|
|
- 本文目的:x86台式机有两块网卡,都通过DHCP连接公网,把其中一块网卡配置成网桥组建一个局域网, 并创建虚拟机。
原始网络配置如下:
test@test-Lenovo-Product:~$ ifconfig
eno1 Link encap:Ethernet HWaddr fc:4d:d4:31:6a:18
inet addr:9.115.112.93 Bcast:9.115.112.255 Mask:255.255.255.0
inet6 addr: fe80::7b29:2c8d:980f:9d60/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:131 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21280 (21.2 KB) TX bytes:11651 (11.6 KB)
Interrupt:20 Memory:f7d00000-f7d20000
enp1s10 Link encap:Ethernet HWaddr 00:14:78:44:8c:01
inet addr:9.115.112.158 Bcast:9.115.112.255 Mask:255.255.255.0
inet6 addr: fe80::9089:f049:18ce:66ea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:269 errors:0 dropped:0 overruns:0 frame:0
TX packets:183 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:81832 (81.8 KB) TX bytes:22130 (22.1 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:251 errors:0 dropped:0 overruns:0 frame:0
TX packets:251 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:19695 (19.6 KB) TX bytes:19695 (19.6 KB)
安装了bridge-utils之后可以看到,会自动创建一个virbr0的虚拟网卡, IP为192.168.122.1, 如果在kvm上用virt-install创建虚拟机并指定参数--network bridge=virbr0,model=virtio,创建出来的虚拟机会通过这个virbr0来访问公网(没有研究过virt-install 的详细实现,应该是虚拟机通过virbr0来用NAT来访问外网的)
test@test-Lenovo-Product:~/images$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:14:78:44:8c:01 brd ff:ff:ff:ff:ff:ff
inet 9.115.112.158/24 brd 9.115.112.255 scope global dynamic enp1s10
valid_lft 41167sec preferred_lft 41167sec
inet6 fe80::9089:f049:18ce:66ea/64 scope link
valid_lft forever preferred_lft forever
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fc:4d:d4:31:6a:18 brd ff:ff:ff:ff:ff:ff
inet 9.115.112.93/24 brd 9.115.112.255 scope global dynamic eno1
valid_lft 41174sec preferred_lft 41174sec
inet6 fe80::7b29:2c8d:980f:9d60/64 scope link
valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 500
link/ether 52:54:00:ca:2d:6e brd ff:ff:ff:ff:ff:ff
test@test-Lenovo-Product:~/images$ brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
由于想自己配置一遍,并用物理网卡来创建桥接网络,所以就把第二块网卡配成私网,并开启网关模式,备份/etc/network/interfaces 之后,做以下修改并重启网络:
test@test-Lenovo-Product:~$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
# The primary network interface
auto eno1
iface eno1 inet dhcp
# Enable Bridge networking br0 interface
auto enp1s10
iface enp1s10 inet manual
auto br0
iface br0 inet static
address 192.168.99.1
network 192.168.99.0
netmask 255.255.255.0
broadcast 192.168.99.255
#gateway 192.168.99.1
bridge_ports enp1s10
bridge_stp on
test@test-Lenovo-Product:~$ sudo service networking restart
经过这些修改之后ip addr显示如下:
test@test-Lenovo-Product:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
link/ether 00:14:78:44:8c:01 brd ff:ff:ff:ff:ff:ff
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fc:4d:d4:31:6a:18 brd ff:ff:ff:ff:ff:ff
inet 9.115.112.93/24 brd 9.115.112.255 scope global eno1
valid_lft forever preferred_lft forever
inet6 fe80::fe4d:d4ff:fe31:6a18/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:14:78:44:8c:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.99.1/24 brd 192.168.99.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::214:78ff:fe44:8c01/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 52:54:00:ca:2d:6e brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:96:24:83 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe96:2483/64 scope link
valid_lft forever preferred_lft forever (这个不知道是在那个环节创建出来的)
test@test-Lenovo-Product:~$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001478448c01 yes enp1s10
