小贝子编程

libvrtd:host接口在虚拟机上使用macvtap时获得一个IP



我正在使用第二个以太网适配器作为KVM/QEMU中虚拟OPNsense安装的WAN。

一切都很好,但我注意到KVM主机本身也有一个IP地址,并为其安装了路由。我只希望虚拟OPNsense接口有一个IP,而不是主机接口。

KVM主机上的接口如下所示:

enx3c18a0057e95: flags=-28605<UP,BROADCAST,RUNNING,MULTICAST,DYNAMIC>  mtu 1500
inet 178.119.13.164  netmask 255.255.240.0  broadcast 178.119.15.255
inet6 fe80::3e18:a0ff:fe05:7e95  prefixlen 64  scopeid 0x20<link>
inet6 2a02:181f:0:6061:4016:4dfa:8cbc:23b3  prefixlen 128  scopeid 0x0<global>
ether 3c:18:a0:05:7e:95  txqueuelen 1000  (Ethernet)
RX packets 4255467  bytes 5047527392 (4.7 GiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2983482  bytes 829553375 (791.1 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

但是在/etc/network/interfaces中没有配置IP:

auto enx3c18a0057e95
iface enx3c18a0057e95 inet manual

此外,没有dhclient正在运行。

奇怪的是,所有其他vnet、macvtap和virbr都有APIPA 169.254.X.X地址。(见下表(

更多细节:

root@svr:~# for vm in $(virsh list | grep running | awk '{print $2}'); do echo "$vm: " && virsh dumpxml $vm | grep  "vnet" ; done
debian-vpn:
<target dev='vnet0'/>
<target dev='vnet1'/>
OPNsense:
<target dev='vnet2'/>
<target dev='vnet3'/>
root@svr:~# brctl show
bridge name bridge id       STP enabled interfaces
br0     8000.26a83932e330   no      eno1
vnet0
vnet2
virbr2      8000.525400315d13   yes     vnet1
vnet3
root@svr:~# ps aux | grep dhc
nobody      1298  0.0  0.0  11572  2276 ?        S    16:19   0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/VPN.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
root@svr:~# ip route
default via 192.168.1.1 dev br0 onlink
10.18.197.4/30 dev tap1 proto kernel scope link src 10.18.197.5
169.254.0.0/16 dev eno1 proto kernel scope link src 169.254.185.141
169.254.0.0/16 dev eno1.134 proto kernel scope link src 169.254.62.148
169.254.0.0/16 dev vnet1 proto kernel scope link src 169.254.77.229
169.254.0.0/16 dev vnet0 proto kernel scope link src 169.254.133.164
169.254.0.0/16 dev macvtap0 proto kernel scope link src 169.254.122.85
169.254.0.0/16 dev macvtap1 proto kernel scope link src 169.254.222.208
169.254.0.0/16 dev vnet3 proto kernel scope link src 169.254.174.42
169.254.0.0/16 dev vnet2 proto kernel scope link src 169.254.219.41
169.254.0.0/16 dev tap1 proto kernel scope link src 169.254.149.40
178.119.0.0/20 dev enx3c18a0057e95 proto kernel scope link src 178.119.13.164
178.119.0.1 dev enx3c18a0057e95 scope link
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.7
192.168.101.0/24 dev virbr2 proto kernel scope link src 192.168.101.1
195.130.130.5 via 178.119.0.1 dev enx3c18a0057e95
195.130.131.5 via 178.119.0.1 dev enx3c18a0057e95

路由表中的最后一个条目是它通过DHCP以某种方式获取的DNS服务器。

如何防止接口在主机上获得IP地址,并且只在虚拟机上拥有该地址?

感谢

搜索后,禁用dnsmasq、dhclient。。。。。原来connmand在运行

卸载的connman和所有主机接口看起来都很正常,不再有IP。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium