linuxkvm虚拟机NAT/BRIDGE配置

宿主机网卡配置：

NAT模式安装KVM时候，已经默认配置好了。如果没有：

找回NAT：
#virsh net-define /usr/share/libvirt/networks/default.xml //目标：/etc/libvirt/storage/default.xml
#virsh net-autostart defalut //目标：/etc/libvirt/storage/autostart/default.xml
#virsh net-start default
[root@ywzx-01 ~]# virsh net-list
??§° ??? èa?¨???§ Persistent
--------------------------------------------------
default ?′??¨ yes yes

[root@ywzx-01 ~]#

 

BRIDGE模式，BRIDGE重点：

禁用NetworkManager工具，启用自带的network服务
chkconfig NetworkManager off
chkconfig network on
service NetworkManager stop

测试时，注意关闭宿主机与虚拟机的防火墙等，待测试完后再配置。

[root@ywzx-01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
#UUID=498400a2-bc2d-4680-963d-d0a585cdde5b
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
#NAME="System eth4"
#HWADDR=70:E2:84:0F:08:18
IPADDR=192.168.0.239
NETMASK=255.255.254.0
NETWORK=192.168.0.0
PREFIX=23
GATEWAY=192.168.1.1
DNS1=61.139.2.69
LAST_CONNECT=1438859818
[root@ywzx-01 ~]#

[root@ywzx-01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth4
DEVICE=eth4
TYPE=Ethernet
#UUID=498400a2-bc2d-4680-963d-d0a585cdde5b
ONBOOT=yes
#NM_CONTROLLED=yes
#BOOTPROTO=static
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=yes
#IPV6INIT=no
#NAME="System eth4"
HWADDR=70:E2:84:0F:08:18
#IPADDR=192.168.0.239
#NETMASK=255.255.254.0
#PREFIX=23
#GATEWAY=192.168.1.1
#DNS1=61.139.2.69
#LAST_CONNECT=1438859818
BRIDGE="br0"
[root@ywzx-01 ~]#

重启network服务之后
service network restart
出现“Master connection not found or invalid”网络错误
关闭NetworkManager，重起网络
service NetworkManager stop
service network restart

[root@ywzx-01 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.70e2840f0818 no eth4
vnet0
virbr0 8000.52540097dc51 yes virbr0-nic

bridge br0 已经搭建完成，eth4与虚拟机启动时候产生的vnet0已经在br0中

[root@ywzx-01 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 1009 0 0 br0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0
[root@ywzx-01 ~]#

虚拟机网卡配置：

IPADDR=192.168.0.237
NETMASK=255.255.254.0
NETWORK=192.168.0.0
GATEWAY=192.168.1.1
DNS1=61.139.2.69

-----------------------------------------------------------------------------------

其他参考：

RHEL 6 Virtual Networks and Network Bridges
from: http://www.techotopia.com/index.php/Creating_an_RHEL_6_KVM_Networked_Bridge_Interface

A KVM virtual machine running on RHEL 6 has two options in terms of networking connectivity.

One option is for it to be connected to a virtual network running within the operating system of the host computer. In this configuration any virtual machines on the virtual network can see each other but access to the external network is provided by Network Address Translation (NAT). When using the virtual network and NAT, each virtual machine is represented on the external network (the network to which the host is connected) using the IP address of the host system. This is the default behavior for KVM virtualization and requires no additional configuration, other than selecting the Virtual network option on the Network screen of the virt-manager new virtual machine wizard. Typically, a single virtual network is created by default, represented by the name default and the device virbr0.

