首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
广告
yezheyu
V2EX  ›  问与答

请教一个关于虚拟网桥下的设备 ping 外网的问题

  •   
  •   yezheyu · 22 天前 · 293 次点击

    最近在学习 docker 下桥接网络的实现,容器之间可以 ping 通,但 ping 外网不通

    想请教下大家该怎么配置呢?

    拓扑图如下: 1856260431.jpg

    # 创建两个命名网络空间
$ ip netns add net1
$ ip netns add net2

# 创建两对 veth peer ,并分别将其中一端绑定到两个网络空间中
$ ip link add veth1 type veth peer name veth1_p
$ ip link set veth1 netns net1

$ ip link add veth2 type veth peer name veth2_p
$ ip link set veth2 netns net2


# 把网络空间中的 veth2 和 veth1 网卡设置 ip 并启用
$ ip netns exec net1 ip addr add 192.168.0.101/24 dev veth1
$ ip netns exec net1 ip link set veth1 up

$ ip netns exec net2 ip addr add 192.168.0.102/24 dev veth2
$ ip netns exec net2 ip link set veth2 up


# 创建一个 br0 网桥,并把 veth1 和 veth2 的对端接口绑定到网桥上,并启用
$ brctl addbr br0
$ ip link set dev veth1_p master br0
$ ip link set dev veth2_p master br0

$ ip link set veth1_p up
$ ip link set veth2_p up
$ ip link set br0 up


# 在宿主机上添加一对新的 veth pair3 ,一段绑定在 br0 上,一段位于宿主机上
$ ip link add veth3 type veth peer name veth3_p
$ ip link set dev veth3_p master br0
$ ip link set veth3_p up
$ ip addr add 192.168.0.103/24 dev veth3
$ ip link set veth3 up



# 把 net1 和 net2 看成两台拥有网卡的机器,它们通过 br0 网桥连接到一起,所以可以 ping 通
$ ip netns exec net1 ping 192.168.0.102 -I veth1
PING 192.168.0.102 (192.168.0.102) from 192.168.0.101 veth1: 56(84) bytes of data.
64 bytes from 192.168.0.102: icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from 192.168.0.102: icmp_seq=2 ttl=64 time=0.008 ms

# net1 、net2 和宿主机 3 台机器通过交换机 br0 连接在一起,可以互通
$ ip netns exec net1 ping 192.168.0.103 -I veth1
PING 192.168.0.103 (192.168.0.103) from 192.168.0.101 veth1: 56(84) bytes of data.
64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.084 ms

    问题出在这,ping 外网 ping 不通,是因为手机作为一个路由器,没有对 192.168.0.0 网段的数据包做 SNAT 吗?

    # 为 net1 配置默认网关
$ ip netns exec net1 route add default gw 192.168.0.103

# ping 百度服务器,ping 不通
$ ip netns exec net1 ping 110.242.68.66 -I veth1


# wlp1s0 网卡能收到 net1 发出的数据
$ tcpdump -vv -i wlp1s0 src host 192.168.0.101
tcpdump: listening on wlp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:22:06.427844 IP (tos 0x0, ttl 63, id 2941, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.101 > 110.242.68.66: ICMP echo request, id 37009, seq 1, length 64
16:22:07.448181 IP (tos 0x0, ttl 63, id 3138, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.101 > 110.242.68.66: ICMP echo request, id 37009, seq 2, length 64



# 本机路由
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.159.223 0.0.0.0         UG    600    0        0 wlp1s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlp1s0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker_gwbridge
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 veth3
192.168.159.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp1s0



# 本机部分网卡
$ ip a
2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5c:51:4f:10:22:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.159.201/24 brd 192.168.159.255 scope global dynamic noprefixroute wlp1s0
       valid_lft 3519sec preferred_lft 3519sec
    inet6 240e:476:ff95:e0d4:3390:ff9f:b0d5:2798/64 scope global temporary dynamic 
       valid_lft 3524sec preferred_lft 3524sec
    inet6 240e:476:ff95:e0d4:603e:8018:5b5c:5e53/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 3524sec preferred_lft 3524sec
    inet6 fe80::6009:e9c:61a3:3c9d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
21: veth1_p@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether 82:62:51:0d:17:15 brd ff:ff:ff:ff:ff:ff link-netns net1
    inet6 fe80::8062:51ff:fe0d:1715/64 scope link 
       valid_lft forever preferred_lft forever
23: veth2_p@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether 6e:fc:d0:ac:ba:84 brd ff:ff:ff:ff:ff:ff link-netns net2
    inet6 fe80::6cfc:d0ff:feac:ba84/64 scope link 
       valid_lft forever preferred_lft forever
25: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:ba:bd:86:a2:48 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ecba:bdff:fe86:a248/64 scope link 
       valid_lft forever preferred_lft forever
26: veth3_p@veth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether 5e:ff:27:20:56:15 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5cff:27ff:fe20:5615/64 scope link 
       valid_lft forever preferred_lft forever
27: veth3@veth3_p: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d2:6a:18:98:1e:23 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.103/24 scope global veth3
       valid_lft forever preferred_lft forever
    inet6 fe80::d06a:18ff:fe98:1e23/64 scope link 
       valid_lft forever preferred_lft forever
    目前尚无回复
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3224 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 11:11 · PVG 19:11 · LAX 04:11 · JFK 07:11
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.