Dr. Lee's blog: 如何在 Linux 底下建立橋接介面給虛擬機器使用

#2019/09/23 修訂

0. 原始網路介面：enp2s0

1. 安裝需要軟體 aptitude install bridge-utils uml-utilities

   安裝完畢後我們即可使用 brctl 這個指令來觀察/新增/移除橋接網路介面。

2. 請以 root 權限執行

   brctl

   其輸出如下所示：

Usage: brctl [commands]
commands:
        addbr           <bridge>                add bridge
        delbr           <bridge>                delete bridge
        addif           <bridge> <device>       add interface to bridge
        delif           <bridge> <device>       delete interface from bridge
        hairpin         <bridge> <port> {on|off}        turn hairpin on/off
        setageing       <bridge> <time>         set ageing time
        setbridgeprio   <bridge> <prio>         set bridge priority
        setfd           <bridge> <time>         set bridge forward delay
        sethello        <bridge> <time>         set hello time
        setmaxage       <bridge> <time>         set max message age
        setpathcost     <bridge> <port> <cost> set path cost
        setportprio     <bridge> <port> <prio> set port priority
        show            [ <bridge> ]            show a list of bridges
        showmacs        <bridge>                show a list of mac addrs
        showstp         <bridge>                show bridge stp info
        stp             <bridge> {on|off}       turn stp on/off

a. 觀看橋接介面資訊：

我們可以執行

   brctl show

   來觀看目前橋接介面狀態，因為目前為止沒有任何橋接介面存在，因此其輸出如下：

bridge name     bridge id               STP enabled     interfaces

b. 建立空的網路橋接介面

brctl addbr br0

建立完畢後再執行 brctl show，其輸出如下：

bridge name     bridge id               STP enabled     interfaces
br0             8000.000000000000       no

請注意最右邊的 interfaces 欄位底下是空的。

或是執行 ip addr show 可以顯示其結果，其輸出如下：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:1d:12:5c:c7 brd ff:ff:ff:ff:ff:ff
    inet 120.117.72.71/25 brd 120.117.72.127 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::224:1dff:fe12:5cc7/64 scope link
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 8a:f7:14:d0:e3:54 brd ff:ff:ff:ff:ff:ff

上述兩種輸出我們都可以看到有新增一個介面叫 br0，這就是所謂的橋接網路介面。

3. 將 br0 橋接給 eth0 使用

brctl addif br0 eth0

eth0 -> br0 -> internet

此時我們再執行

brctl show

會出現

bridge name     bridge id               STP enabled     interfaces
br0             8000.00241d125cc7       no              eth0

這告訴我們目前 eth0 已加入 br0 橋接網路介面中。

接下來我們可以執行一些網路指令來觀看目前網路設定狀況：

3.1 ifconfig

其輸出如下：

br0       Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:31862 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8351683 (7.9 MiB) TX bytes:762 (762.0 B)

eth0      Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71 Bcast:120.117.72.127 Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:92871708 errors:0 dropped:27 overruns:0 frame:0
          TX packets:116756678 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59143957987 (55.0 GiB) TX bytes:143394438170 (133.5 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:854820 errors:0 dropped:0 overruns:0 frame:0
          TX packets:854820 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:72657228 (69.2 MiB) TX bytes:72657228 (69.2 MiB)

3.2 route (觀看目前主機路由) -> 什麼叫主機路由 ?

其輸出如下：

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         120.117.72.126 0.0.0.0         UG    0      0        0 eth0
120.117.72.0    *               255.255.255.128 U     0      0        0 eth0

但是現在網路會出現連線的問題，因此我們要再修改一下。

4. 修改網路設定，使其開機後能自動 bridge

編輯 /etc/network/interfaces，將 eth0 由底下片段：

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 120.117.72.71
        netmask 255.255.255.128
        gateway 120.117.72.126
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 120.117.2.1
        dns-search eecs.stust.edu.tw

改為：

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet static
#        address 120.117.72.71
#        netmask 255.255.255.128
#        gateway 120.117.72.126
#        # dns-* options are implemented by the resolvconf package, if installed
#        dns-nameservers 120.117.2.1
#        dns-search eecs.stust.edu.tw

iface eth0 inet manual

auto br0
iface br0 inet static
address 120.117.72.71
netmask 255.255.255.128
gateway 120.117.72.126
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

重新編輯 /etc/network/interfaces 檔案後，我們可以執行

/etc/init.d/networking restart

來重新啟動網路介面，其輸出如下：

[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 20 seconds).
Starting rpcbind daemon...Already running..
Starting NFS common utilities: statd idmapd.
done.

接著我們執行 ifconfig 來觀看網路狀況，其輸出如下：

br0       Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71 Bcast:120.117.72.127 Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:33183 errors:0 dropped:0 overruns:0 frame:0
          TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8487100 (8.0 MiB) TX bytes:33164 (32.3 KiB)

eth0      Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:92875730 errors:0 dropped:27 overruns:0 frame:0
          TX packets:116759427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59145121172 (55.0 GiB) TX bytes:143394914474 (133.5 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:857668 errors:0 dropped:0 overruns:0 frame:0
          TX packets:857668 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:72951279 (69.5 MiB) TX bytes:72951279 (69.5 MiB)

我們可以發現此時 br0 有網路 ip 等設定，而 eth0 沒有了。接下來我們可以重啟電腦，
來觀看是否重開機後網路設定仍然存在。

另外我們可以觀察 route 來看看主機路由為何，其輸出如下：

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         120-117-72-126. 0.0.0.0         UG    0      0        0 br0
120.117.72.0    *               255.255.255.128 U     0      0        0 br0

從上面資訊可以看到目前的對外路由為 br0 介面。

5. 新增 br1 網路介面

請在 /etc/network/interfaces 中新增底下片段：

auto br1
iface br1 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 120.117.72.71
bridge_ports tap0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

請注意上述設定中之 gateway 要為本機 ip，而 bridge ports 要設為 tap0，設定完畢後
請執行：

/etc/init.d/networking restart

其輸出如下：

[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 20 seconds).
if-up.d/mountnfs[br0]: waiting for interface br1 before doing NFS mounts ... (warning).
interface tap0 does not exist!

Waiting for br1 to get ready (MAXWAIT is 20 seconds).
RTNETLINK answers: Network is unreachable
Failed to bring up br1.
done.

此時我們再執行一次 ifconfig 來觀看網路介面，其輸出如下：

br0       Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71 Bcast:120.117.72.127 Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1144 (1.1 KiB) TX bytes:364 (364.0 B)

br1       Link encap:Ethernet HWaddr 36:88:01:09:0f:26
          inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
          inet6 addr: fe80::3488:1ff:fe09:f26/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:238 (238.0 B)

eth0      Link encap:Ethernet HWaddr 00:24:1d:12:5c:c7
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:123634 errors:0 dropped:0 overruns:0 frame:0
          TX packets:108003 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:102252702 (97.5 MiB) TX bytes:96428415 (91.9 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:6489 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6489 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:364364 (355.8 KiB) TX bytes:364364 (355.8 KiB)

我們可以看到多了一個 br1 網路介面，其網段是 192.168.1.1/24

Dr. Lee's blog

2014年3月13日星期四

如何在 Linux 底下建立橋接介面給虛擬機器使用

2 則留言:

2014年3月13日 星期四

如何在 Linux 底下建立橋接介面給虛擬機器使用

2 則留言:

2014年3月13日星期四