KVM客人无法访问互联网

我有一个Debian主机，它有几个分配的IP和KVM与一个使用桥接networking的Debian客人。 客人完全无法到达networking，包括局域网甚至主机。 从guest虚拟机ping主机会产生Destination Host Unreachable错误。 如果我尝试从主机ping客人，我得到主机本身而不是来自客人的响应。

主机的/ etc / network / interfaces

 # The loopback network interface auto lo auto eth1 iface lo inet loopback allow-hotplug eth1 iface eth1 inet static address 108.xxx.xxx.130 netmask 255.255.255.248 network 108.xxx.xxx.128 broadcast 108.xxx.xxx.135 gateway 108.xxx.xxx.129 dns-nameservers 127.0.0.1 208.167.225.22 64.237.42.82 dns-domain example.com # dns-* options are implemented by the resolvconf package, if installed auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 108.xxx.xxx.132 netmask 255.255.255.248 bridge_ports eth0 bridge_stp on bridge_fd 0 bridge_maxwait 0 

主持人的桥梁：

 # brctl show bridge name bridge id STP enabled interfaces br0 8000.bc5ff43b621c yes eth0 vnet0 virbr0 8000.000000000000 yes 

主机的KVMnetworking：

 # virsh net-list --all Name State Autostart ----------------------------------------- br0 active yes default active yes 

br0networkingconfiguration：

 <network> <name>br0</name> <uuid>cc78c850-b182-11e4-ab27-0800200c9a66</uuid> <forward mode='bridge'/> <bridge name='br0' /> <mac address='52:54:00:43:58:77'/> </network> 

VM的界面设置：

 <interface type='bridge'> <mac address='52:54:00:ea:c0:83'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> 

主机的sysctl

 # sysctl -p /etc/sysctl.conf net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 

主机的iptables：

 # iptables -vnL Chain INPUT (policy ACCEPT 16 packets, 3436 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT 9 packets, 832 bytes) pkts bytes target prot opt in out source destination 

访客的networking设置：

 auto eth0 iface eth0 inet static address 108.xxx.xxx.132 netmask 255.255.255.248 gateway 108.xxx.xxx.129 

编辑（根据shodanshok的答案，使主机和来宾IP不同）

主机的ifconfig：

 # ifconfig br0 Link encap:Ethernet HWaddr bc:5f:f4:3b:62:1c inet addr:108.xxx.xxx.132 Bcast:108.xxx.xxx.135 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2584 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:594801 (580.8 KiB) TX bytes:0 (0.0 B) eth0 Link encap:Ethernet HWaddr bc:5f:f4:3b:62:1c UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21817 errors:0 dropped:0 overruns:0 frame:0 TX packets:493 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5806951 (5.5 MiB) TX bytes:38774 (37.8 KiB) Interrupt:20 Memory:f7d00000-f7d20000 eth1 Link encap:Ethernet HWaddr 68:05:ca:05:f2:1e inet addr:108.xxx.xxx.130 Bcast:108.xxx.xxx.135 Mask:255.255.255.248 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:84560 errors:0 dropped:0 overruns:0 frame:0 TX packets:140042 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9419446 (8.9 MiB) TX bytes:157587628 (150.2 MiB) Interrupt:16 Memory:f7cc0000-f7ce0000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13361 errors:0 dropped:0 overruns:0 frame:0 TX packets:13361 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3897517 (3.7 MiB) TX bytes:3897517 (3.7 MiB) virbr0 Link encap:Ethernet HWaddr 3e:14:8f:80:03:75 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) vnet0 Link encap:Ethernet HWaddr fe:54:00:ea:c0:83 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:2517 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:956 (956.0 B) TX bytes:583780 (570.0 KiB) 

Guest的ifconfig：

 auto eth0 iface eth0 inet manual auto br0 iface br0 inet manual bridge_ports eth0 bridge_stp off bridge_fd 9 bridge_maxage 12 bridge_hello 2