neutron基础九(qemu nat网络)
接上基础八,kvm透传nested忽略
1.在主机centos7(192.168.139.55)上建立的vm是centos的,使vm的的段是192.168.123.0段(因为122段有可能已经被virbr0占了)
2.建立桥接br-hao(设置为192.168.123.1),设置ipv4包转发,设置iptables的ip伪装
3.dnsmasq启动dhcp服务器,绑定到br-hao(ps下如果已经起了dnsmasq就去给干掉)
4.在vm中启动dhclient,尝试ping www.baidu.com没问题
新建个桥接
在主机上
设置转发
默认使用IP未转干掉方式实现nat,而不是使用snat和dnat
iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 ! -d 192.168.123.0/255.255.255.0 -jMASQUERADE
结果
启动dnsmasq
qemu的启动相同
testnet.img为一个centos7的镜像,带dhclient命令的,cirros似乎不带
把tap1起起来并放到br-hao上
查看
在vm上
dhclient
结果
并且可以ping 外网了
参考两本书:《深入浅出neutron》和《kvm虚拟化技术实战与原理解析》
1.在主机centos7(192.168.139.55)上建立的vm是centos的,使vm的的段是192.168.123.0段(因为122段有可能已经被virbr0占了)
2.建立桥接br-hao(设置为192.168.123.1),设置ipv4包转发,设置iptables的ip伪装
3.dnsmasq启动dhcp服务器,绑定到br-hao(ps下如果已经起了dnsmasq就去给干掉)
4.在vm中启动dhclient,尝试ping www.baidu.com没问题
新建个桥接
在主机上
[root@centos7 hao]# brctl addbr br-hao [root@centos7 hao]# brctl stp br-hao on [root@centos7 hao]# brctl setfd br-hao 0 set forward delay failed: Numerical result out of range [root@centos7 hao]# ifconfig br-hao 192.168.123.1 netmask 255.255.255.0 up
设置转发
[root@centos7 hao]# echo 1 > /proc/sys/net/ipv4/ip_forward
默认使用IP未转干掉方式实现nat,而不是使用snat和dnat
[root@centos7 hao]# iptables -t nat -F [root@centos7 hao]# [root@centos7 hao]# [root@centos7 hao]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination [root@centos7 hao]# [root@centos7 hao]# iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 ! -d 192.168.123.0/255.255.255.0 -jMASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 ! -d 192.168.123.0/255.255.255.0 -jMASQUERADE
结果
[root@centos7 hao]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.123.0/24 !192.168.123.0/24
[root@centos7 hao]# ifconfig br-hao
br-hao: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.123.1 netmask 255.255.255.0 broadcast 192.168.123.255
inet6 fe80::4450:a4ff:fe6e:feed prefixlen 64 scopeid 0x20<link>
ether 00:00:00:00:00:00 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1986 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7 hao]#
启动dnsmasq
dnsmasq --strict-order --except-interface=lo --interface=br-hao --listen-address=192.168.123.1 --bind-interfaces --dhcp-range=192.168.123.2,192.168.123.254 --conf-file="" --pid-file=/var/run/qemu-dhcp-br-hao.pid --dhcp-leasefile=/var/run/qemu-dhcp-br-hao.leases --dhcp-no-override ${TFTPROOT:+"--enable-tftp"} ${TFTPROOT:+"--tftp-root=TFTPROOT"} ${BOOTP:+"--dhcp-boot=$BOOTP"}
qemu的启动相同
/usr/libexec/qemu-kvm -m 8192 -smp 2 -hda /home/hao/testnet.img -net nic -net tap,ifname=tap1,script=/home/hao/qemu-ifup,downscript=no -vnc 0.0.0.0:17 -daemonize
testnet.img为一个centos7的镜像,带dhclient命令的,cirros似乎不带
把tap1起起来并放到br-hao上
ifconfig tap1 0.0.0.0 up brctl addif br-hao tap1 brctl show
查看
iptables -t nat -L
在vm上
dhclient
结果
[root@localhost ~]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.123.89 netmask 255.255.255.0 broadcast 192.168.123.255
inet6 fe80::5054:ff:fe12:3456 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:12:34:56 txqueuelen 1000 (Ethernet)
RX packets 11899 bytes 17765331 (16.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4525 bytes 322548 (314.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 420 (420.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 420 (420.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]#
并且可以ping 外网了
参考两本书:《深入浅出neutron》和《kvm虚拟化技术实战与原理解析》