Acho que você está perdendo uma regra de iptable para o mascarada
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
Eu tenho o Ubuntu 14.04 (64 bits) + Host KVM com 2 NICs:
- eth0 conectado à rede "pública"
- eth1 conectado à bridge br0 com um intervalo de endereços IP privados
Do Host, posso acessar a Internet, efetuar ping no VM Guest e conectá-lo via SSH.
Do VM Guest, só posso fazer ping do Host, mas não consigo acessar a Internet e não posso pingar no google.com
Ajude-me a conectar a VM Guest à Internet na configuração descrita abaixo:
/ etc / network / interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.2.60 netmask 255.255.255.0 gateway 192.168.2.254 dns-nameservers 8.8.8.8 auto eth1 iface eth1 inet manual auto br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 bridge_ports eth1 bridge_stp off bridge_maxwait 0 bridge_fd 0 # Create and destroy the bridge automatically. pre-up brctl addbr br0 ip link set dev br0 up post-up /usr/sbin/brctl setfd br0 0 addif br0 eth1 post-down brctl delbr br0
Rede KVM é definida como:
<network>
<name>br0-net</name>
<uuid>9d24b473-0b4d-4cfa-8b12-7bf267d856ae</uuid>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
# route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
/ etc / network / interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 10.0.0.11 netmask 255.255.255.0
O xml convidado é definido como
<interface type='bridge'>
<mac address='52:54:00:6b:93:69'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</interface>
# route -n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
O Ping KVM Host do Guest funciona para 10.0.0.1 e 192.168.2.60:
$ ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.555 ms
$ ping 192.168.2.60
PING 192.168.2.60 (192.168.2.60) 56(84) bytes of data. 64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.772 ms
Ping num computador diferente 192.168.2.3 do Guest não funciona:
--- 192.168.2.3 ping statistics --- 277 packets transmitted, 0 received, 100% packet loss, time 276399ms
O ping google.com do Guest não funciona:
ping: unknown host google.com