vnet0
virbr0 8000.000000000000 yes
路由信息如下
test@test-Lenovo-Product:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default static-9.115.11 0.0.0.0 UG 0 0 0 eno1
9.115.112.0 * 255.255.255.0 U 0 0 0 eno1
link-local * 255.255.0.0 U 1000 0 0 eno1
192.168.99.0 * 255.255.255.0 U 0 0 0 br0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
然后用下列命令创建虚拟机,virsh install 命令参数如下:
-n --name= 客户端虚拟机名称
-r --ram= 客户端虚拟机分配的内存
-u --uuid= 客户端UUID 默认不写时,系统会自动生成
--vcpus= 客户端的vcpu个数
-v --hvm 全虚拟化
-p --paravirt 半虚拟化
-l --location=localdir 安装源,有本地、nfs、http、ftp几种,多用于ks网络安装
--vnc 使用vnc ,另有--vnclient=监听的IP --vncport =VNC监听的端口
-c --cdrom= 光驱 安装途径
--disk= 使用不同选项作为磁盘使用安装介质
-w NETWORK, --network=NETWORK 连接客户机到主机网络
-s --file-size= 使用磁盘映像的大小 单位为GB
-f --file= 作为磁盘映像使用的文件
--cpuset=设置哪个物理CPU能够被虚拟机使用
--os-type=OS_TYPE 针对一类操作系统优化虚拟机配置(例如:‘linux’,‘windows’)
--os-variant=OS_VARIANT 针对特定操作系统变体(例如’rhel6’, ’winxp’,'win2k3')进一步优化虚拟机配置
--host-device=HOSTDEV 附加一个物理主机设备到客户机。HOSTDEV是随着libvirt使用的一个节点设备名(具体设备如’virsh nodedev-list’的显示的结果)
--accelerate KVM或KQEMU内核加速,这个选项是推荐最好加上。如果KVM和KQEMU都支持,KVM加速器优先使用。
-x EXTRA, --extra-args=EXTRA 当执行从"--location"选项指定位置的客户机安装时,附加内核命令行参数到安装程序
--nographics "virt-install" 将默认使用--vnc选项,使用nographics指定没有控制台被分配给客户机
sudo virt-install --name=ubuntu16test1 --os-variant=ubuntu16.04 --ram 8192 --vcpus=2 --disk path=/home/test/images/vms/ubuntu16test1.img,size=30,bus=virtio --accelerate --cdrom /home/test/images/ubuntu-16.04.1-server-amd64.iso --vnc --vncport=5910 --vnclisten=0.0.0.0 --network bridge=br0,model=virtio --noautoconsole --force
Starting install...
Allocating 'ubuntu16compute.img' | 30 GB 00:00:00
Creating domain... | 0 B 00:00:00
Domain installation still in progress. You can reconnect to
the console to complete the installation process.
然后执行vncviewr (需要用sudo apt-get install vncviewer来提前安装好),在弹出框里输入0.0.0.0:5910(取决于命令的指定值),然后进入图形化安装。期间要手动配置网络,需要填入以下信息:
address 192.168.99.2
netmask 255.255.255.0
gateway 192.168.99.1
dns-nameservers 9.0.149.140 9.0.146.50
安装期间选择Guided-use entire disk and set up LVM分区方式,安装出来以后磁盘显示如下:
test@ubuntu16:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1024M 0 rom
vda 253:0 0 30G 0 disk
├─vda1 253:1 0 487M 0 part /boot
├─vda2 253:2 0 1K 0 part
└─vda5 253:5 0 29.5G 0 part
├─ubuntu16--vg-root 252:0 0 21.5G 0 lvm /
└─ubuntu16--vg-swap_1 252:1 0 8G 0 lvm [SWAP]
test@ubuntu16:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 799M 8.7M 790M 2% /run
/dev/mapper/ubuntu16--vg-root 22G 1.3G 19G 7% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/vda1 472M 55M 393M 13% /boot
tmpfs 799M 0 799M 0% /run/user/1000
启动虚拟机后发现虚拟机在局域网内连通没问题,但是连不上外网,这时通过配置NAT可以让私网通过公网网卡eno1来访问外网
test@ubuntu16:~$ ping 192.168.99.1
PING 192.168.99.1 (192.168.99.1) 56(84) bytes of data.
64 bytes from 192.168.99.1: icmp_seq=1 ttl=64 time=0.165 ms
^C
--- 192.168.99.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.165/0.165/0.165/0.000 ms
test@ubuntu16:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
在host上打开ipv4转发,并通过iptables设置nat规则就可以了
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eno1 -j MASQUERADE
test@ubuntu16:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=31 time=55.8 ms
关于NAT和iptables 下面帖子写的不错,贴在下面仅供参考:
NAT详解
http://bbs.51cto.com/thread-878322-1.html
Iptables:
http://www.linuxso.com/linuxpeixun/10332.html
http://blog.chinaunix.net/uid-26495963-id-3279216.html |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-6-25 12:48:11
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