我在RedHat主机上配置了libvirt的默认网络，virbr0网桥已经启动，网络设置为NAT模式，DHCP地址池是192.168.122.2-254，还专门加了规则给名为fw-core的Ubuntu虚拟机分配固定IP192.168.122.2。但奇怪的是，虚拟机里的dhclient拿到的却是10.0.2.15，完全不是我配置的网段。

主机端验证信息 #

网桥状态

brctl show

输出：

bridge name     bridge id               STP enabled     interfaces
virbr0          8000.52540024cafa       yes             virbr0-nic

virbr0的IP配置

ip addr show virbr0|grep inet

输出：

inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0

虚拟机列表

virsh list --all

输出：

Id    Name                           State
---------------------------------------------------
2     fw-core                        running

默认网络XML配置

sudo virsh net-dumpxml default

输出：

<network>
<name>default</name>
<uuid>b270007c-ada2-4c16-9b34-3abecc1c4b94</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:24:ca:fa'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
<host mac='52:54:00:6d:e4:ae' name='fw-core' ip='192.168.122.2'/>
</dhcp>
</ip>
</network>

虚拟机端异常表现 #

我能通过virsh console fw-core连接到虚拟机，但无法用SSH连接10.0.2.15。看起来虚拟机完全跳过了virbr0网桥，从企业网络拿到了IP？dhclient是从10.0.2.2获取的地址，而不是我配置的192.168.122.1，而且我也没法从主机用分配的固定IP连接虚拟机。

虚拟机执行dhclient的输出

sudo dhclient -v ens3

输出：

Listening on LPF/ens3/52:54:00:6d:e4:ae
Sending on   LPF/ens3/52:54:00:6d:e4:ae
Sending on   Socket/fallback
DHCPDISCOVER on ens3 to 255.255.255.255 port 67 interval 3 (xid=0xf27cb27a)
DHCPOFFER of 10.0.2.15 from 10.0.2.2
DHCPREQUEST for 10.0.2.15 on ens3 to 255.255.255.255 port 67 (xid=0x7ab27cf2)
DHCPACK of 10.0.2.15 from 10.0.2.2 (xid=0xf27cb27a)
bound to 10.0.2.15 -- renewal in 32873 seconds.

强制指定DHCP服务器的尝试（失败）

sudo dhclient -v ens3 -s 192.168.122.1

输出：

Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.

Listening on LPF/ens3/52:54:00:6d:e4:ae
Sending on   LPF/ens3/52:54:00:6d:e4:ae
Sending on   Socket/fallback
DHCPREQUEST for 10.0.2.15 on ens3 to 192.168.122.1 port 67 (xid=0x1557fbe4)
DHCPREQU

其他奇怪的现象 #

虚拟机可以正常访问外网，也能连接主机的SSH服务：

curl -s google.com|sed 1q

输出：

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">

sleep 1 | telnet 192.168.122.1 22

输出：

Trying 192.168.122.1...
Connected to 192.168.122.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4
Connection closed by foreign host

虚拟机内部的SSH服务也正常运行：

sleep 1|telnet localhost 22

输出：

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4
Connection closed by foreign host.

防火墙排查情况 #

我怀疑是主机防火墙的问题，已经把virbr0加到了internal区域：

sudo firewall-cmd --zone=internal --list-all

输出：

internal (active)
target: default
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6-client mdns samba-client ssh
ports: 67/tcp 67/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

主机所有网卡信息

ip addr

输出：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 0a:6c:8e:88:52:62 brd ff:ff:ff:ff:ff:ff
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 3c:ec:ef:d1:18:54 brd ff:ff:ff:ff:ff:ff
inet 10.48.86.33/24 brd 10.48.86.255 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 fe80::310c:bed0:9e4f:f53d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 3c:ec:ef:d1:18:55 brd ff:ff:ff:ff:ff:ff
13: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:24:ca:fa brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
14: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:24:ca:fa brd ff:ff:ff:ff:ff:ff

再次确认网桥状态

brctl show

输出：

bridge name     bridge id               STP enabled     interfaces
virbr0          8000.52540024cafa       yes             virbr0-nic

虚拟机创建命令 #

我是用这条命令创建的虚拟机：

virt-install --name core --ram $((1024*4)) --file=fw-core.img --file=ubuntu-22.04.3-live-server-amd64.iso

备注：内容来源于stack exchange，提问作者Will