In order for guests to appear as individual and independent systems on the external network (i.e. with their own IP addresses), they must be configured to share a physical network interface on the host. This is achieved by configuring a network bridge interface on the host system to which the guests can connect. In the remainder of this chapter we will cover the steps necessary to configure an RHEL 6 network bridge for use by KVM based guest operating systems.
Creating an RHEL 6 Network Bridge

The creation of a network bridge involves the use of the bridge-utils package. Begin by checking if this is already installed by executing the following command:

rpm –q bridge-utils

If the package is not yet installed, install it using yum:

su –
yum install bridge-utils

With this package installed it is time to look at the current network configuration. The easiest way to do this is to run the ifconfig command. The following shows output from running ifconfig on a system on which KVM is installed, but on which a network bridge has yet to be configured:

eth0 Link encap:Ethernet HWaddr 00:13:72:0B:14:57
inet addr:192.168.2.18 Bcast:255.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14715 errors:0 dropped:0 overruns:0 frame:0
TX packets:8586 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:19628565 (18.7 MiB) TX bytes:687049 (670.9 KiB)
Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 b) TX bytes:480 (480.0 b)

virbr0 Link encap:Ethernet HWaddr 62:C1:46:30:92:37
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4187 (4.0 KiB)

In the above output, the entry for eth0 represents a physical network adaptor on the host computer. This is the connection currently used by this host to access the external network. The virbr0 entry represents the virtual network to which guest operating systems will connect if configured to do so.

In order to provide the option for guest operating systems to share the eth0 connection of the host it is necessary to establish a network bridge between eth0 and the virtual machines.

Begin the bridge creation process by gaining root access and changing directory to the /etc/sysconfig/network-scripts directory:

su –
cd /etc/sysconfig/network-scripts

If the interface to be bridged is currently running it should be taken down before proceeding:

ifdown eth0

The next step is to modify the script file for the physical network device. In this example the device is eth0 so we need to edit the ifcfg-eth0 file to add a BRIDGE= line. For the purposes of this example we will name the interface bridge0:

DEVICE="eth0"
BOOTPROTO="dhcp"
HWADDR="00:13:72:0B:14:57"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
BRIDGE="bridge0"

The next step is to create a script file for the bridge interface. The name of this file must take the form ifcfg- where matches the name of the bridge defined in the BRIDGE= directive outlined above. Given this requirement, we will name the file ifcfg-bridge0. The contents of this file for this example will read as follows:

DEVICE="bridge0"
TYPE="Bridge"
BOOTPROTO="dhcp"
ONBOOT="yes"
DELAY=0

Note that the DEVICE= line must refer to the bridge name previously specified (i.e. bridge0 in this instance). Save the file and then start up both interfaces:

ifup eth1
ifup bridge0

Using the ifconfig command, the new bridge interface should now be visible:

bridge0 Link encap:Ethernet HWaddr 00:13:72:0B:14:57
inet addr:192.168.2.18 Bcast:255.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:951 errors:0 dropped:0 overruns:0 frame:0
TX packets:970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:760584 (742.7 KiB) TX bytes:139643 (136.3 KiB)

eth0 Link encap:Ethernet HWaddr 00:13:72:0B:14:57
inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:15831 errors:0 dropped:0 overruns:0 frame:0
TX packets:9750 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:20420107 (19.4 MiB) TX bytes:858409 (838.2 KiB)
Memory:fe3e0000-fe400000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:816 (816.0 b) TX bytes:816 (816.0 b)

virbr0 Link encap:Ethernet HWaddr 62:C1:46:30:92:37
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:4187 (4.0 KiB)

Configuring an RHEL 6 Firewall for a Network Bridge

If a firewall is enabled on the RHEL 6 host, it may be necessary to add an iptables rule to allow network traffic via the bridge interface. This is achieved by adding a rule similar to the following to the /etc/sysconfig/iptables configuration file:

-A RH-Firewall-1-INPUT -i bridge0 -j ACCEPT

The change to the firewall will not take effect until the service is restarted, so complete the configuration by running the following command at the prompt in a terminal window:

/sbin/service iptables restart

Configuring a Virtual Machine to use the Network Bridge


During the virtual machine creation process using the virt-manager tool, the network configuration screen will list now Host device eth0 (Bridge ‘bridge0’) under the Advanced options section of the final page of the new virtual machine creation wizard: