我有一个 Fedora 26 QEMU 来宾 VM,其 LAMP 应用程序在 Fedora 25 主机上运行。我可以从来宾和主机访问来宾 Web 服务器,但我无法从本地 LAN 上的其他系统访问它——我希望能够做到这一点。
我在我的路由器 (LEDE) 中放置了一个主机静态路由条目,以将 F26 访客的静态 IPv4 地址 (192.168.122.186) 路由到 F25 主机。F25 主机已有 virbr0 v-interface (192.168.122.0/24) 的网络路由条目。
似乎 F25 主机防火墙阻止了访问,因为当我在 F25 主机上禁用 firewalld 时,它会按要求工作。
我很感激关于如何在这种类型的配置中争论 firewalld 的指针。
编辑 2017/12/11:
我开始时只有一个 firewalld 区域(公共),但现在我正在尝试 2 个(公共和内部)。下面显示的“服务”(端口)一直是打开的。特别是 http 和 https 是我需要工作的。
我需要将来自本地 LAN 10.3.2.0/24 设备(当然 F25 主机除外)的流量通过 F25 主机路由到 F26 来宾 VM。正如我之前所写,路由似乎正在工作,除非 firewalld 在 F25 主机上运行 - 在这种情况下,此流量被阻止。
我花了很多时间搜索,有两个反复出现的主题,转发和伪装。然而,所建议的一切都没有达到我的要求。
我怎样才能做到这一点?发送
========== running: firewall-cmd --get-zones ===========
FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work
========== running: firewall-cmd --get-active-zones ===========
internal
interfaces: virbr0
public
interfaces: enp0s31f6
========== running: firewall-cmd --get-default-zone ===========
public
========== running: firewall-cmd --zone=public --list-all ===========
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s31f6
sources:
services: mdns ssh dhcpv6-client http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
========== running: firewall-cmd --zone=internal --list-all ===========
internal (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: ssh http https dhcpv6-client mdns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ ifconfig -a # on the F25 host
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.3.2.10 netmask 255.255.255.0 broadcast 10.3.2.255
inet6 xxxxxxxxxxxxxxxxxxxxxxxxx prefixlen 64 scopeid 0x20<link>
inet6 xxxxxxxxxxxxxxxxxxx prefixlen 128 scopeid 0x0<global>
inet6 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx prefixlen 64 scopeid 0x0<global>
ether xxxxxxxxxxxxxxxxx txqueuelen 1000 (Ethernet)
RX packets 145 bytes 16680 (16.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 217 bytes 27947 (27.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf7000000-f7020000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24 bytes 2056 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 2056 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:93:ae:d3 txqueuelen 1000 (Ethernet)
RX packets 99 bytes 11189 (10.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 73 bytes 9612 (9.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:93:ae:d3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe7c:437c prefixlen 64 scopeid 0x20<link>
ether fe:54:00:7c:43:7c txqueuelen 1000 (Ethernet)
RX packets 99 bytes 12575 (12.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 195 bytes 17988 (17.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.3.2.1 0.0.0.0 UG 0 0 0 enp0s31f6
10.3.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s31f6
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0