创建NAT模式KVM虚拟机

创建NAT模式KVM虚拟机

1 添加脚本执行权限（上传脚本文件至root目录）。

首先需要给脚本赋予执行权限。

# chmod +x qemu-ifup-NAT

2 启动虚拟机。

通过命令启动虚拟机。(记得安装net-tools)

# yum install net-tools -y # qemu-kvm -m 1024 -drive file=cirros-0.3.3-x86_64-disk.img,if=virtio -net nic,model=virtio -net tap,script=qemu-ifup-NAT -nographic -vnc :1

3 检查创建结果。

通过以上的命令生成了一个虚拟机和一个网桥，还有一个虚拟机对应的接口tap0，完成后通过VNC Viewer软件远程访问该虚拟机，列举出此虚拟机的IP地址、子网掩码等信息，也可以看出此系统的路由信息，如图3-2所示。

图3-2 网络信息

4 查询网桥接口信息。

查看系统的网桥信息，可以看出virbro网桥挂载的接口信息。

# brctl  show bridge name     bridge id               STP enabled     interfaces br0             8000.000c29ec4915       no              ens33 virbr0          8000.5254000049aa       yes             tap0

5 查看TAP接口。

# ip addr list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 00:0c:29:ec:49:15 brd ff:ff:ff:ff:ff:ff     inet 30.8.0.120/24 brd 30.8.0.255 scope global ens33     inet6 fe80::20c:29ff:feec:4915/64 scope link        valid_lft forever preferred_lft forever 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN     link/ether 00:0c:29:ec:49:15 brd ff:ff:ff:ff:ff:ff     inet 30.8.0.120/24 brd 30.8.0.255 scope global br0     inet6 fe80::20c:29ff:feec:4915/64 scope link        valid_lft forever preferred_lft forever 4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN     link/ether 52:54:00:00:49:aa brd ff:ff:ff:ff:ff:ff     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500     link/ether 52:54:00:00:49:aa brd ff:ff:ff:ff:ff:ff 9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500     link/ether c2:4f:06:48:47:1f brd ff:ff:ff:ff:ff:ff     inet6 fe80::c04f:6ff:fe48:471f/64 scope link        valid_lft forever preferred_lft forever

6 检查网络连通性。

虚拟机实例的ens33接口PING宿主机的网关，检查网络的联通性。

$ping  30.8.0.1（宿主机网络地址） -c 4 PING 30.8.0.1 (30.8.0.1): 56 data bytes 64 bytes from 30.8.0.1: seq=0 ttl=127 time=0.833 ms 64 bytes from 30.8.0.1: seq=1 ttl=127 time=0.697 ms 64 bytes from 30.8.0.1: seq=2 ttl=127 time=0.720 ms 64 bytes from 30.8.0.1: seq=3 ttl=127 time=0.793 ms --- 30.8.0.1 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 0.697/0.760/0.833 ms

7 查询宿主机iptables nat表信息。

# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target     prot opt source               destination          Chain POSTROUTING (policy ACCEPT) target     prot opt source               destination          MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535 MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535 MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24     MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24     Chain OUTPUT (policy ACCEPT) target     prot opt source               destination