NAT偽裝第二個容器網路

我有 1 個公共 IP，並希望與執行 Centos 的 LXC 容器共享 Internet 連接（在此設置中），主機執行 proxmox（基於 debian）。如果我理解正確，我需要 NAT 偽裝，問題是，我創建的第二個容器無法訪問網路。

主機上的設置：

如果配置：

eth0      Link encap:Ethernet  HWaddr 0c:c4:7a:d9:1f:e8
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:15789748 errors:0 dropped:3170 overruns:0 frame:0
         TX packets:6323926 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:13693916365 (12.7 GiB)  TX bytes:1077829250 (1.0 GiB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:65536  Metric:1
         RX packets:11041 errors:0 dropped:0 overruns:0 frame:0
         TX packets:11041 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1
         RX bytes:3907254 (3.7 MiB)  TX bytes:3907254 (3.7 MiB)

veth104i0 Link encap:Ethernet  HWaddr fe:b4:26:dc:aa:ac
         inet6 addr: fe80::fcb4:26ff:fedc:aaac/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:663 errors:0 dropped:0 overruns:0 frame:0
         TX packets:10100 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:62852 (61.3 KiB)  TX bytes:883353 (862.6 KiB)

veth105i0 Link encap:Ethernet  HWaddr fe:69:8f:16:a3:40
         inet6 addr: fe80::fc69:8fff:fe16:a340/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:447158 errors:0 dropped:0 overruns:0 frame:0
         TX packets:401684 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:46903237 (44.7 MiB)  TX bytes:5625117349 (5.2 GiB)

vmbr0     Link encap:Ethernet  HWaddr 0c:c4:7a:d9:1f:e8
         inet addr:*public IP* Bcast:*****  Mask:255.255.0.0
         inet6 addr:**** Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:503891 errors:0 dropped:0 overruns:0 frame:0
         TX packets:527129 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:5637105768 (5.2 GiB)  TX bytes:61721641 (58.8 MiB)

vmbr1     Link encap:Ethernet  HWaddr fe:69:8f:16:a3:40
         inet addr:10.10.10.254  Bcast:10.10.10.255  Mask:255.255.255.0
         inet6 addr: fe80::b42e:2eff:fe1a:5640/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:447158 errors:0 dropped:0 overruns:0 frame:0
         TX packets:401684 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:40643025 (38.7 MiB)  TX bytes:5625117349 (5.2 GiB)

iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.10.10.0/24       !10.10.10.0/24
MASQUERADE  all  --  10.10.10.0/24        anywhere
MASQUERADE  all  --  10.10.10.0/24       !10.10.10.0/24

/etc/網路/介面

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet dhcp
       netmask 255.255.255.0
       gateway 143.169.254.254
       bridge_ports eth0
       bridge_stp off
       bridge_fd 0

auto vmbr1
iface vmbr1 inet static
       address 10.10.10.254
       netmask 255.255.255.0
       network 10.10.10.0
       broadcast 10.10.10.255
       bridge_ports none
       bridge_stp off
       bridge_fd 0
       post-up echo 1 > /proc/sys/net/ipv4/ip_forward
       post-up         iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
       post-up         iptables -t nat -A POSTROUTING -s '10.10.10.0/24' ! -d '10.10.10.0/24' -o vmbr0 -j MASQUERADE
       post-down       iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

路線-n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         *public gateway* 0.0.0.0         UG    0      0        0 vmbr0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 vmbr1
xxx.xxx.0.0     0.0.0.0         255.255.0.0     U     0      0        0 vmbr0

在兩個容器上（私有 IP 不同）：

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.10.254    0.0.0.0         UG    0      0        0 eth0
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1031   0        0 eth0

如果配置

eth0      Link encap:Ethernet  HWaddr 2E:15:95:39:D1:17
         inet addr:10.10.10.4  Bcast:10.10.10.255  Mask:255.255.255.0
         inet6 addr: fe80::2c15:95ff:fe39:d117/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:12437 errors:0 dropped:38 overruns:0 frame:0
         TX packets:665 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:1106036 (1.0 MiB)  TX bytes:63024 (61.5 KiB)

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.10.10.4
NETMASK=255.255.255.0
GATEWAY=10.10.10.254

如何獲得兩個容器的網路，系統管理員通常如何找出這裡執行的錯誤？我可以從第一個容器 ping 到主機。但不是從第二個容器到主機或鄰居。

在 proxmox 界面中有一個選擇，可以設置您可以指向的虛擬網橋。這是錯誤的：

引用自：https://serverfault.com/questions/816889