neutron基础九（qemu nat网络）

接上基础八，kvm透传nested忽略




1.在主机centos7(192.168.139.55)上建立的vm是centos的，使vm的的段是192.168.123.0段（因为122段有可能已经被virbr0占了）
2.建立桥接br-hao（设置为192.168.123.1），设置ipv4包转发，设置iptables的ip伪装
3.dnsmasq启动dhcp服务器，绑定到br-hao(ps下如果已经起了dnsmasq就去给干掉)
4.在vm中启动dhclient，尝试ping www.baidu.com没问题


新建个桥接
在主机上

[root@centos7 hao]# brctl addbr br-hao
[root@centos7 hao]# brctl stp br-hao on
[root@centos7 hao]# brctl setfd br-hao 0
set forward delay failed: Numerical result out of range
[root@centos7 hao]# ifconfig br-hao 192.168.123.1 netmask 255.255.255.0 up

设置转发

[root@centos7 hao]# echo 1 > /proc/sys/net/ipv4/ip_forward

默认使用IP未转干掉方式实现nat，而不是使用snat和dnat

[root@centos7 hao]# iptables -t nat -F
[root@centos7 hao]# 
[root@centos7 hao]# 
[root@centos7 hao]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
[root@centos7 hao]# 
[root@centos7 hao]# iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 ! -d 192.168.123.0/255.255.255.0 -jMASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 ! -d 192.168.123.0/255.255.255.0 -jMASQUERADE
结果

[root@centos7 hao]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.123.0/24    !192.168.123.0/24    
[root@centos7 hao]# ifconfig br-hao
br-hao: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.123.1  netmask 255.255.255.0  broadcast 192.168.123.255
        inet6 fe80::4450:a4ff:fe6e:feed  prefixlen 64  scopeid 0x20<link>
        ether 00:00:00:00:00:00  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1986 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@centos7 hao]#

启动dnsmasq

dnsmasq --strict-order --except-interface=lo --interface=br-hao --listen-address=192.168.123.1 --bind-interfaces --dhcp-range=192.168.123.2,192.168.123.254 --conf-file="" --pid-file=/var/run/qemu-dhcp-br-hao.pid --dhcp-leasefile=/var/run/qemu-dhcp-br-hao.leases --dhcp-no-override  ${TFTPROOT:+"--enable-tftp"} ${TFTPROOT:+"--tftp-root=TFTPROOT"} ${BOOTP:+"--dhcp-boot=$BOOTP"} 

qemu的启动相同

/usr/libexec/qemu-kvm -m 8192 -smp 2   -hda /home/hao/testnet.img  -net nic -net tap,ifname=tap1,script=/home/hao/qemu-ifup,downscript=no  -vnc 0.0.0.0:17  -daemonize

testnet.img为一个centos7的镜像，带dhclient命令的，cirros似乎不带

把tap1起起来并放到br-hao上

ifconfig tap1 0.0.0.0 up
brctl addif br-hao tap1
brctl show

查看

iptables -t nat -L

在vm上
dhclient
结果

[root@localhost ~]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.123.89  netmask 255.255.255.0  broadcast 192.168.123.255
        inet6 fe80::5054:ff:fe12:3456  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:12:34:56  txqueuelen 1000  (Ethernet)
        RX packets 11899  bytes 17765331 (16.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4525  bytes 322548 (314.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4  bytes 420 (420.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 420 (420.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# 

并且可以ping 外网了


参考两本书：《深入浅出neutron》和《kvm虚拟化技术实战与原理解析》