PVE网络设置 NAT和交换机混合模式设置

eno1是机器上的网卡，vmbr0是虚拟交换机，把需要交换机模式联网的机器挂到它下面，跟默认的模式一样。实际上上述操作就是添加了一个vmbr1作为nat，虚拟网段为192.168.250.(2-255)。需要以nat联网的设备挂在它下面。最后那些iptables命令是进行端口转发的命令。下面是NAT模式的lxc或虚拟机的网络设备设置示例。编辑/etc/network/interfaces。

Zyt2048

2917人浏览 · 2024-03-07 23:03:10

Zyt2048 · 2024-03-07 23:03:10 发布

编辑/etc/network/interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

allow-hotplug eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 192.168.250.1
        netmask 255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.250.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.250.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 192.168.250.100:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22100 -j DNAT --to 192.168.250.100:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 192.168.250.101:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 192.168.250.101:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 192.168.250.102:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 192.168.250.102:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 192.168.250.103:22
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 192.168.250.103:22
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.250.101:80
        post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.250.101:80

source /etc/network/interfaces.d/*