为了说明这一点,我安装了Ubuntu 17.04并安装了KVM,然后成功configuration了Windows Server 2016标准虚拟机。 networking/互联网接入明智的一切工作完全正常,直到今天上午我注意到,在浏览器中导航时,我无法访问某些网站。 我发现了问题的根源,但是我对iptables的了解很less,经过无数个小时的研究,我仍然没有想到。
这是问题的影响。
我正在使用主机和来宾之间的NAT连接。 我使用它们提供的/ etc / libvirt / hooks / qemu脚本来转发端口,我发现问题的根源(下面的编号1和2)
编辑:我把这些在这里看得更好:
1- sbin / iptables -t nat -D PREROUTING -p tcp –dport 80 -j DNAT – to $ GUEST_IP:80
2- sbin / iptables -t nat -I PREROUTING -p tcp –dport 80 -j DNAT – 到目的地$ GUEST_IP:80
我已经尝试了他们两个人,他们工作了一会儿,然后我不能访问http网站了,但我的networking服务器是stil访问。
我将不胜感激任何帮助或新的/不同的规则可能解决这个问题。
#!/bin/bash if [ "${1}" = "VM-NAME" ]; then GUEST_IP=10.0.0.5 # currently not used anywhere HOST_IP=1.2.3.4 # CURRENTLY NOT USED, use as $HOST_PORT or $GUEST_PORT #GUEST_PORT=3389 #HOST_PORT=1338 if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then /sbin/iptables -D FORWARD -o virbr0 -d $GUEST_IP -j ACCEPT ##/sbin/iptables -I FORWARD -m state 10.0.0.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT #### RDP [tcp/udp] [Host:1338 -> VM:3389] /sbin/iptables -t nat -D PREROUTING -p tcp --dport 1338 -j DNAT --to $GUEST_IP:3389 /sbin/iptables -t nat -D PREROUTING -p udp --dport 1338 -j DNAT --to $GUEST_IP:3389 #### HTTP [tcp] [Host:80 -> VM:80] 1- ##/sbin/iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to $GUEST_IP:80 2 -##/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-destination $GUEST_IP:80 fi if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then /sbin/iptables -I FORWARD -o virbr0 -d $GUEST_IP -j ACCEPT ##/sbin/iptables -I FORWARD -m state 10.0.0.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT #### RDP [tcp/udp] [Host:1338 -> VM:3389] /sbin/iptables -t nat -I PREROUTING -p tcp --dport 1338 -j DNAT --to $GUEST_IP:3389 /sbin/iptables -t nat -I PREROUTING -p udp --dport 1338 -j DNAT --to $GUEST_IP:3389 #### HTTP [tcp] [Host:80 -> VM:80] 1- ##/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to $GUEST_IP:80 2- ##/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-destination $GUEST_IP:80 fi fi 我的ifconfg是如果你可能需要它。 virbr0是主机和虚拟机之间的桥梁,我认为vmnet0只在vm运行时出现(我不太明白为什么vnet0只有ipv6的困难)
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet <my ipv4> netmask 255.255.255.0 broadcast <my ipv4>.255 inet6 <my ipv6> prefixlen 128 scopeid 0x0<global> inet6 <my ipv6> prefixlen 64 scopeid 0x20<link> ether 4c:72:b9:43:f0:e5 txqueuelen 1000 (Ethernet) RX packets 18640 bytes 2965981 (2.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16930 bytes 3893649 (3.8 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xfe500000-fe520000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 164 bytes 33947 (33.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 164 bytes 33947 (33.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 ether 52:54:00:62:88:21 txqueuelen 1000 (Ethernet) RX packets 10302 bytes 2798316 (2.7 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9209 bytes 1691107 (1.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::fc7f:f3ff:fe5e:e777 prefixlen 64 scopeid 0x20<link> ether fe:7f:f3:5e:e7:77 txqueuelen 1000 (Ethernet) RX packets 10302 bytes 2942544 (2.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13079 bytes 1893103 (1.8 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0