kvm桥接网络不通linux,KVM Ubuntu Guest无法在桥接网络上连接到Internet

我有Ubuntu 14.04(64位)KVM主机和2个NIC：

– eth0连接到“公共”网络

– eth1通过私有IP地址范围连接到br0网桥

从主机我可以访问互联网,ping VM Guest并通过SSH连接到它.

从VM Guest我只能ping主机,但无法访问Internet而无法ping google.com

请帮助我在下面的设置中将VM Guest连接到互联网：

在主持人：

的/ etc /网络/接口

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 192.168.2.60

netmask 255.255.255.0

gateway 192.168.2.254

dns-nameservers 8.8.8.8

auto eth1

iface eth1 inet manual

auto br0

iface br0 inet static

address 10.0.0.1

netmask 255.255.255.0

bridge_ports eth1

bridge_stp off

bridge_maxwait 0

bridge_fd 0

# Create and destroy the bridge automatically.

pre-up brctl addbr br0

ip link set dev br0 up

post-up /usr/sbin/brctl setfd br0 0 addif br0 eth1

post-down brctl delbr br0

KVM网络定义为：

br0-net

9d24b473-0b4d-4cfa-8b12-7bf267d856ae

#sysctl -p /etc/sysctl.conf

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

#route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0

10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

#iptables -t nat -vnL

Chain PREROUTING (policy ACCEPT 0 packets,0 bytes)

pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets,0 bytes)

pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets,0 bytes)

pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets,0 bytes)

pkts bytes target prot opt in out source destination

在VM Guest：

的/ etc /网络/接口

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 10.0.0.11

netmask 255.255.255.0

Guest xml定义为

#route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0

10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

#iptables -t nat -vnL

Chain PREROUTING (policy ACCEPT 0 packets,0 bytes)

pkts bytes target prot opt in out source destination

来自Guest的Ping KVM主机适用于10.0.0.1和192.168.2.60：

$ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.

64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.555 ms

$ping 192.168.2.60

PING 192.168.2.60 (192.168.2.60) 56(84) bytes of data.

64 bytes from 192.168.2.60: icmp_seq=1 ttl=64 time=0.772 ms

从Guest ping另一台计算机192.168.2.3不起作用：

--- 192.168.2.3 ping statistics ---

277 packets transmitted,0 received,100% packet loss,time 276399ms

来自Guest的ping google.com不起作用：

ping: unknown host google.com