创建NAT模式KVM虚拟机
1 添加脚本执行权限(上传脚本文件至root目录)。
首先需要给脚本赋予执行权限。
# chmod +x qemu-ifup-NAT |
2 启动虚拟机。
通过命令启动虚拟机。(记得安装net-tools)
# yum install net-tools -y # qemu-kvm -m 1024 -drive file=cirros-0.3.3-x86_64-disk.img,if=virtio -net nic,model=virtio -net tap,script=qemu-ifup-NAT -nographic -vnc :1 |
3 检查创建结果。
通过以上的命令生成了一个虚拟机和一个网桥,还有一个虚拟机对应的接口tap0,完成后通过VNC Viewer软件远程访问该虚拟机,列举出此虚拟机的IP地址、子网掩码等信息,也可以看出此系统的路由信息,如图3-2所示。
图3-2 网络信息
4 查询网桥接口信息。
查看系统的网桥信息,可以看出virbro网桥挂载的接口信息。
# brctl show bridge name bridge id STP enabled interfaces br0 8000.000c29ec4915 no ens33 virbr0 8000.5254000049aa yes tap0 |
5 查看TAP接口。
# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ec:49:15 brd ff:ff:ff:ff:ff:ff inet 30.8.0.120/24 brd 30.8.0.255 scope global ens33 inet6 fe80::20c:29ff:feec:4915/64 scope link valid_lft forever preferred_lft forever 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:0c:29:ec:49:15 brd ff:ff:ff:ff:ff:ff inet 30.8.0.120/24 brd 30.8.0.255 scope global br0 inet6 fe80::20c:29ff:feec:4915/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 52:54:00:00:49:aa brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500 link/ether 52:54:00:00:49:aa brd ff:ff:ff:ff:ff:ff 9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether c2:4f:06:48:47:1f brd ff:ff:ff:ff:ff:ff inet6 fe80::c04f:6ff:fe48:471f/64 scope link valid_lft forever preferred_lft forever |
6 检查网络连通性。
虚拟机实例的ens33接口PING宿主机的网关,检查网络的联通性。
$ping 30.8.0.1(宿主机网络地址) -c 4 PING 30.8.0.1 (30.8.0.1): 56 data bytes 64 bytes from 30.8.0.1: seq=0 ttl=127 time=0.833 ms 64 bytes from 30.8.0.1: seq=1 ttl=127 time=0.697 ms 64 bytes from 30.8.0.1: seq=2 ttl=127 time=0.720 ms 64 bytes from 30.8.0.1: seq=3 ttl=127 time=0.793 ms --- 30.8.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.697/0.760/0.833 ms |
7 查询宿主机iptables nat表信息。
# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 Chain OUTPUT (policy ACCEPT) target prot opt source destination |