VirtualBox(ネストされたVt)にKVM環境を設定しました。ゲストVM UbuntuはVMホストCentos7をpingすることができ、その逆も同様ですが、インターネットにアクセスできず、私のInternetLANrouter gw(192.168.0.1)をpingすることはできません。ブリッジbr0を作成し、それをenp0s3インターフェースにマップしました。 VMHostCentos7は私のLAN、routerGWをpingしてインターネットにアクセスできます。 VMGuestUbuntu16を作成し、br0ネットワークを使用します。 VMGuestUbuntu16はdhcp ip(192.168.0.145)を取得でき、VMHostCentos7をpingできますが、routerGW 192.168.0.1をpingできず、インターネットにアクセスできません。また、NetworkManagerをオフにしてipforwarding 'net.ipv4.ip_forward = 1'を追加しました。ここで何が間違っているのか教えてください。一部の設定を見逃している可能性があります。助けてください。ありがとうございます。
設定は次のとおりです。 -
PhysicalHost [virtualbox]---VMHostCentos7---KVM---VMGuestUbuntu16
IP:192.168.0.141 192.168.0.110 192.168.0.145
**VMHostCentos7**
**(1)IFCONFIG**
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.110 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412 prefixlen 64 scopeid 0x0<global>
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 54148 bytes 3915355 (3.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 77447 bytes 56912501 (54.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a00:27ff:fe47:8412 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:47:84:12 txqueuelen 1000 (Ethernet)
RX packets 53931 bytes 4689769 (4.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89777 bytes 73006443 (69.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 62865 bytes 847930152 (808.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62865 bytes 847930152 (808.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:62:dc:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
**(2) IP A**
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 08:00:27:a4:15:07 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:47:84:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.110/24 brd 192.168.0.255 scope global dynamic br0
valid_lft 603473sec preferred_lft 603473sec
inet6 2001:e68:5435:ccce:a00:27ff:fe47:8412/64 scope global mngtmpaddr dynamic
valid_lft 86395sec preferred_lft 86395sec
inet6 fe80::a00:27ff:fe47:8412/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:62:dc:29 brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:a2:b5:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea2:b56d/64 scope link
valid_lft forever preferred_lft forever
**(3)bridge link show br0**
2: enp0s3 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 4
6: virbr0-nic state DOWN : <BROADCAST,MULTICAST> mtu 1500 master virbr0 state disabled priority 32 cost 100
7: vnet0 state UNKNOWN : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
**(4) ip route**
default via 192.168.0.1 dev br0
169.254.0.0/16 dev br0 scope link metric 1004
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.110
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
**(5) brctl show**
bridge name bridge id STP enabled interfaces
br0 8000.080027478412 yes enp0s3
vnet0
virbr0 8000.52540062dc29 yes virbr0-nic
**(6) virsh net-list**
Name State Autostart Persistent
----------------------------------------------------------
default active yes yes
**VMGuestUbuntu16**
(1) virsh edit U1604_BR0
.....
</controller>
<interface type='bridge'>
<mac address='52:54:00:a2:b5:6d'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<channel type='spicevmc'>
<target type='virtio' name='com.redhat.spice.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes'>
<listen type='address'/>
<image compression='off'/>
</graphics>
<sound model='ich6'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
</memballoon>
</devices>
</domain>
私のVMですべての無差別モードを許可した後、私のVMは物理ホストIPをpingできますが、まだインターネットにアクセスできません。まだこの問題を解決できませんでした...検索しましたが、まだ問題は解決していません。ご協力ありがとうございます。
出力は次のとおりです
VMCentos (Host)
No Output when VMUbuntu(guess) ping router gw.
[root@mykvm_01 ~]# tcpdump -i br0 -ne icmp
VMUbuntu (guess)
ping 192.168.0.1 ===> router gw
From 192.168.0.145 icmp_seq=1 Destination Host Unreachable
From 192.168.0.145 icmp_seq=2 Destination Host Unreachable
From 192.168.0.145 icmp_seq=3 Destination Host Unreachable
VMCentos (Host)
[root@mykvm_01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
22380 1455K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
27 7012 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FORWARD_OUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 33030 packets, 26M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
36 4032 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
33030 26M OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDI_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- * br0 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 FWDO_public all -- * + 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDI_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 FWDO_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public all -- br0 * 0.0.0.0/0 0.0.0.0/0 [goto]
0 0 IN_public all -- + * 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
31 7284 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0
31 7284 IN_public_allow all -- * * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
今日の7月8日のアップデート: - 新しいVM推測を作成し、virbr0(NAT)を使用し、VMはroutergwをpingしてインターネットにアクセスできます。私はLAN経由または他のコンピュータの推測からVMにアクセス/sshできないので、これは私が望む設定ではありません。まだブリッジbr0インターフェイスを使用し、なぜgwをpingできないのか、インターネットにアクセスできないのかを知る必要があります。私の設定に何か抜けたものがあるようです。おそらくファイアウォールでしょうか?