Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » Jessie + KVM + VM pfSense, czyli jak polaczyc VM "goscia" z internetem
#1 2016-03-29 13:07:02
Novi-cjusz - 
Użytkownik
- Novi-cjusz
- Użytkownik
- Zarejestrowany: 2013-03-05
Jessie + KVM + VM pfSense, czyli jak polaczyc VM "goscia" z internetem
Witam po Swietach.
Swieta swietami a nalog, nalogiem.
Zainstalowalem Jessie, na niej? KVM na ktorej z kolei Ubuntu Minta i wszystko (networking) dzialalo jak nalezy.
Stworzylem druga VM z pfsense i z 2 interfejsami sieciowymi. (bridging)
Mozna tez polaczyc "goscia" z Internetem bez "mostka"
Narzedzia konfigu moga byc: konsolowe i graficzne.
Mimo wielokrotnych prob i zarwanej nocy, nie uzyskalem polaczenia z Internetem.
Moim celem bylo puscic caly ruch przez VM pfSense.
Przekopalem chyba caly Internet, ale ciagle gdzies robie blad
Troche danych:
Kod:
robin@debian:~$ su
Password:
root@debian:/home/robin# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 br0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
root@debian:/home/robin# ifconfig -a
br0 Link encap:Ethernet HWaddr 60:a4:4c:64:a8:bd
inet addr:192.168.0.182 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::62a4:4cff:fe64:a8bd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34776 errors:0 dropped:0 overruns:0 frame:0
TX packets:34786 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:52762558 (50.3 MiB) TX bytes:5926187 (5.6 MiB)
eth0 Link encap:Ethernet HWaddr 60:a4:4c:64:a8:bd
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:55641 errors:0 dropped:0 overruns:0 frame:0
TX packets:34526 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54628759 (52.0 MiB) TX bytes:5915267 (5.6 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:681 errors:0 dropped:0 overruns:0 frame:0
TX packets:681 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:66787 (65.2 KiB) TX bytes:66787 (65.2 KiB)
virbr0 Link encap:Ethernet HWaddr 42:1d:0b:cb:4b:93
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
virbr1 Link encap:Ethernet HWaddr 52:54:00:e3:47:6d
inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fee3:476d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:514 errors:0 dropped:0 overruns:0 frame:0
TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36376 (35.5 KiB) TX bytes:20491 (20.0 KiB)
virbr1-nic Link encap:Ethernet HWaddr 52:54:00:e3:47:6d
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vnet0 Link encap:Ethernet HWaddr fe:54:00:b9:63:9e
inet6 addr: fe80::fc54:ff:feb9:639e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:514 errors:0 dropped:0 overruns:0 frame:0
TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:43585 (42.5 KiB) TX bytes:31301 (30.5 KiB)
vnet1 Link encap:Ethernet HWaddr fe:54:00:3b:91:b6
inet6 addr: fe80::fc54:ff:fe3b:91b6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39 errors:0 dropped:0 overruns:0 frame:0
TX packets:279 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:4208 (4.1 KiB) TX bytes:14301 (13.9 KiB)
root@debian:/home/robin# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.100.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.100.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
root@debian:/home/robin# lspci | grep Eth
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 09)
root@debian:/home/robin# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 60:a4:4c:64:a8:bd brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 60:a4:4c:64:a8:bd brd ff:ff:ff:ff:ff:ff
inet 192.168.0.182/24 brd 192.168.0.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::62a4:4cff:fe64:a8bd/64 scope link
valid_lft forever preferred_lft forever
4: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 52:54:00:e3:47:6d brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fee3:476d/64 scope link
valid_lft forever preferred_lft forever
5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 500
link/ether 52:54:00:e3:47:6d brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 42:1d:0b:cb:4b:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr1 state UNKNOWN group default qlen 500
link/ether fe:54:00:b9:63:9e brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:feb9:639e/64 scope link
valid_lft forever preferred_lft forever
8: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 500
link/ether fe:54:00:3b:91:b6 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe3b:91b6/64 scope link
valid_lft forever preferred_lft forever
root@debian:/home/robin#Kod:
robin@debian:~$ cat /etc/network/interfaces
#/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet dhcp
bridge_ports eth0
# Bridge options
bridge_stp off
bridge_fd 0
bridge_maxwait 0
robin@debian:~$ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
exit 0
robin@debian:~$Gdyby ktos byl uprzejmy w kilku slowach napisac, co jest nie tak? Jak powinno byc? Moze przyklad na rozwiazanie tego problemu?!
Pozdrawiam
------------------------------------------------------------------------------------
"Inveniam viam aut faciam" : I will either find a way, or I shall make one
"Złoto to pieniądz królów, srebro to pieniądz dżentelmenów, barter to pieniądz chłopów ale dług to pieniądz niewolników."
Offline
Strony: 1
- Forum Debian Users Gang
- » Sieci i serwery
- » Jessie + KVM + VM pfSense, czyli jak polaczyc VM "goscia" z internetem