qemu aarch64虚拟机创建好后,使用NAT连接网络
参考官方文档 https://wiki.qemu.org/Documentation/Networking/NAT
宿主机上创建文件 /etc/qemu-ifup,内容如下
#!/bin/sh
#
# Copyright IBM, Corp. 2010
#
# Authors:
# Anthony Liguori <aliguori@us.ibm.com>
#
# This work is licensed under the terms of the GNU GPL, version 2. See
# the COPYING file in the top-level directory.
# Set to the name of your bridge
BRIDGE=br0
# Network information
NETWORK=192.168.53.0
NETMASK=255.255.255.0
GATEWAY=192.168.53.1
DHCPRANGE=192.168.53.2,192.168.53.254
# Optionally parameters to enable PXE support
TFTPROOT=
BOOTP=
do_brctl() {
brctl "$@"
}
do_ifconfig() {
ifconfig "$@"
}
do_dd() {
dd "$@"
}
do_iptables_restore() {
iptables-restore "$@"
}
do_dnsmasq() {
dnsmasq "$@"
}
check_bridge() {
if do_brctl show | grep "^$1" > /dev/null 2> /dev/null; then
return 1
else
return 0
fi
}
create_bridge() {
do_brctl addbr "$1"
do_brctl stp "$1" off
do_brctl setfd "$1" 0
do_ifconfig "$1" "$GATEWAY" netmask "$NETMASK" up
}
enable_ip_forward() {
echo 1 | do_dd of=/proc/sys/net/ipv4/ip_forward > /dev/null
}
add_filter_rules() {
do_iptables_restore <<EOF
# Generated by iptables-save v1.3.6 on Fri Aug 24 15:20:25 2007
*nat
:PREROUTING ACCEPT [61:9671]
:POSTROUTING ACCEPT [121:7499]
:OUTPUT ACCEPT [132:8691]
-A POSTROUTING -s $NETWORK/$NETMASK -j MASQUERADE
COMMIT
# Completed on Fri Aug 24 15:20:25 2007
# Generated by iptables-save v1.3.6 on Fri Aug 24 15:20:25 2007
*filter
:INPUT ACCEPT [1453:976046]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1605:194911]
-A INPUT -i $BRIDGE -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i $BRIDGE -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i $BRIDGE -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i $BRIDGE -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i $1 -o $1 -j ACCEPT
-A FORWARD -s $NETWORK/$NETMASK -i $BRIDGE -j ACCEPT
-A FORWARD -d $NETWORK/$NETMASK -o $BRIDGE -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o $BRIDGE -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i $BRIDGE -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Aug 24 15:20:25 2007
EOF
}
start_dnsmasq() {
do_dnsmasq \
--strict-order \
--except-interface=lo \
--interface=$BRIDGE \
--listen-address=$GATEWAY \
--bind-interfaces \
--dhcp-range=$DHCPRANGE \
--conf-file="" \
--pid-file=/var/run/qemu-dnsmasq-$BRIDGE.pid \
--dhcp-leasefile=/var/run/qemu-dnsmasq-$BRIDGE.leases \
--dhcp-no-override \
${TFTPROOT:+"--enable-tftp"} \
${TFTPROOT:+"--tftp-root=$TFTPROOT"} \
${BOOTP:+"--dhcp-boot=$BOOTP"}
}
setup_bridge_nat() {
if check_bridge "$1" ; then
create_bridge "$1"
enable_ip_forward
add_filter_rules "$1"
start_dnsmasq "$1"
fi
}
setup_bridge_vlan() {
if check_bridge "$1" ; then
create_bridge "$1"
start_dnsmasq "$1"
fi
}
setup_bridge_nat "$BRIDGE"
if test "$1" ; then
do_ifconfig "$1" 0.0.0.0 up
do_brctl addif "$BRIDGE" "$1"
fi
修改一下权限,不然会报错
chmod 755 /etc/qemu-ifup
随后在启动命令中加入对网络的设置,参数 -net tap -net nic,完整命令如下
qemu-system-aarch64 -m 5G -cpu cortex-a57 -smp 4 -net tap -net nic -boot order=cd -M virt -bios /home/wang/qemu_test/QEMU_EFI.fd -nographic -drive if=none,file=centos-arm64.img,format=raw,id=hd0 -device virtio-blk-device,drive=hd0
启动虚拟机之后,发现终端提示eth0网口有点问题,似乎没启动,于是ifup一下
localhost login: root
Password:
[ 125.563194] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 130.603779] Ebtables v2.0 registered
Last login: Wed Nov 3 15:42:24 on ttyAMA0
[ 142.346792] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[root@localhost ~]#
[root@localhost ~]# ls
[ 145.148152] nf_conntrack version 0.5.0 (65536 buckets, 262144 max)
anaconda-ks.cfg
[root@localhost ~]# ifup eth0
[ 151.558053] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[ 153.572411] Netfilter messages via NETLINK v0.30.
[ 153.877478] ip_set: protocol 6
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.53.76/24 brd 192.168.53.255 scope global noprefixroute dynamic eth0
valid_lft 3594sec preferred_lft 3594sec
inet6 fe80::434:d175:e944:f9ab/64 scope link noprefixroute
valid_lft forever preferred_lft forever
发现已经获取到了地址,尝试ping一下宿主机和外网,都成功了
[root@localhost ~]# ping 192.168.137.2
PING 192.168.137.2 (192.168.137.2) 56(84) bytes of data.
64 bytes from 192.168.137.2: icmp_seq=1 ttl=64 time=3.62 ms
64 bytes from 192.168.137.2: icmp_seq=2 ttl=64 time=1.39 ms
64 bytes from 192.168.137.2: icmp_seq=3 ttl=64 time=1.14 ms
64 bytes from 192.168.137.2: icmp_seq=4 ttl=64 time=1.18 ms
64 bytes from 192.168.137.2: icmp_seq=5 ttl=64 time=1.74 ms
--- 192.168.137.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4011ms
rtt min/avg/max/mdev = 1.142/1.818/3.629/0.930 ms
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.39) 56(84) bytes of data.
64 bytes from 14.215.177.39 (14.215.177.39): icmp_seq=1 ttl=50 time=39.0 ms
64 bytes from 14.215.177.39 (14.215.177.39): icmp_seq=2 ttl=50 time=38.0 ms
64 bytes from 14.215.177.39 (14.215.177.39): icmp_seq=3 ttl=50 time=38.3 ms
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 38.072/38.483/39.072/0.456 ms
搞定,下一步就是配置yum源装软件,打包镜像之类的了~
