在PVE主机上创建虚拟机,并配置静态ip和dns后,主机可以正常访问网络,但是在宿主机或者其他机器上都无法访问该虚拟机。
检查ip是否联通且端口是否开启
如果ip无法ping通,可能是静态ip配置、网卡或桥接设置问题。
[k8s@localhost ~]$ ping 172.xx.xx.24
PING 172.xx.xx.24 (172.xx.xx.24) 56(84) bytes of data.
From 172.xx.xx.23 icmp_seq=1 Destination Host Unreachable
From 172.xx.xx.23 icmp_seq=2 Destination Host Unreachable
From 172.xx.xx.23 icmp_seq=3 Destination Host Unreachable
如果ip地址可以ping通,就要排查端口问题。可以用telnet命令进行测试。
telnet 192.xx.xx.22 22
如果显示连接失败,可能是端口未开,需要在服务器上查看端口信息。
netstat -ntlp |grep 22
输入命令后,如果没有22端口的信息,就需要开放端口号。
检查SSH服务
[k8s@localhost ~]$ ps -le|grep ssh
4 S 0 697 1 0 80 0 - 19188 - ? 00:00:00 sshd
4 S 0 1574 697 0 80 0 - 31642 - ? 00:00:00 sshd
5 S 1000 1576 1574 0 80 0 - 31642 - ? 00:00:00 sshd
[k8s@localhost ~]$
上面情况表示SSH服务已开启。如果没有启动,则需要执行命令“service ssh start”启动服务,然后重连服务器。
查看ssh运行状态:
[k8s@localhost ~]$ systemctl status sshd
● sshd.service - OpenSSH server daemonLoaded: loaded (/usr/lib/systemd/system/s
shd.service; enabled; vendor preset: enabled)Active: active (running) since Wed 2025-01-08 17:27:33 CST; 23min agoDocs: man:sshd(8)man:sshd_config(5)Main PID: 697 (sshd)Tasks: 1 (limit: 61802)Memory: 3.2MCGroup: /system.slice/sshd.service└─697 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-25>
[k8s@localhost ~]$
如果服务未启动,尝试使用命令
/etc/init.d/sshd start
启动服务,结果失败。
使用命令journalctl -xe查看失败的具体原因,发现:
sshd: /lib/libcrypto.so.10: version `OPENSSL_1.0.2’ not found (required by sshd)
此时执行:
cp /usr/lib64/libcrypto.so.10 /usr/lib
最后重启ssh即可
检查ip设置
龙蜥系统静态ip配置路径在/etc/sysconfig/network-scripts,其他系统可能有差异。
[k8s@localhost ~]$ cat /etc/sysconfig/network-scripts/ifcfg-ens18
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static # 静态ip
IPADDR=172.xx.xx.24 # 当前虚拟机IP
NETMASK=255.255.255.0
GATEWAY=172.xx.xx.1 # 网关,不一定从.1开始
DNS1=211.xx.xx.xx # dnsDEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=xx
NAME=ens18 # 指定对应的网卡
UUID=xx-xx-xx
DEVICE=ens18
ONBOOT=on # 跟随系统一起启动
检查虚拟机桥接模式
从上面信息可以发现,ping不通ip,通过ip addr检查ip信息,发现172.xx.xx.22/16处于B段,切桥接到vmbr0上。
查看pve主机的ip及网卡信息,发现172.20网段的ip是桥接到vmbr1虚拟网卡上,192.160网段桥接到vmbr0上。
修改【硬件】—【网络设备】中的桥接,从vmbr0改为vmbr1。
重载并重启对应网卡
# 1、查看nmcli网络管理客户端帮助信息
[k8s@localhost ~]$ nmcli -h
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }OPTIONS-a, --ask ask for missing parameters-c, --colors auto|yes|no whether to use colors in output-e, --escape yes|no escape columns separators in values-f, --fields <field,...>|all|common specify fields to output-g, --get-values <field,...>|all|common shortcut for -m tabular -t -f-h, --help print this help-m, --mode tabular|multiline output mode-o, --overview overview mode-p, --pretty pretty output-s, --show-secrets allow displaying passwords-t, --terse terse output-v, --version show program version-w, --wait <seconds> set timeout waiting for finishing operationsOBJECTg[eneral] NetworkManager's general status and operationsn[etworking] overall networking controlr[adio] NetworkManager radio switchesc[onnection] NetworkManager's connectionsd[evice] devices managed by NetworkManagera[gent] NetworkManager secret agent or polkit agentm[onitor] monitor NetworkManager changes[k8s@localhost ~]$
# 2、查看nmcli网络管理客户端连接子命令
[k8s@localhost ~]$ nmcli c -h
Usage: nmcli connection { COMMAND | help }COMMAND := { show | up | down | add | modify | clone | edit | delete | monitor | reload | load | import | export }show [--active] [--order <order spec>]show [--active] [id | uuid | path | apath] <ID> ...up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]down [id | uuid | path | apath] <ID> ...add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- ([+|-]<setting>.<property> <value>)+]modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+clone [--temporary] [id | uuid | path ] <ID> <new name>edit [id | uuid | path] <ID>edit [type <new_con_type>] [con-name <new_con_name>]delete [id | uuid | path] <ID>monitor [id | uuid | path] <ID> ...reloadload <filename> [ <filename>... ]import [--temporary] type <type> file <file to import>export [id | uuid | path] <ID> [<output file>]
# 3、查看当前网络设备信息
[k8s@localhost ~]$ nmcli connection show
NAME UUID TYPE DEVICE
ens18 a31f7ffc-1a9c-42b2-ba94-ddd0a60173fc ethernet ens18 # 4、重载网络连接
[k8s@localhost ~]$ nmcli connection reload
Error: failed to reload connections: access denied.
