我想为3个访客虚拟机创build一个VLAN 。 我已经有了它,每个虚拟机都可以互相ping ,但问题是任何guest虚拟机都无法访问互联网
主机中的networkingconfiguration
# /etc/network/interfaces auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 188.165.xx <------ Internet's public ip netmask 255.255.255.0 network 188.165.255.0 broadcast 188.165.255.255 gateway 188.165.yy <------- Internet's public gateway bridge_ports eth0 bridge_fd 0 bridge_stp on auto eth0.3 iface eth0.3 inet manual mtu 1500 vlan_raw_device eth0 auto vlan3 iface vlan3 inet static bridge_ports eth0.3 bridge_maxwait 0 bridge_stp off address 172.69.0.1 netmask 255.255.255.0 network 172.69.0.0 broadcast 172.69.0.255
主机route -n路由列表
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.69.0.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan3 188.165.255.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 188.165.yy 0.0.0.0 UG 0 0 0 br0
brctl show主机
bridge name bridge id STP enabled interfaces br0 8000.e840f20acc28 yes eth0 tap10.0 vif10.0 vif7.0 vlan3 8000.e840f20acc28 no eth0.3 log01
Ping客人 – >主持人工作
PING 172.69.0.1 (172.69.0.1) 56(84) bytes of data. 64 bytes from 172.69.0.1: icmp_req=1 ttl=64 time=0.155 ms 64 bytes from 172.69.0.1: icmp_req=2 ttl=64 time=0.100 ms
Traceroute,例如Google的DNS ip
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 172.69.0.1 (172.69.0.1) 0.198 ms 0.237 ms 0.209 ms 2 * * *
正如你所看到的,它死于主机IP(网关)。
我不知道我做错了什么
您需要通过将/ proc / sys / net / ipv4 / ip_forward更改为1来启用IP转发。
您还需要将iptables-rule应用到虚拟机的NAT。 (这应该在主机上应用)
iptables -t nat -A POSTROUTING -o <your external interface on the Host> -j MASQUERADE