PVE 再折腾一下网络
重命名网卡
默认网卡叫 wlp15s0 啥的, 直接别名为 wifi
ip link set wlp15s0 name wifi
重启后别名会掉, 加入rc-local吧.
# cat /etc/rc.local
#!/usr/bin/bash
ip link set wlp15s0 name wifi
systemctl restart networking.service &
exit 0
由于 networking 先于 rc-local 启动, 所以会报找不到网卡, 所以我们直接在脚本重启了一下该服务.
确认一下别名正常:
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp8s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 54:ab:3a:48:9c:ba brd ff:ff:ff:ff:ff:ff
3: wifi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
link/ether e4:02:9b:53:4c:7e brd ff:ff:ff:ff:ff:ff
altname wlp15s0
直接在 /etc/network/interfaces 中配置 WiFi 连接
auto wifi
iface wifi inet manual
wpa-ssid {SSID}
wpa-psk {密码原文或wpa_passphrase加密的key}
up dhclient wifi -v
重启服务器, 应该工作正常:
root@pve:~# ps -ef | grep dhc
root 1135 1 0 19:33 ? 00:00:00 dhclient wifi -v
root 2823 2745 0 19:44 pts/1 00:00:00 grep dhc
root@pve:~# ps -ef | grep wpa
root 1124 1 0 19:33 ? 00:00:00 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wifi.pid -i wifi -D nl80211,wext -C /run/wpa_supplicant
root 2830 2745 0 19:44 pts/1 00:00:00 grep wpa
root@pve:~# systemctl status networking.service
● networking.service - Network initialization
Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2023-05-01 19:34:00 CST; 11min ago
Docs: man:interfaces(5)
man:ifup(8)
man:ifdown(8)
Process: 1022 ExecStart=/usr/share/ifupdown2/sbin/start-networking start (code=exited, status=0/SUCCESS)
Main PID: 1022 (code=exited, status=0/SUCCESS)
Tasks: 5 (limit: 9351)
Memory: 5.6M
CPU: 453ms
CGroup: /system.slice/networking.service
├─1124 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wifi.pid -i wifi -D nl80211,wext -C /run/wpa_supplicant
└─1135 dhclient wifi -v
May 01 19:34:00 pve systemd[1]: Finished Network initialization.
May 01 19:43:14 pve wpa_supplicant[1124]: wifi: CTRL-EVENT-BEACON-LOSS
May 01 19:43:14 pve wpa_supplicant[1124]: wifi: CTRL-EVENT-DISCONNECTED bssid=b0:df:c1:87:8e:15 reason=4 locally_generated=1
May 01 19:43:14 pve wpa_supplicant[1124]: wifi: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: SME: Trying to authenticate with b0:df:c1:87:8e:15 (SSID='xxx' freq=5765 MHz)
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: Trying to associate with b0:df:c1:87:8e:15 (SSID='xxx' freq=5765 MHz)
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: Associated with b0:df:c1:87:8e:15
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: WPA: Key negotiation completed with b0:df:c1:87:8e:15 [PTK=CCMP GTK=CCMP]
May 01 19:43:37 pve wpa_supplicant[1124]: wifi: CTRL-EVENT-CONNECTED - Connection to b0:df:c1:87:8e:15 completed [id=0 id_str=]
尝试了一下创建brige网卡
教程: https://blog.51cto.com/u_3823536/2547591
没有成功. 设置了 4addr 之后 WiFi 就连接不上了, 准确来说是在获取 DHCP 这一步的时候连接就会断开:
iw dev wlp3s0 set 4addr on
老老实实使用 NAT 吧
但是,虽然可以和10.0.0.1互相访问网络,却无法访问外网啊:
宿主机网络:
解决办法,来自:https://serverfault.com/questions/564866/how-to-set-up-linux-server-as-a-router-with-nat
- 启用IPv4转发
echo 1 > /proc/sys/net/ipv4/ip_forward
这个是临时的,持久化请编辑 /etc/sysctl.conf :
vi /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
- 将数据包转发到 wifi 接口,并重写封包
iptables -t nat -A POSTROUTING -o wifi -j MASQUERADE
这句命令的用途是配置 Linux 系统的 IP nat 转发功能,其中 "iptables" 是 Linux 内核中用于处理网络封包的规则引擎,"-t nat" 表示该规则属于 nat 类型,"-A POSTROUTING" 表示在当前链尾添加一个新的 POSTROUTING 规则,"-o wifi" 表示目标网络接口为 wifi,"-j MASQUERADE" 表示该规则将经过 MASQUERADE 处理,即将封包伪装成原始 IP 地址进行传输。
具体来说,这句命令将为当前主机的 wifi 接口配置 IP nat 转发功能,将所有来自外部网络的封包伪装成本机 wifi 接口的 IP 地址,以便在本地进行数据传输。这个命令可能需要在系统内核中升级到 3.10 或以上版本才能使用,因为该版本才开始支持 IP nat 转发功能。
这样虚拟机就可以访问外网啦!
iptables 规则也是临时的,怎么持久化呢?
我选择直接修改 /etc/network/interfaces :
auto vmbr0
iface vmbr0 inet static
address 10.0.0.1/24
gateway 10.0.0.1
up iptables -t nat -A POSTROUTING -o wifi -j MASQUERADE
bridge-ports none
bridge-stp off
bridge-fd 0