[k8s@localhost ~]$ sudo nmcli connection reload
[sudo] password for k8s:
[k8s@localhost ~]$ # 5、重启网卡
[k8s@localhost ~]$ sudo nmcli c up ens18
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[k8s@localhost ~]$
再次查看ip信息:
网络可以正常ping通,172.xx.xx.22/16也变成了172.xx.xx.22/24。
安装netstat相关网络工具包
为了排查网络问题,可能需要使用netstat等命令,如果系统未安装可以参考下面方式安装。
# 查看所有软件仓库状态
[k8s@localhost ~]$ yum repolist all
repo id repo name status
AppStream AnolisOS-8 - AppStream enabled
AppStream-debuginfo AnolisOS-8 - AppStream Debuginfo disabled
AppStream-source AnolisOS-8 - AppStream Source disabled
BaseOS AnolisOS-8 - BaseOS enabled
BaseOS-debuginfo AnolisOS-8 - BaseOS Debuginfo disabled
BaseOS-source AnolisOS-8 - BaseOS Source disabled
DDE AnolisOS-8 - DDE disabled
DDE-debuginfo AnolisOS-8 - DDE Debuginfo disabled
DDE-source AnolisOS-8 - DDE Source disabled
Extras AnolisOS-8 - Extras enabled
HighAvailability AnolisOS-8 - HighAvailability disabled
Plus AnolisOS-8 - Plus disabled
Plus-debuginfo AnolisOS-8 - Plus Debuginfo disabled
Plus-source AnolisOS-8 - Plus Source disabled
PowerTools AnolisOS-8 - PowerTools enabled
PowerTools-debuginfo AnolisOS-8 - PowerTools Debuginfo disabled
PowerTools-source AnolisOS-8 - PowerTools Source disabled
kernel-5.10 AnolisOS-8 - Kernel 5.10 enabled
kernel-5.10-debug AnolisOS-8 - Kernel 5.10 debug disabled
kernel-5.10-source AnolisOS-8 - Kernel 5.10 source disabled
[k8s@localhost ~]$ # 执行yum provides *|netstat找到提供netstat命令的工具包
[k8s@localhost ~]$ yum provides */netstat
AnolisOS-8 - AppStream 1.3 MB/s | 14 MB 00:11
AnolisOS-8 - BaseOS 1.1 MB/s | 12 MB 00:10
AnolisOS-8 - Extras 223 B/s | 2.3 kB 00:10
AnolisOS-8 - PowerTools 184 kB/s | 1.9 MB 00:10
AnolisOS-8 - Kernel 5.10 756 kB/s | 7.7 MB 00:10
net-tools-2.0-0.52.20160912git.an8.x86_64 : Basic networking tools
Repo : @System
Matched from:
Filename : /usr/bin/netstatnet-tools-2.0-0.52.20160912git.an8.x86_64 : Basic networking tools
Repo : BaseOS
Matched from:
Filename : /usr/bin/netstat# netstat命令在net-tools包里面,使用yum install下载,有的使用apt管理软件
[k8s@localhost ~]$ yum install net-tools
Error: This command has to be run with superuser privileges (under the root user on most systems).
[k8s@localhost ~]$ sudo yum install net-tools
[sudo] password for k8s:
AnolisOS-8 - AppStream 1.3 MB/s | 14 MB 00:10
AnolisOS-8 - BaseOS 1.1 MB/s | 12 MB 00:10
AnolisOS-8 - Extras 231 B/s | 2.3 kB 00:10
AnolisOS-8 - PowerTools 184 kB/s | 1.9 MB 00:10
AnolisOS-8 - Kernel 5.10 751 kB/s | 7.7 MB 00:10
Package net-tools-2.0-0.52.20160912git.an8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[k8s@localhost ~]$
[k8s@localhost ~]$ telnet -antlp | grep 22
-bash: telnet: command not found
[k8s@localhost ~]$
[k8s@localhost ~]$ netstat -antlp | grep 22
(Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 256 172.xx.xx.23:22 172.20.95.200:64798 ESTABLISHED -
tcp6 0 0 :::22 :::* LISTEN -
参考
【服务器】无法进行ssh连接的问题逐一排查以及解决方法
Linux netstat 命令安装
龙蜥 Anolis OS8.4 设置IP
