Linux

Linux GCE Linux 實例上具有靜態 IP 地址的兩個網路適配器

  • December 9, 2018

我想讓一個託管在 Google Compute Engine 上的 VM 具有 2 個靜態 IP 地址。為此,我創建了具有兩個網路適配器 (NIC) 的 VM,每個都允許我從它們各自的網路中“挑選”1 個靜態 IP 地址。正如 GCE 文件所說,這是使 VM 具有 2 個地址的唯一可能方法。一個適配器不能有多個靜態地址 :(

到目前為止,我能夠實現的是一次只製作一個 IP 來“工作”。從來沒有他們兩個。系統是Debian,我/etc/network/interfaces的如下:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
       address 10.0.1.2
       netmask 255.255.255.0
       network 10.0.1.0
       broadcast 10.0.1.255
       gateway 10.0.1.1
       dns-nameservers 8.8.8.8 8.8.4.4
       dns-search example.com


auto eth1
iface eth1 inet static
       address 10.0.2.2
       netmask 255.255.255.0
       network 10.0.2.0
       broadcast 10.0.2.255

…儘管'ifconfig'輸出表明一切正常,甚至顯示兩個介面(和 NIC)上的流量,但永遠無法聯繫到兩個 IP(10.0.1.2同時10.0.2.2)。我只能連接到其中一個10.0.1.210.0.2.2從外部連接,具體取決於我將哪個設置為 eth0 並重新啟動網路:

eth0      Link encap:Ethernet  HWaddr 42:01:0a:00:01:02
         inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:2552 errors:0 dropped:0 overruns:0 frame:0
         TX packets:2553 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:306760 (306.7 KB)  TX bytes:1392278 (1.3 MB)

eth1      Link encap:Ethernet  HWaddr 42:01:0a:00:02:02
         inet addr:10.0.2.2  Bcast:10.0.2.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:621 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:51913 (51.9 KB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:65536  Metric:1
         RX packets:149 errors:0 dropped:0 overruns:0 frame:0
         TX packets:149 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:44874 (44.8 KB)  TX bytes:44874 (44.8 KB)

lshw -class network顯示:

 *-network:0
      description: Ethernet interface
      product: Virtio network device
      vendor: Red Hat, Inc
      physical id: 4
      bus info: pci@0000:00:04.0
      logical name: eth0
      version: 00
      serial: 42:01:0a:00:01:02
      width: 32 bits
      clock: 33MHz
      capabilities: msix bus_master cap_list ethernet physical
      configuration: broadcast=yes driver=virtio_net driverversion=1.0.0 ip=10.0.1.2 latency=0 link=yes multicast=yes
      resources: irq:10 ioport:c040(size=64) memory:febfe000-febfe03f
 *-network:1
      description: Ethernet interface
      product: Virtio network device
      vendor: Red Hat, Inc
      physical id: 5
      bus info: pci@0000:00:05.0
      logical name: eth1
      version: 00
      serial: 42:01:0a:00:02:02
      width: 32 bits
      clock: 33MHz
      capabilities: msix bus_master cap_list ethernet physical
      configuration: broadcast=yes driver=virtio_net driverversion=1.0.0 ip=10.0.2.2 latency=0 link=yes multicast=yes
      resources: irq:10 ioport:c080(size=64) memory:febff000-febff03f

