帶有 NIC 子介面/別名的 Ubuntu 16.04 上具有公共 IP 的 KVM

我想在不影響其他網路（ens3、ens3:0- >3)。

問題是我的 VPS 只有一個物理網卡。其他 IP 是別名，如下圖所示。如果我橋接ens3，別名不會被取消嗎？

我完全按照本指南進行操作，但sshVM (@xx5.5) 連接到主 NIC/主機 (@88.88.88.88)。ssh到本地 IP (@192.168.122.101) 連接到 VM。

我應該如何在 VPS 上配置網路，使其為每個 VM（目前是一個 VM）分配一個可以連接到 Internet 並充當網路伺服器的私有 IP？如果 Ubuntu 16.04 無法實現所需的設置，是否可以升級到 18/20.04？

配置：

• OVH VPS
• Ubuntu 16.04
• 虛擬機
• ufw
• virtualmin / webmin

網路（簡化）：

Internet
  \
  |
  +------------------------+
  | Ubuntu server          | virbr0 (192.168.122.1/24)
  +------------------------+ NAT
  | ens3: 88.88.88.88      |                    Static IP for VM
  +----------------+-------------+------------+-----------------+
  | ens3:0 x.x.1.1 |             | site1.com  | Virtualmin->www
  +----------------+-------------+------------+-----------------+
  | ens3:1 x.x.2.2 |             | site2.com  | Virtualmin->www
  +----------------+-------------+------------+-----------------+
  | ens3:2 x.x.3.3 |             | site3.com  | Virtualmin->www
  +----------------+-------------+------------+-----------------+
  | ens3:3 x.x.4.4 |             | site4.com  | Virtualmin->www
  +----------------+-------------+------------+-----------------+
  | ens3:4 x.x.5.5 |             | VM1/Ubuntu | 192.168.122.101
  +----------------+-------------+------------+-----------------+

目前IP配置：

root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
   link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff
   inet 88.88.88.88/32 brd 88.88.88.88 scope global ens3
      valid_lft forever preferred_lft forever
   inet x.x.1.1/32 brd x.x.1.1 scope global ens3:0
      valid_lft forever preferred_lft forever
   inet x.x.2.2/32 brd x.x.2.2 scope global ens3:1
      valid_lft forever preferred_lft forever
   inet x.x.3.3/32 brd x.x.3.3 scope global ens3:2
      valid_lft forever preferred_lft forever
   inet x.x.4.4/32 brd x.x.4.4 scope global ens3:3
      valid_lft forever preferred_lft forever
   inet x.x.5.5/32 brd x.x.5.5 scope global ens3:4
      valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
   link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
      valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
   link/ether 51:52:00:c9:9b:7d brd ff:ff:ff:ff:ff:ff
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UNKNOWN group default qlen 1000
   link/ether 50:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff

root:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
   link/ether fa:06:3f:2c:05:3b brd ff:ff:ff:ff:ff:ff

virsh 配置：

root:~# virsh net-dumpxml default
<network connections='1'>
 <name>default</name>
 <uuid>54b584b8-b2f5-45cb-a8e1-8d75540dc1a8</uuid>
 <forward mode='nat'>
   <nat>
     <port start='1024' end='65535'/>
   </nat>
 </forward>
 <bridge name='virbr0' stp='on' delay='0'/>
 <mac address='51:52:00:c9:9b:7d'/>
 <ip address='192.168.122.1' netmask='255.255.255.0'>
   <dhcp>
 <range start='192.168.122.2' end='192.168.122.254'/>
   </dhcp>
 </ip>
</network>

root:~# virsh domifaddr dpcloud
Name       MAC address          Protocol     Address
-------------------------------------------------------------------------------
vnet0      50:54:00:46:ea:7c    ipv4         192.168.122.101/24

root:~# ssh user@192.168.122.101
...

root:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 52:54:00:46:ea:7c brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.101/24 brd 192.168.122.255 scope global dynamic ens2
      valid_lft 3470sec preferred_lft 3470sec
   inet6 fe80::5054:ff:fe46:ea7c/64 scope link 
      valid_lft forever preferred_lft forever

我最終在這裡遵循@ChaoxiangN 的建議：

1. 刪除別名
2. 設置網橋 (br0) 並向其添加其他 IP
3. 使用自己的橋接網路 (virbr0) 設置 KVM 虛擬機

然後，我使用 iptables 啟用了 NAT，而不是“4/ 在來賓內部，配置 ipv4 以使用其他 IP”：

root:~# iptables -t nat -I PREROUTING -p tcp -d 111.122.133.144 --dport 1:65535 -j DNAT --to-destination 192.168.122.88:1-65535
root:~# iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

注意：111.122.133.144= 公共 IP，192.168.122.88= VM1 IP

ssh user@111.122.133.144
...

user@VM1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 52:32:00:11:20:88 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.88/24 brd 192.168.122.255 scope global dynamic enp1s0
      valid_lft 3576sec preferred_lft 3576sec
   inet6 fe80::5054:ff:fe73:2096/64 scope link 
      valid_lft forever preferred_lft forever

引用自：https://serverfault.com/questions/1030078