KVM虚拟机桥接网络下无法互相ping通,但与宿主机通信正常的问题求助
2026-4-23
KVM虚拟机桥接网络下无法互相ping通,但与宿主机通信正常的问题求助
大家好,我在Ubuntu Server 22.04上用virt-manager创建了vhost1和vhost2两台KVM虚拟机,网络采用桥接模式(br0)连接宿主机和虚拟机。目前遇到一个奇怪的问题:宿主机和两台虚拟机之间的ping都能正常通,但两台虚拟机互相ping的时候完全不通,想请各位帮忙排查下问题所在。
宿主机网络配置
宿主机的br0网卡地址为192.168.110.161/24,对应的netplan配置文件/etc/netplan/netcfg.yaml内容如下:
network: version: 2 renderer: networkd ethernets: enp24s0f1: dhcp4: false dhcp6: false bridges: br0: macaddress: aa:bb:cc:11:22:33 dhcp4: false dhcp6: false addresses: - 192.168.110.161/24 routes: - to: default via: 192.168.110.1 metric: 100 on-link: true nameservers: addresses: - 223.6.6.6 interfaces: - enp24s0f1 parameters: stp: true forward-delay: 4
宿主机桥接状态
执行brctl show的输出:
(base) root@qlsj:/etc/netplan# brctl show bridge name bridge id STP enabled interfaces br0 8000.aabbcc112233 yes enp24s0f1 vnet6 vnet7 docker0 8000.0242b2287cce no veth1beee8b veth6554059 virbr0 8000.525400dcd61a no vnet2 vnet4
虚拟机网卡配置
vhost1的网卡XML配置
<interface type="bridge"> <mac address="52:54:00:19:ab:92"/> <source bridge="br0"/> <target dev="vnet6"/> <model type="virtio"/> <alias name="net1"/> <address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/> </interface>
vhost2的网卡XML配置
<interface type="bridge"> <mac address="52:54:00:81:59:a2"/> <source network="host-bridge" portid="72753e9d-2408-4858-b8b7-806b3666afa0" bridge="br0"/> <target dev="vnet7"/> <model type="virtio"/> <alias name="net1"/> <address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/> </interface>
虚拟机网络配置
vhost1的网络配置
网卡enp9s0地址为192.168.110.204/24,netplan配置如下:
network: ethernets: # interface name enp9s0: dhcp4: false addresses: [192.168.110.204/24] routes: - to: default via: 192.168.110.1 metric: 99 nameservers: addresses: [223.6.6.6,223.5.5.5] dhcp6: false version: 2
vhost2的网络配置
网卡enp7s0地址为192.168.110.169/24,netplan配置如下:
# This is the network config written by 'subiquity' network: ethernets: # interface name enp7s0: dhcp4: false addresses: [192.168.110.169/24] routes: - to: default via: 192.168.110.1 metric: 101 nameservers: # name server to bind addresses: [223.6.6.6,223.5.5.5] dhcp6: false version: 2
ping测试结果
宿主机ping vhost1
(base) root@qlsj:~# ping 192.168.110.204 PING 192.168.110.204 (192.168.110.204) 56(84) bytes of data. 64 bytes from 192.168.110.204: icmp_seq=1 ttl=64 time=0.398 ms 64 bytes from 192.168.110.204: icmp_seq=2 ttl=64 time=0.280 ms 64 bytes from 192.168.110.204: icmp_seq=3 ttl=64 time=0.253 ms ^C --- 192.168.110.204 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2025ms rtt min/avg/max/mdev = 0.253/0.310/0.398/0.062 ms
宿主机ping vhost2
(base) root@qlsj:~# ping 192.168.110.169 PING 192.168.110.169 (192.168.110.169) 56(84) bytes of data. 64 bytes from 192.168.110.169: icmp_seq=1 ttl=64 time=0.392 ms 64 bytes from 192.168.110.169: icmp_seq=2 ttl=64 time=0.244 ms ^C --- 192.168.110.169 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1007ms rtt min/avg/max/mdev = 0.244/0.318/0.392/0.074 ms
vhost1 ping vhost2
qlsj@vhost1:~$ ping 192.168.110.169 PING 192.168.110.204 (192.168.110.204) 56(84) bytes of data. From 192.168.110.161 icmp_seq=1 Packet filtered From 192.168.110.161 icmp_seq=2 Packet filtered From 192.168.110.161 icmp_seq=3 Packet filtered ^C --- 192.168.110.204 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2034ms
宿主机路由表
执行route命令的输出:
(base) root@qlsj:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.110.1 0.0.0.0 UG 100 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.110.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
已排查的内容
- 宿主机和两台虚拟机都已经设置
net.ipv4.ip_forward = 1 - iptables的FORWARD链策略已经设置为ACCEPT
我已经尝试了不少方法,但还是没能解决问题,实在不知道该从哪里入手了。如果需要我补充其他信息,请随时告诉我!
备注:内容来源于stack exchange,提问作者mdzz
