服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 主机重启后如何重启KVM网桥?
Intereting Posts
企业替代WPAD代理configuration? 我可以给我的系统pipe理员哪些诊断信息来帮助他诊断Windows XP性能下降的原因? 如何以p4中的用户身份login Ubuntu上的Sendmail默认使用Google Apps服务器作为中继? 如何在PVM中将PV的百分比分配给VG AWS中的负载均衡器DNS设置 没有分配IP地址的桥接口上的Tcpdump / Iptables Kamailio作为纯TCP的SIP注册和中继 授权/ 24和/ 64反向区域 rsyslog不能发送日志到logstash Squid实用程序命令强制从本地硬盘caching加载? Debian stretch的Nginx试图安装nginx-common 1.10而不是1.13 诊断rsync错误输出 需要帮助启动lighttpd 某些个人电脑的vlan使用链接本地169.254.x,即使通信呈现给DHCP服务器?

主机重启后如何重启KVM网桥?

我在192.168.0.4上有一个KVM主机,一个桥接networking适配器可以在192.168.0.9上运行一个guest虚拟机,这个guest虚拟机可以连接到192.168.0.0/24整个networking或者连接数周。

现在,我不得不重新启动主机,客户端虚拟机也重新启动,但不能连接到networking上除主机之外的任何地方。

我可以从主机ssh [email protected] 192.168.0.9连接到它,从客人我可以连接回主机上的IP 192.168.0.4,但没有别的是可连接的。

我觉得有一些服务丢失,我需要重新启动后重新启动主机告诉networking适配器连接外部连接。 或者也许dockernetworking接口没有在重新启动后正确初始化防火墙。 但我不知道; 我该怎么办?

谢谢

从KVM主机输出 

 brctl show 
 bridge name bridge id STP enabled interfaces br-238782ed063f 8000.0242e81a340a no br0 8000.7085c2060a8a no enp5s0 vnet0 docker0 8000.02427d14b9fa no virbr0 8000.52540044738a yes virbr0-nic 
 ifconfig -a 
 br0 Link encap:Ethernet HWaddr 70:85:c2:06:0a:8a inet addr:192.168.0.4 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::7285:c2ff:fe06:a8a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1527437 errors:0 dropped:0 overruns:0 frame:0 TX packets:1997661 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:151534896 (151.5 MB) TX bytes:1283893295 (1.2 GB) br-238782ed063f Link encap:Ethernet HWaddr 02:42:e8:1a:34:0a inet addr:172.18.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) docker0 Link encap:Ethernet HWaddr 02:42:7d:14:b9:fa inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) enp5s0 Link encap:Ethernet HWaddr 70:85:c2:06:0a:8a inet6 addr: fe80::7285:c2ff:fe06:a8a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1530168 errors:0 dropped:0 overruns:0 frame:0 TX packets:2147775 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:173382480 (173.3 MB) TX bytes:1293304788 (1.2 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:276 errors:0 dropped:0 overruns:0 frame:0 TX packets:276 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:18224 (18.2 KB) TX bytes:18224 (18.2 KB) virbr0 Link encap:Ethernet HWaddr 52:54:00:44:73:8a inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) virbr0-nic Link encap:Ethernet HWaddr 52:54:00:44:73:8a BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vnet0 Link encap:Ethernet HWaddr fe:54:00:5b:f5:99 inet6 addr: fe80::fc54:ff:fe5b:f599/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15558 errors:0 dropped:0 overruns:0 frame:0 TX packets:20507 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1212123 (1.2 MB) TX bytes:1272954 (1.2 MB) 
 iptables -L -v -n 
 Chain INPUT (policy ACCEPT 1448K packets, 144M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy DROP 30647 packets, 7648K bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 32553 8091K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0 32553 8091K DOCKER-ISOLATION all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * br-238782ed063f 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * br-238782ed063f 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-238782ed063f !br-238782ed063f 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- br-238782ed063f br-238782ed063f 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 1919K packets, 1241M bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination Chain DOCKER-ISOLATION (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- br-238782ed063f docker0 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- docker0 br-238782ed063f 0.0.0.0/0 0.0.0.0/0 32553 8091K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 32553 8091K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

问题在于iptablesFORWARD表不允许任何通过br0接口的stream量,并具有DROP默认规则。

要解决此问题,您需要清除FORWARD表中的所有规则,并为其分配默认的ACCEPT策略: 

 iptables -F FORWARD iptables -P FORWARD ACCEPT