| 1 |
Приветствую! |
| 2 |
Есть два гостя в kvm (Guet1 и Guest2). Не работет сеть между |
| 3 |
eth0(Guest1) и eth0(Guest2). Трэйс затыкается на первом хопе, |
| 4 |
|
| 5 |
Guest2~: traceroute -n 192.168.100.2 |
| 6 |
traceroute to 192.168.100.2 (192.168.100.2), 30 hops max, 40 byte packets |
| 7 |
1 192.168.100.10 3000.350 ms !H 3000.346 ms !H 3000.339 ms !H |
| 8 |
|
| 9 |
Аналогичная ситуация с трейсом на Guest1 до Guest2. При этом связь |
| 10 |
между host и всеми guest машинами работает нормально в обе стороны. |
| 11 |
Схема такая: |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
/---tap0(host)---eth0(Guest1) |
| 16 |
world---eth0(Host)----NAT----br0(Host) |
| 17 |
|
| 18 |
\---tap1(host)---eth0(Guest2) |
| 19 |
|
| 20 |
|
| 21 |
В какую сторону копать, что бы пофиксить ситуацию? |
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
Конфиги на host |
| 27 |
-- |
| 28 |
sysctl -p |
| 29 |
|
| 30 |
net.ipv4.ip_forward = 1 |
| 31 |
net.ipv4.conf.default.rp_filter = 1 |
| 32 |
net.ipv4.conf.all.rp_filter = 1 |
| 33 |
net.bridge.bridge-nf-call-arptables = 0 |
| 34 |
net.bridge.bridge-nf-call-iptables = 0 |
| 35 |
net.bridge.bridge-nf-call-ip6tables = 0 |
| 36 |
|
| 37 |
-- |
| 38 |
net |
| 39 |
|
| 40 |
config_eth0=( "dhcp" ) |
| 41 |
|
| 42 |
bridge_br0="tap0 tap1" |
| 43 |
brctl_br0=( "setfd 0" "sethello 0" "stp off" ) |
| 44 |
rc_need_br0="net.tap0 net.tap1" |
| 45 |
|
| 46 |
config_br0=( "192.168.100.254/24" ) |
| 47 |
|
| 48 |
config_tap0=( "null" ) |
| 49 |
tuntap_tap0="tap" |
| 50 |
tunctl_tap0="-u user" |
| 51 |
mac_tap0="52:54:00:12:34:56" |
| 52 |
|
| 53 |
config_tap1=( "null" ) |
| 54 |
tuntap_tap1="tap" |
| 55 |
tunctl_tap1="-u user" |
| 56 |
mac_tap1="52:54:00:12:34:59" |
| 57 |
|
| 58 |
-- |
| 59 |
|
| 60 |
ip a |
| 61 |
|
| 62 |
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN |
| 63 |
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 |
| 64 |
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo |
| 65 |
inet6 ::1/128 scope host |
| 66 |
valid_lft forever preferred_lft forever |
| 67 |
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast |
| 68 |
state UP qlen 1000 |
| 69 |
link/ether 00:1d:60:40:54:e5 brd ff:ff:ff:ff:ff:ff |
| 70 |
inet 77.37.199.58/23 brd 77.37.199.255 scope global eth0 |
| 71 |
inet6 fe80::21d:60ff:fe40:54e5/64 scope link |
| 72 |
valid_lft forever preferred_lft forever |
| 73 |
3: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 |
| 74 |
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff |
| 75 |
33: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc |
| 76 |
pfifo_fast state UNKNOWN qlen 100 |
| 77 |
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff |
| 78 |
inet6 fe80::5054:ff:fe12:3456/64 scope link |
| 79 |
valid_lft forever preferred_lft forever |
| 80 |
34: tap1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc |
| 81 |
pfifo_fast state UNKNOWN qlen 100 |
| 82 |
link/ether 52:54:00:12:34:59 brd ff:ff:ff:ff:ff:ff |
| 83 |
inet6 fe80::5054:ff:fe12:3459/64 scope link |
| 84 |
valid_lft forever preferred_lft forever |
| 85 |
37: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN |
| 86 |
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff |
| 87 |
inet 192.168.100.254/24 brd 192.168.100.255 scope global br0 |
| 88 |
inet6 fe80::5054:ff:fe12:3456/64 scope link |
| 89 |
valid_lft forever preferred_lft forever |
| 90 |
|
| 91 |
--- |
| 92 |
|
| 93 |
iptables-save |
| 94 |
|
| 95 |
|
| 96 |
# Generated by iptables-save v1.4.3.2 on Sun Mar 28 16:59:59 2010 |
| 97 |
*filter |
| 98 |
:INPUT ACCEPT [1038357488:450288049946] |
| 99 |
:FORWARD ACCEPT [787:57190] |
| 100 |
:OUTPUT ACCEPT [884438851:1350759607118] |
| 101 |
COMMIT |
| 102 |
# Completed on Sun Mar 28 16:59:59 2010 |
| 103 |
# Generated by iptables-save v1.4.3.2 on Sun Mar 28 16:59:59 2010 |
| 104 |
*nat |
| 105 |
:PREROUTING ACCEPT [725620:66419189] |
| 106 |
:POSTROUTING ACCEPT [635199:52012933] |
| 107 |
:OUTPUT ACCEPT [677535:55428733] |
| 108 |
-A POSTROUTING -o eth0 -j MASQUERADE |
| 109 |
COMMIT |
| 110 |
|
| 111 |
|
| 112 |
--- |
| 113 |
|
| 114 |
kvm_guest1='kvm -M pc-0.11 -m 1024 -usbdevice mouse -vga "std" -cpu |
| 115 |
core2duo -soundhw ac97 -smp 2 -drive |
| 116 |
file=./centos.img,if=virtio,boot=on -net |
| 117 |
nic,model=virtio,macaddr=52:54:00:12:34:56 -net |
| 118 |
tap,ifname=tap0,script=no -cdrom /dev/cdrom -boot c &' |
| 119 |
|
| 120 |
kvm_guest2='kvm -M pc-0.11 -m 1024 -usbdevice mouse -vga "std" -cpu |
| 121 |
core2duo -soundhw ac97 -smp 2 -drive |
| 122 |
file=./opensuse11-3.img,if=virtio,boot=on -net |
| 123 |
nic,model=virtio,macaddr=52:54:00:12:34:59 -net |
| 124 |
tap,ifname=tap1,script=no -cdrom /dev/cdrom -boot c &' |
Archives