Проблемы с сетевым интерфейсом / dhcp Ubuntu с KVM и сетевым мостом

Я искренне удивлен, что никто не упомянул очевидный ответ -

Отбросьте DHCP и используйте статическую IP-адресацию. Вы можете продолжить с NAT ETC, просто не назначайте IP-адреса из пула DHCP, но в той же подсети, и все должно работать надежно и предсказуемо.

Все, что вам нужно сделать, чтобы включить статическую IP-адресацию, это изменить

авто eth0 iface eth0 inet dhcp 

в

авто eth0 адрес XXXX iface eth0 inet static маска сети 255.255.255.0  шлюз XXXY 

Убедитесь, что шлюз является адресом, назначенным KVM (если вы выполните / sbin / route -n, он покажет вам шлюз по умолчанию - это IP-адрес для использования).

Выстрел в темноте:

ethX не должен ничего DHCP.

С машины, основанной на Proxmox, результат ifconfig (с мостом vmbr0 к eth1 (единственный реальный, подключенный NIC, потому что это gbit)), я получаю:

eth0 Link encap:Ethernet HWaddr 00:30:67:4f:48:57  UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000  RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:27 Base address:0x4000   eth1 Link encap:Ethernet HWaddr 54:e6:fc:80:06:9b  inet6 addr: fe80::56e6:fcff:fe80:69b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:209503 errors:0 dropped:0 overruns:0 frame:0 TX packets:22361 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000  RX bytes:46807271 (44.6 MiB) TX bytes:1558940 (1.4 MiB) Interrupt:16 Base address:0x8000   lo Link encap:Local Loopback  inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:24031 errors:0 dropped:0 overruns:0 frame:0 TX packets:24031 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0  RX bytes:2462584 (2.3 MiB) TX bytes:2462584 (2.3 MiB)  venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  inet6 addr: fe80::1/128 Scope:Link UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:3 overruns:0 carrier:0 collisions:0 txqueuelen:0  RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)  vmbr0 Link encap:Ethernet HWaddr 54:e6:fc:80:06:9b  inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::56e6:fcff:fe80:69b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:196981 errors:0 dropped:0 overruns:0 frame:0 TX packets:10585 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0  RX bytes:43275844 (41.2 MiB) TX bytes:784636 (766.2 KiB) 

Лучшее, что у меня есть.

Another shot in the dark:

you could try to disable IPv6 control in Networkmanager: set it from Method:"Automatic" to Method "Ignore"

that solved this kind of problem to me once.

if that doesen't work, you should examin the output of

tail -f /var/log/syslog

while the connection gets lost and reconnects

another hint can be gained by examining a tcpdump of networkmanager

If you're using a bridge to connect your VMs to the same network as eth0, you should generally not need to do any NATing. You should only need to perform the following five steps:

• Configure your hypervisor to use the appropriate bridge interface. KVM is just something provided by the kernel. A hypervisor may use that to implement a virtual machine. If the hypervisor is set to use virbr0 but you configured br0, you will of course have issues. It seems that virbr0 is what your hypervisor set up automagically, so at this point you only need to make sure your VMs use that interface (I would assume that is already done) and that eth0 has been added to it (i.e., sudo brctl addif virbr0 eth0)
• Make sure all the relevant links are up (i.e., sudo ip link set dev eth0 up; sudo ip link set dev virbr0 up). Prefer ip from the iproute2 package; ifconfig from the net-tools package is long deprecated, though it should work still for something so basic.
• Enable IP forwarding in the kernel (i.e., sysctl net.ipv4.ip_forward=1)

• Set your firewall to allow the bridged traffic. If you're not particularly picky or concerned about people sending arbitrary traffic to your VMs, you can just do the following to allow any traffic through:

  • If bridged traffic is visible to iptables (i.e., net.bridge.bridge-nf-call-iptables = 1):
    • Flush the iptables FORWARD chain (iptables -F FORWARD) in table filter.
    • Set its policy to ACCEPT (iptables -P FORWARD ACCEPT).
    • Make sure you're not doing filtering in any other tables (which you shouldn't, as it isn't their purpose).
  • If bridged traffic is visible to arptables (i.e., net.bridge.bridge-nf-call-arptables = 1), you'll need to do something similar to the above for the IN and OUT chains in table filter (the only table in fact).
  • Again, do something similar for ebtables. No need to check whether a certain sysctl is set, it is always relevant for bridged traffic.

  I have omitted the details for the last two since it's quite unlikely that you're system has any configuration there. You may not even have them installed on your system, in which case you can just skip those steps.

• Make sure you're not ARP proxying. You probably don't need need it (e.g., for something completely unrelated to this question) and are probably not doing it, so just sudo sysctl net.ipv4.conf.all.proxy_arp=0. If you are bridging, you shouldn't proxy ARP for such a simple example.

To my knowledge, there is no such thing as "NAT forwarding". Did you just mean plain IP forwarding (not the same thing as ethernet bridging either)? Did you mean port forwarding? Just forwarding the bootps (67) and bootpc (68) ports (used by the DHCP server and client respectively) and NATing everything else is a very queer setup and will make debugging things hard.