16은 dhcp ip(192.168.0.145)를 얻을 수 있고 VMHostCentos7을 ping할 수 있지만 routerGW 192.168.0.1을 ping할 수 없으며 인터넷에 액세스할 수 없습니다. 또한 NetworkManager를 끄고 ipforwarding 'net.ipv4.ip_forward = 1'을 추가했습니다. 여기서 무엇이 잘못되었을 수 있는지 알려주세요. 일부 구성을 놓쳤을 수도 있습니다. 도와주세요. 감사해요.
설정은 다음과 같습니다:-
PhysicalHost [virtualbox]---VMHostCentos7---KVM---VMGuestUbuntu16
IP:192.168.0.141 192.168.0.110 192.168.0.145
**VMHostCentos7**
**(1)IFCONFIG**
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.110 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412 prefixlen 64 scopeid 0x0<global>
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 54148 bytes 3915355 (3.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 77447 bytes 56912501 (54.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 53931 bytes 4689769 (4.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89777 bytes 73006443 (69.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 62865 bytes 847930152 (808.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62865 bytes 847930152 (808.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:62:dc:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
**(2) IP A**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 08:00:27:a4:15:07 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.110/24 brd 192.168.0.255 scope global dynamic br0
valid_lft 603473sec preferred_lft 603473sec
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412/64 scope global mngtmpaddr dynamic
valid_lft 86395sec preferred_lft 86395sec
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:a2:b5:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea2:b56d/64 scope link
valid_lft forever preferred_lft forever
**(3)bridge link show br0**
2: enp0s3 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
6: virbr0-nic state DOWN : <BROADCAST,MULTICAST> mtu 1500 master virbr0 state disabled priority 32 cost 100
7: vnet0 state UNKNOWN : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
**(4) ip route**
default via 192.168.0.1 dev br0
169.254.0.0/16 dev br0 scope link metric 1004
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.110
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
**(5) brctl show**
bridge name bridge id STP enabled interfaces
br0 8000.080027478412 yes enp0s3
vnet0
virbr0 8000.52540062dc29 yes virbr0-nic
**(6) virsh net-list**
Name State Autostart Persistent
----------------------------------------------------------
default active yes yes
**VMGuestUbuntu16**
(1) virsh edit U1604_BR0
.....
</controller>
<interface type='bridge'>
<mac address='52:54:00:a2:b5:6d'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</memballoon>
</devices>
</domain>
내 VM에서 모든 무차별 모드를 허용한 후 내 VM은 물리적 호스트 IP를 ping할 수 있지만 여전히 인터넷에 액세스할 수 없습니다. 아직도 이 문제를 해결할 수 없습니다... 검색했지만 여전히 문제가 해결되지 않았습니다. 당신의 도움을 주셔서 감사합니다.
출력은 다음과 같습니다
VMCentos (Host)
No Output when VMUbuntu(guess) ping router gw.
[root@mykvm_01 ~]# tcpdump -i br0 -ne icmp
VMUbuntu (guess)
ping 192.168.0.1 ===> router gw
From 192.168.0.145 icmp_seq=1 Destination Host Unreachable
From 192.168.0.145 icmp_seq=2 Destination Host Unreachable
From 192.168.0.145 icmp_seq=3 Destination Host Unreachable
VMCentos (Host)
[root@mykvm_01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
22380 1455K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
27 7012 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 33030 packets, 26M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
36 4032 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
33030 26M OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * br0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
오늘 7월 8일 업데이트: - 새 VM 추측을 생성하고 virbr0(NAT)을 사용했으며 VM은 routergw를 ping하고 인터넷에 액세스할 수 있습니다. 내 LAN을 통해 또는 다른 컴퓨터 추측에서 VM에 액세스/ssh할 수 없기 때문에 이것은 내가 원하는 설정이 아닙니다. 여전히 브리지 br0 인터페이스를 사용해야 하며 왜 gw를 ping할 수 없고 인터넷에 액세스할 수 없는지 알아내야 합니다. 내 설정에 뭔가 빠진 것이 있는 것 같습니다. 아마도 방화벽일까요?