PS我正在添加命令的結果iptables -nvL

Chain INPUT (policy ACCEPT 1578 packets, 354K bytes)
pkts bytes target     prot opt in     out     source               destination
8781  544K f2b-dovecot-pop3imap  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993
1132 61887 f2b-pureftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21
1457  564K f2b-postfix-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25
20120 2175K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
11287  688K f2b-dovecot-pop3imap  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993
1511 82441 f2b-pureftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21
1773  585K f2b-postfix-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25
30811 3348K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
12528  760K f2b-dovecot-pop3imap  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993
1691 92225 f2b-pureftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21
1960  632K f2b-postfix-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25
36156 3948K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
16013  963K f2b-dovecot-pop3imap  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 110,995,143,993
2352  128K f2b-pureftpd  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 21
2656  846K f2b-postfix-sasl  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 25
48399 5280K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1735 packets, 987K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain f2b-dovecot-pop3imap (4 references)
pkts bytes target     prot opt in     out     source               destination
48609 2955K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain f2b-postfix-sasl (4 references)
pkts bytes target     prot opt in     out     source               destination
7846 2628K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain f2b-pureftpd (4 references)
pkts bytes target     prot opt in     out     source               destination
6669  364K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain f2b-sshd (4 references)
pkts bytes target     prot opt in     out     source               destination
  22  1728 REJECT     all  --  *      *       52.21.230.131        0.0.0.0/0            reject-with icmp-port-unreachable
  22  1728 REJECT     all  --  *      *       185.207.232.232      0.0.0.0/0            reject-with icmp-port-unreachable
  22  1728 REJECT     all  --  *      *       136.159.103.234      0.0.0.0/0            reject-with icmp-port-unreachable
  17  1232 REJECT     all  --  *      *       118.97.22.162        0.0.0.0/0            reject-with icmp-port-unreachable
132K   15M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
   0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

還有命令的輸出route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
10.0.1.0        *               255.255.255.0   U     0      0        0 eth0
10.0.2.0        *               255.255.255.0   U     0      0        0 eth1

如何使兩個 IP 和兩個 NIC 都工作。從外部對其中任何一個都沒有 ping,具體取決於哪個 eth 在/etc/network/interfaces?

最後,我確實做到了。以下文章幫助了我: https ://www.thomas-krenn.com/en/wiki/Two_Default_Gateways_on_One_System

為了使兩個 NIC 同時與不同的網關一起工作,我們需要第二個路由表。讓我們命名它rt2。請遵循以下程序:

  1. 確保您已iproute2安裝: sudo apt-get install iproute2
  2. 通過編輯添加第二個路由表,將以/etc/iproute2/rt_tables下行添加到文件中:

1 rt2 3. 確保第二個介面eth1 沒有gateway定義 4. 將以/etc/network/interfaces下行添加到第二個界面eth1

post-up ip route add 10.0.2.0/24 dev eth1 src 10.0.2.2 table rt2 post-up ip route add default via 10.0.2.1 dev eth1 table rt2 post-up ip rule add from 10.0.2.2/32 table rt2 post-up ip rule add to 10.0.2.2/32 table rt2

更改是永久性的,重新啟動後,我確實可以從外向內(傳入)訪問兩個 IP 地址。當從內到外(傳出)進行連接時,eth0使用它,因為它是預設設置。

我的決賽/etc/network/interfaces現在看起來像這樣:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
       address 10.0.1.2
       netmask 255.255.255.0
       network 10.0.1.0
       broadcast 10.0.1.255
       gateway 10.0.1.1
       dns-nameservers 8.8.8.8 8.8.4.4
       dns-search example.com


auto eth1
iface eth1 inet static
       address 10.0.2.2
       netmask 255.255.255.0
       network 10.0.2.0
       broadcast 10.0.2.255
       ###################################################################### gateway 10.0.2.1
       dns-nameservers 8.8.8.8 8.8.4.4
       dns-search example.com
       post-up ip route add 10.0.2.0/24 dev eth1 src 10.0.2.2 table rt2
       post-up ip route add default via 10.0.2.1 dev eth1 table rt2
       post-up ip rule add from 10.0.2.2/32 table rt2
       post-up ip rule add to 10.0.2.2/32 table rt2

乍一看,你錯過了:

   gateway 10.0.1.1
   dns-nameservers 8.8.8.8 8.8.4.4

對於第二個適配器。另外,您的以下輸出是什麼:

iptables -nvL

路線

引用自:https://serverfault.com/questions/942538

相關問答

Linux

如何為單個 KVM 虛擬機配置多個 Tap 介面

  • March 11, 2017
檢視問答
Linux

OVH 和 Proxmox 網路設置

  • October 10, 2016
檢視問答
Linux

KVM-Guests 無法通過網橋 - 沒有網際網路連接

  • January 11, 2013
檢視問答
Linux

即使在 gcloud 上添加持久性儲存後,設備上也沒有剩餘空間

  • April 18, 2022
檢視問答
Linux

如何強制 Linux 從 DHCP 伺服器重新獲取新的 IP 地址?

  • January 26, 2022
檢視問答
Linux

魷魚載入一些網站很慢

  • October 21, 2021
檢視問答