2014年3月13日 星期四

如何在 Linux 底下建立橋接介面給虛擬機器使用

#2019/09/23 修訂

0. 原始網路介面:enp2s0

1. 安裝需要軟體 aptitude install bridge-utils uml-utilities

   安裝完畢後我們即可使用 brctl 這個指令來觀察/新增/移除橋接網路介面。


2. 請以 root 權限執行

   brctl

   其輸出如下所示:

Usage: brctl [commands]
commands:
        addbr           <bridge>                add bridge
        delbr           <bridge>                delete bridge
        addif           <bridge> <device>       add interface to bridge
        delif           <bridge> <device>       delete interface from bridge
        hairpin         <bridge> <port> {on|off}        turn hairpin on/off
        setageing       <bridge> <time>         set ageing time
        setbridgeprio   <bridge> <prio>         set bridge priority
        setfd           <bridge> <time>         set bridge forward delay
        sethello        <bridge> <time>         set hello time
        setmaxage       <bridge> <time>         set max message age
        setpathcost     <bridge> <port> <cost>  set path cost
        setportprio     <bridge> <port> <prio>  set port priority
        show            [ <bridge> ]            show a list of bridges
        showmacs        <bridge>                show a list of mac addrs
        showstp         <bridge>                show bridge stp info
        stp             <bridge> {on|off}       turn stp on/off

a. 觀看橋接介面資訊:

我們可以執行

   brctl show

   來觀看目前橋接介面狀態,因為目前為止沒有任何橋接介面存在,因此其輸出如下:

bridge name     bridge id               STP enabled     interfaces


b. 建立空的網路橋接介面

brctl addbr br0

建立完畢後再執行 brctl show,其輸出如下:

bridge name     bridge id               STP enabled     interfaces
br0             8000.000000000000       no

請注意最右邊的 interfaces 欄位底下是空的。

或是執行 ip addr show 可以顯示其結果,其輸出如下:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:1d:12:5c:c7 brd ff:ff:ff:ff:ff:ff
    inet 120.117.72.71/25 brd 120.117.72.127 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::224:1dff:fe12:5cc7/64 scope link
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 8a:f7:14:d0:e3:54 brd ff:ff:ff:ff:ff:ff

上述兩種輸出我們都可以看到有新增一個介面叫 br0,這就是所謂的橋接網路介面。



3. 將 br0 橋接給 eth0 使用

brctl addif br0 eth0

eth0 -> br0 -> internet

此時我們再執行

brctl show

會出現

bridge name     bridge id               STP enabled     interfaces
br0             8000.00241d125cc7       no              eth0

這告訴我們目前 eth0 已加入 br0 橋接網路介面中。


接下來我們可以執行一些網路指令來觀看目前網路設定狀況:

3.1 ifconfig

其輸出如下:

br0       Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31862 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8351683 (7.9 MiB)  TX bytes:762 (762.0 B)

eth0      Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71  Bcast:120.117.72.127  Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:92871708 errors:0 dropped:27 overruns:0 frame:0
          TX packets:116756678 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59143957987 (55.0 GiB)  TX bytes:143394438170 (133.5 GiB)


lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:854820 errors:0 dropped:0 overruns:0 frame:0
          TX packets:854820 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:72657228 (69.2 MiB)  TX bytes:72657228 (69.2 MiB)

3.2 route (觀看目前主機路由) -> 什麼叫主機路由 ?

其輸出如下:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         120.117.72.126  0.0.0.0         UG    0      0        0 eth0
120.117.72.0    *               255.255.255.128 U     0      0        0 eth0

但是現在網路會出現連線的問題,因此我們要再修改一下。

4. 修改網路設定,使其開機後能自動 bridge

編輯 /etc/network/interfaces,將 eth0 由 底下片段:

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 120.117.72.71
        netmask 255.255.255.128
        gateway 120.117.72.126
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 120.117.2.1
        dns-search eecs.stust.edu.tw

改為:

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet static
#        address 120.117.72.71
#        netmask 255.255.255.128
#        gateway 120.117.72.126
#        # dns-* options are implemented by the resolvconf package, if installed
#        dns-nameservers 120.117.2.1
#        dns-search eecs.stust.edu.tw


iface eth0 inet manual

auto br0
iface br0 inet static
address 120.117.72.71
netmask 255.255.255.128
gateway 120.117.72.126
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

重新編輯 /etc/network/interfaces 檔案後,我們可以執行

/etc/init.d/networking restart

來重新啟動網路介面,其輸出如下:

[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 20 seconds).
Starting rpcbind daemon...Already running..
Starting NFS common utilities: statd idmapd.
done.

接著我們執行 ifconfig 來觀看網路狀況,其輸出如下:

br0       Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71  Bcast:120.117.72.127  Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33183 errors:0 dropped:0 overruns:0 frame:0
          TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8487100 (8.0 MiB)  TX bytes:33164 (32.3 KiB)

eth0      Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:92875730 errors:0 dropped:27 overruns:0 frame:0
          TX packets:116759427 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59145121172 (55.0 GiB)  TX bytes:143394914474 (133.5 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:857668 errors:0 dropped:0 overruns:0 frame:0
          TX packets:857668 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:72951279 (69.5 MiB)  TX bytes:72951279 (69.5 MiB)

我們可以發現此時 br0 有網路 ip 等設定,而 eth0 沒有了。接下來我們可以重啟電腦,
來觀看是否重開機後網路設定仍然存在。

另外我們可以觀察 route 來看看主機路由為何,其輸出如下:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         120-117-72-126. 0.0.0.0         UG    0      0        0 br0
120.117.72.0    *               255.255.255.128 U     0      0        0 br0


從上面資訊可以看到目前的對外路由為 br0 介面。


5. 新增 br1 網路介面

請在 /etc/network/interfaces 中新增底下片段:

auto br1
iface br1 inet static
address 192.168.1.1
netmask 255.255.255.0
gateway 120.117.72.71
bridge_ports tap0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

請注意上述設定中之 gateway 要為本機 ip,而 bridge ports 要設為 tap0,設定完畢後
請執行:

/etc/init.d/networking restart

其輸出如下:

[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...
Waiting for br0 to get ready (MAXWAIT is 20 seconds).
if-up.d/mountnfs[br0]: waiting for interface br1 before doing NFS mounts ... (warning).
interface tap0 does not exist!

Waiting for br1 to get ready (MAXWAIT is 20 seconds).
RTNETLINK answers: Network is unreachable
Failed to bring up br1.
done.

此時我們再執行一次 ifconfig 來觀看網路介面,其輸出如下:


br0       Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          inet addr:120.117.72.71  Bcast:120.117.72.127  Mask:255.255.255.128
          inet6 addr: fe80::224:1dff:fe12:5cc7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1144 (1.1 KiB)  TX bytes:364 (364.0 B)

br1       Link encap:Ethernet  HWaddr 36:88:01:09:0f:26
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::3488:1ff:fe09:f26/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:238 (238.0 B)

eth0      Link encap:Ethernet  HWaddr 00:24:1d:12:5c:c7
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:123634 errors:0 dropped:0 overruns:0 frame:0
          TX packets:108003 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:102252702 (97.5 MiB)  TX bytes:96428415 (91.9 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6489 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6489 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:364364 (355.8 KiB)  TX bytes:364364 (355.8 KiB)


我們可以看到多了一個 br1 網路介面,其網段是 192.168.1.1/24





2 則留言:

  1. https://zh.wikipedia.org/wiki/TUN%E4%B8%8ETAP

    可以參考維基的說明

    回覆刪除