ubuntu使用-ubuntu23.10中使QEMU的虚拟机与外部网络通信
ubuntuqemu银河麒麟参考了文档/网络/NAT和qemu aarch64虚拟机创建好后,使用NAT连接网络两个网页。
一、概述
要配置NAT网络,首先创建一个脚本/etc/qemu-ifup,这个脚本的作用是创建一个与任何物理端口都无关的网桥。给这个网桥配置一个静态IP地址,作为虚拟网络的网关。使用iptables创建一些规则来伪装从网桥到主机网络的流量。最后,在该桥接接口上运行dnsmasq来充当虚拟网络的DHCP和DNS服务器。
二、安装软件工具
sudo apt install bridge-utils iptables dnsmasq三、编辑脚本
从文档/网络/NAT中复制脚本内容,并保存为/etc/qemu-ifup。脚本内容如下:
#!/bin/sh
#
# Copyright IBM, Corp. 2010
#
# Authors:
# Anthony Liguori <aliguori@us.ibm.com>
#
# This work is licensed under the terms of the GNU GPL, version 2. See
# the COPYING file in the top-level directory.
# Set to the name of your bridge
BRIDGE=br0
# Network information
NETWORK=192.168.53.0
NETMASK=255.255.255.0
GATEWAY=192.168.53.1
DHCPRANGE=192.168.53.2,192.168.53.254
# Optionally parameters to enable PXE support
TFTPROOT=
BOOTP=
do_brctl() {
brctl "$@"
}
do_ifconfig() {
ifconfig "$@"
}
do_dd() {
dd "$@"
}
do_iptables_restore() {
iptables-restore "$@"
}
do_dnsmasq() {
dnsmasq "$@"
}
check_bridge() {
if do_brctl show | grep "^$1" > /dev/null 2> /dev/null; then
return 1
else
return 0
fi
}
create_bridge() {
do_brctl addbr "$1"
do_brctl stp "$1" off
do_brctl setfd "$1" 0
do_ifconfig "$1" "$GATEWAY" netmask "$NETMASK" up
}
enable_ip_forward() {
echo 1 | do_dd of=/proc/sys/net/ipv4/ip_forward > /dev/null
}
add_filter_rules() {
do_iptables_restore <<EOF
# Generated by iptables-save v1.3.6 on Fri Aug 24 15:20:25 2007
*nat
:PREROUTING ACCEPT [61:9671]
:POSTROUTING ACCEPT [121:7499]
:OUTPUT ACCEPT [132:8691]
-A POSTROUTING -s $NETWORK/$NETMASK -j MASQUERADE
COMMIT
# Completed on Fri Aug 24 15:20:25 2007
# Generated by iptables-save v1.3.6 on Fri Aug 24 15:20:25 2007
*filter
:INPUT ACCEPT [1453:976046]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1605:194911]
-A INPUT -i $BRIDGE -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i $BRIDGE -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i $BRIDGE -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i $BRIDGE -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i $1 -o $1 -j ACCEPT
-A FORWARD -s $NETWORK/$NETMASK -i $BRIDGE -j ACCEPT
-A FORWARD -d $NETWORK/$NETMASK -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Aug 24 15:20:25 2007
EOF
}
start_dnsmasq() {
do_dnsmasq \
--strict-order \
--except-interface=lo \
--interface=$BRIDGE \
--listen-address=$GATEWAY \
--bind-interfaces \
--dhcp-range=$DHCPRANGE \
--conf-file="" \
--pid-file=/var/run/qemu-dnsmasq-$BRIDGE.pid \
--dhcp-leasefile=/var/run/qemu-dnsmasq-$BRIDGE.leases \
--dhcp-no-override \
${TFTPROOT:+"--enable-tftp"} \
${TFTPROOT:+"--tftp-root=$TFTPROOT"} \
${BOOTP:+"--dhcp-boot=$BOOTP"}
}
setup_bridge_nat() {
if check_bridge "$1" ; then
create_bridge "$1"
enable_ip_forward
add_filter_rules "$1"
start_dnsmasq "$1"
fi
}
setup_bridge_vlan() {
if check_bridge "$1" ; then
create_bridge "$1"
start_dnsmasq "$1"
fi
}
setup_bridge_nat "$BRIDGE"
if test "$1" ; then
do_ifconfig "$1" 0.0.0.0 up
do_brctl addif "$BRIDGE" "$1"
fi四、增加脚本运行权限
chomd 755 /etc/qemu-ifup五、在虚拟机中登录百度
在虚拟机的存放位置,使用如下命令启动虚拟机。重点是增加了-net tap -net nic这两选项。
sudo qemu-system-aarch64 -m 4096 -cpu cortex-a72 -smp 4,cores=4,threads=1,sockets=1 -M virt -bios QEMU_EFI.fd -net nic,model=pcnet -device nec-usb-xhci -device usb-kbd -device usb-mouse -device VGA -device virtio-scsi-device -drive if=none,file=rootfs.qcow2,id=hd0 -device virtio-blk-device,drive=hd0 -net tap -net nic启动后用网页登录百度,没有问题。
六、在主机中ping虚拟机
在主机上修改上面所创建的脚本,把其中关于icmp的两行注释掉。然后重启虚拟机。就可以ping通了。
七、在主机中使用ssh登录虚拟机
在虚拟机中使用如下命令安装并设置ssh服务。
sudo apt install openssh-server
sudo systemctl start ssh
sudo systemctl enable ssh在主机上使用ssh命令远程登录,这里,银河麒麟的安全管家会提示有人用远程登录,问是否要放行,选择放行。就可以登录了。
结束。