我有一个 CentOS 专用服务器(Hetzner):
IP:aa.bb.cc。16
网关:aa.bb.cc.1 网络
掩码:255.255.255.255
和附加 IP(安装了 Debian 的来宾 VM(libvirt)):
IP:aa.bb.cc。61
网关:aa.bb.cc.1 网络
掩码:255.255.255.192
我已经使用 Hetzner 文档( https://wiki.hetzner.de/index.php/Netzkonfiguration_CentOS/en#Routed_.28brouter.29 )设置了路由配置。
主机配置:
cat /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.default.proxy_arp=1
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.eth0.send_redirects=0
net.ipv4.conf.br0.send_redirects=0
net.ipv4.conf.default.send_redirects=0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
猫 /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=XX:XX:XX:XX:XX:XX
BOOTPROTO=none
IPADDR=aa.bb.cc.16
NETMASK=255.255.255.255
SCOPE="peer aa.bb.cc.1"
IPV6INIT=yes
IPV6ADDR=2a01:4f8:yyy:yyyy::2/128
IPV6_DEFAULTGW=fe80::1
IPV6_DEFAULTDEV=eth0
猫 /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
ONBOOT=yes
TYPE="Bridge"
BOOTPROTO=static
IPADDR=aa.bb.cc.16
NETMASK=255.255.255.255
IPV6INIT=yes
IPV6ADDR=2a01:4f8:yyy:yyyy::2/64
STP=off
DELAY=0
猫 /etc/sysconfig/network-scripts/route-br0
ADDRESS0=aa.bb.cc.61
NETMASK0=255.255.255.255
访客配置:
cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address aa.bb.cc.61
netmask 255.255.255.255
pointopoint aa.bb.cc.16
gateway aa.bb.cc.16
dns-nameservers 212.133.98.98 212.133.99.99 212.133.100.100
iface eth0 inet6 static
address 2a01:4f8:yyy:yyyy::4
netmask 64
address 2a01:4f8:yyy:yyyy::2
对于从访客 VM 到 Internet 的 Internet 访问,我添加了一条规则:
iptables -t nat -A POSTROUTING -o eth0 -s aa.bb.cc.61 -j SNAT --to-source aa.bb.cc.16
问题:可以通过访客 IP aa.bb.cc 从 Internet 访问访客 VM。61在路由模式下?当我从外部(互联网)ping 到 aa.bb.cc 时。61我收到“请求超时”。但是 aa.bb.cc.16(主机)ping 正常。我必须添加什么规则?
谢谢你。