NAT网络

系统centos7
虚拟机网络
物理网卡 ens33 10.72.60.155 网关 10.72.60.2
KVM虚拟机网络
虚拟网络 eth0 192.168.110.145 网关 192.168.110.1

KVM网络管理命令

net-autostart                  自动开始网络
net-create                     从一个 XML 文件创建一个网络
net-define                     定义一个永久网络或修改一个xml文件中定义的持久网络
net-destroy                    销毁（停止）网络
net-dhcp-leases                打印给定网络的租赁信息
net-dumpxml                    XML 中的网络信息
net-edit                       为网络编辑 XML 配置
net-event                      Network Events
net-info                       网络信息
net-list                       列出网络
net-name                       把一个网络UUID 转换为网络名
net-start                      开始一个(以前定义的)不活跃的网络
net-undefine                   取消（删除）定义一个永久网络
net-update                     更新现有网络配置的部分
net-uuid                       把一个网络名转换为网络UUID

这里以添加my_bro，删除default为例

添加my_bro

#通过XML文件创建my_bro
cd /etc/libvirt/qemu/networks/
#用default.xml生成my_bro.xml
cp default.xml my_bro.xml

default.xml与my_bro.xml对比

#删除了uuid，mac address，修改了name、forward mode、bridge name、ip address、range start

my_bro.xml

<network>
  <name>my_bro</name>
  <forward mode='route'/>
  <bridge name='virbr1' stp='on' delay='0'/>
  <ip address='192.168.110.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.110.2' end='192.168.110.254'/>
    </dhcp>
  </ip>
</network>

default.xml

<network>
  <name>default</name>
  <uuid>b4f7d394-6b54-4ef1-ad9c-cf63f458dd63</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:a9:8a:a6'/>
  <ip address='192.168.123.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.123.2' end='192.168.123.254'/>
    </dhcp>
  </ip>
</network>

通过XML文件创建网络

永久创建网络

virsh net-define my_bro.xml

临时创建网络

virsh net-create my_bro.xml

查看网络列表

virsh net-list --all

启动my_bro

virsh net-start my_bro

设置my_bro自动启动

virsh net-autostart my_bro

查看网络列表

virsh net-list --all

删除default

禁止default自动启动

virsh net-autostart default --disable

停止default

virsh net-destroy default

查看网络列表

virsh net-list --all

删除default

virsh net-undefine default

修改虚拟机网络

virsh edit test1

修改前

<interface type='network'>
    <mac address='52:54:00:3c:f2:fd'/>
    <source network='default'/>
    <model type='virtio'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

修改后

<interface type='network'>
    <source network='my_bro'/>
    <model type='virtio'/>
    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

重启虚拟机

virsh shutdown test1
virsh start test1
virsh reboot test1

修改虚拟机ifcfg-eth0

#修改IP地址和网关

物理机做NAT，外网登录KVM虚拟机

将物理网卡和virbr1虚拟网络放在同一个域

经测试，在不在一个域无所谓，但是必须开启物理网卡所在域NAT功能，将转换规则写在网络网卡所在的域

firewall-cmd --zone=internal --change-interface=ens33 --permanent
firewall-cmd --zone=internal --change-interface=virbr1 --permanent

开启所在域的NAT功能

firewall-cmd --permanent --zone=internal --add-masquerade

重新导入规则

firewall-cmd --reload

查看NAT功能是否开启

firewall-cmd --query-masquerade --zone=internal

NAT规则

firewall-cmd --add-forward-port=port=8022:proto=tcp:toport=22:toaddr=192.168.110.145 --permanent --zone=internal

重新导入规则

firewall-cmd --reload

查看规则

firewall-cmd --list-all --zone=internal

访问测试

桥接模式

#创建桥接网络
cd /etc/sysconfig/network-scripts/
#备份原文件
cp ifcfg-enp4s0{,.bak}
#创建br0文件
cp ifcfg-enp4s0 ifcfg-br0
#修改br0配置
vim ifcfg-br0

TYPE="Bridge"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="br0"
DEVICE="br0"
ONBOOT="yes"
IPADDR="192.168.100.134"
PREFIX="24"
GATEWAY="192.168.100.1"
DNS1="114.114.114.114"
ZONE=public

#修改enp4s0配置
vim ifcfg-enp4s0

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="enp4s0"
DEVICE="enp4s0"
ONBOOT="yes"
ZONE=public
BRIDGE=br0

#重启计算机
reboot
#查看网络
ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether 54:a0:50:df:2d:b9 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 54:a0:50:df:2d:b9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.134/24 brd 192.168.100.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::56a0:50ff:fedf:2db9/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:1d:f2:c8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:1d:f2:c8 brd ff:ff:ff:ff:ff:ff

#测试访问网络
ping 1.1.1.1
ping www.baidu.com

命令行创建使用桥接网络的虚拟机

virt-install --os-variant rhel7 \
            --name centos7-2 \
            --memory 1024,maxmemory=1024 \
            --vcpus 2,maxvcpus=2 \
            --network bridge=br0 \
            --disk device=disk,path=/var/lib/libvirt/images/testkvm2.disk01,format=qcow2,size=3,bus=virtio,cache=writeback,io=threads \
            --location /iso/CentOS-7-x86_64-DVD-1708.iso \
            --graphics vnc,port=-1 \
            --autostart

图形化安装

virt-manager

点完成后正常安装centos