Virtualisation Ping Iptables
Bonjour,
Voici un autre souci : Je n'ai plus accès à internet à partir de mes VM
Lorsque je ping un DNS de google, Cette erreur s'affiche : Destination Port Unreachable
J'ai fait des recherches mais je ne trouve pas de solution. A savoir que cela fonctionnait avant un reboot de l'hyperviseur.
(Pb d'iptables ?)
Résultat de "ip a" sur l'hyperviseur :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 78:2b:cb:28:62:06 brd ff:ff:ff:ff:ff:ff
inet 88.XX.XX.XX/24 brd 88.XX.XX.255 scope global eth0
inet6 2a01:e0b:1000:29:7a2b:cbff:fe28:6206/64 scope global dynamic
valid_lft 2591997sec preferred_lft 604797sec
inet6 fe80::7a2b:cbff:fe28:6206/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 78:2b:cb:28:62:07 brd ff:ff:ff:ff:ff:ff
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether fe:54:00:63:54:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe63:5488/64 scope link
valid_lft forever preferred_lft forever
13: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether fe:54:00:c3:a2:c0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fec3:a2c0/64 scope link
valid_lft forever preferred_lft forever
14: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether fe:54:00:a1:91:f0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea1:91f0/64 scope link
valid_lft forever preferred_lft forever
15: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether fe:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe40:4b52/64 scope link
valid_lft forever preferred_lft forever
16: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether fe:54:00:f2:19:d0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fef2:19d0/64 scope link
valid_lft forever preferred_lft forever |
Résultat de "ip a" sur une VM :
Code:
1
2
3
4
5
6
7
8
9
10
| 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:40:4b:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.226/24 brd 192.168.122.255 scope global eth0
inet6 fe80::5054:ff:fe40:4b52/64 scope link
valid_lft forever preferred_lft forever |
iptables -L sur l'hyperviseur :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-is-bridged
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
iptables -L -t nat sur l'hyperviseur :
Code:
1
2
3
4
5
6
7
8
9
10
11
| Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.122.0/24 !192.168.122.0/24 to:88.XX.XX.XX
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
iptables -L sur une VM :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW multiport dports 11210,memcache,epmd,jamlink,21100:21299
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
iptables -L -t nat :
Vide
Merci d'avance, si vous avez besoin de d'autres informations dîtes le moi !
Tarok
