与linux网桥联网

我正在尝试了解Linuxnetworking和网桥，使用网桥设置networking。我有两个虚拟机eth0接口

VM A – > 10.0.1.7（eth0）

VM B – > 10.0.1.8（eth0）

路由器（10.0.1.1）configuration下面的附加路由

目标：10.1.7.0/24，nexthop = 10.0.1.7

目标：10.1.8.0/24，nexthop = 10.0.1.8

我用下面的命令添加了一个linux birdge

ip link add br0 type bridge ip addr add 10.1.7.1/24 dev br0 ip link set br0 up [root@test-1 centos]# ip addr 1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d9:59:5b brd ff:ff:ff:ff:ff:ff inet 10.0.1.7/24 brd 10.0.1.255 scope global dynamic eth0 valid_lft 507sec preferred_lft 507sec inet6 fe80::f816:3eff:fed9:595b/64 scope link valid_lft forever preferred_lft forever 2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000 link/ether 46:d0:ca:31:fa:b2 brd ff:ff:ff:ff:ff:ff inet 10.1.7.1/24 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::44d0:caff:fe31:fab2/64 scope link valid_lft forever preferred_lft forever [root@test-1 centos]# ip route default via 10.0.1.1 dev eth0 10.0.0.0/24 dev eth0 proto static scope link 10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.7 10.1.7.0/24 dev br0 proto kernel scope link src 10.1.7.1 169.254.169.254 via 10.0.1.1 dev eth0 proto static 172.16.60.0/24 dev eth0 proto static scope link

在虚拟机A接口上向虚拟机A发送Ping请求

 [root@test-1 centos]# ping 10.1.7.1 -c 1 PING 10.1.7.1 (10.1.7.1) 56(84) bytes of data. 64 bytes from 10.1.7.1: icmp_seq=1 ttl=64 time=0.065 ms --- 10.1.7.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms

从虚拟机A向br0接口上的虚拟机A的Ping请求失败

 [root@test-1 centos]# ping -I br0 10.1.7.1 -c 1 PING 10.1.7.1 (10.1.7.1) from 10.1.7.1 br0: 56(84) bytes of data. --- 10.1.7.1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

现在，当尝试从VM B ping 10.1.7.1时，VM A正在发送回应应答，但是VM b没有收到回应。

 [root@test-2 centos]# ping 10.1.7.1 -c 2 PING 10.1.7.1 (10.1.7.1) 56(84) bytes of data. --- 10.1.7.1 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms

两个虚拟机iptables都被刷新，tcpdump在下面

VM A

 [root@test-1 centos]# tcpdump -i eth0 -nn -t -vv icmp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes IP (tos 0x0, ttl 63, id 16561, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.1.8 > 10.1.7.1: ICMP echo request, id 2660, seq 1, length 64 IP (tos 0x0, ttl 64, id 11195, offset 0, flags [none], proto ICMP (1), length 84) 10.1.7.1 > 10.0.1.8: ICMP echo reply, id 2660, seq 1, length 64 IP (tos 0x0, ttl 63, id 17282, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.1.8 > 10.1.7.1: ICMP echo request, id 2660, seq 2, length 64 IP (tos 0x0, ttl 64, id 11473, offset 0, flags [none], proto ICMP (1), length 84) 10.1.7.1 > 10.0.1.8: ICMP echo reply, id 2660, seq 2, length 64

VM B

 [root@test-2 centos]# tcpdump -i eth0 -t -nn -vv icmp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes IP (tos 0x0, ttl 64, id 16561, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.1.8 > 10.1.7.1: ICMP echo request, id 2660, seq 1, length 64 IP (tos 0x0, ttl 64, id 17282, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.1.8 > 10.1.7.1: ICMP echo request, id 2660, seq 2, length 64

如果我拿br0接口的tcpdump（tcpdump -i br0 icmp），我没有看到任何数据包，为什么？但是br0附有10.1.7.1。

任何iptables的configuration要求？

我厌倦了附加eth0到br0，（brctl addif br0 eth0），这样就失去了我的虚拟机的连接，不能ping通虚拟机。是他们的另一种方式可以eth0接口转发数据包到br0 ..我不关于veth或tuntap接口，是这样做的。