服务器无法使用桥接网络的故障排查

前两天在设置服务的桥接网络时发现桥接模式无法连接外网，以下是我再进电脑虚拟机还原当时情况并排查故障的分析和处理故障的步骤

 

 

 看了一下虚拟接的桥接网卡的IP地址

[root@node-20 ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.20  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::a8da:342:2b4d:d781  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:19:6c:45  txqueuelen 1000  (Ethernet)
        RX packets 10523  bytes 719140 (702.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17418  bytes 2032008 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

看一下本机的IP地址、网关和虚拟机是否一致

ping 一下桥接网络的的IP地址是否正常并且可以正常使用

[root@node-20 network-scripts]# ping 192.168.0.20
PING 192.168.0.20 (192.168.0.20) 56(84) bytes of data.
64 bytes from 192.168.0.20: icmp_seq=1 ttl=64 time=0.047 ms
64 bytes from 192.168.0.20: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 192.168.0.20: icmp_seq=3 ttl=64 time=0.072 ms
^C
--- 192.168.0.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.039/0.052/0.072/0.016 ms

　桥接网络的IP正常，然后ping一下网关 

[root@node-20 ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.0.20 icmp_seq=1 Destination Host Unreachable
From 192.168.0.20 icmp_seq=2 Destination Host Unreachable
From 192.168.0.20 icmp_seq=3 Destination Host Unreachable
From 192.168.0.20 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4001ms
pipe 4

我就要查看一下路由表

[root@node-20 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.22.2    0.0.0.0         UG    100    0        0 ens32
192.168.0.0     0.0.0.0         255.255.255.0   U     101    0        0 ens33
192.168.22.0    0.0.0.0         255.255.255.0   U     100    0        0 ens32

[root@node-20 ~]# ip r
default via 192.168.22.2 dev ens32 proto static metric 100
192.168.22.0/24 dev ens32 proto kernel scope link src 192.168.22.20 metric 100

发现路由表中没有桥接网络的网关，我们添加一个桥接网络的网关路由

[root@node-20 ~]# ip route add 0.0.0.0/0 via 192.168.0.1 dev ens33
[root@node-20 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 ens33
0.0.0.0         192.168.22.2    0.0.0.0         UG    100    0        0 ens32
192.168.0.0     0.0.0.0         255.255.255.0   U     101    0        0 ens33
192.168.22.0    0.0.0.0         255.255.255.0   U     100    0        0 ens32

现在再ping一下网关

[root@node-20 ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.0.20 icmp_seq=1 Destination Host Unreachable
From 192.168.0.20 icmp_seq=2 Destination Host Unreachable
From 192.168.0.20 icmp_seq=3 Destination Host Unreachable
From 192.168.0.20 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.0.1 ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 5003ms
pipe 4

还是ping不通，那我们再试试重启网络服务和关闭防火墙及selinux关闭之后再ping一下试试

[root@node-20 ~]# systemctl stop firewalld
[root@node-20 ~]# setenforce 0
[root@node-20 ~]# systemctl restart network
[root@node-20 ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.0.20 icmp_seq=1 Destination Host Unreachable
From 192.168.0.20 icmp_seq=2 Destination Host Unreachable
From 192.168.0.20 icmp_seq=3 Destination Host Unreachable
From 192.168.0.20 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4001ms
pipe 4

发现还是不行，继续排查。这是我们发现了最下面有一个“errors”的报错我们可以看一下network的日志信息

[root@node-20 ~]# tailf /var/log/messages
Apr  2 23:00:42 node-20 NetworkManager[769]: <info>  [1585882842.7288] device (ens33): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Apr  2 23:00:42 node-20 NetworkManager[769]: <info>  [1585882842.7293] device (ens33): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Apr  2 23:00:42 node-20 NetworkManager[769]: <info>  [1585882842.7294] device (ens33): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Apr  2 23:00:42 node-20 NetworkManager[769]: <info>  [1585882842.7322] device (ens33): Activation: successful, device activated.
Apr  2 23:00:42 node-20 nm-dispatcher: req:7 'up' [ens33]: new request (3 scripts)
Apr  2 23:00:42 node-20 network: Bringing up interface ens33:  Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)
Apr  2 23:00:42 node-20 nm-dispatcher: req:7 'up' [ens33]: start running ordered scripts...
Apr  2 23:00:42 node-20 network: [  OK  ]
Apr  2 23:00:42 node-20 systemd: Started LSB: Bring up/down networking.
Apr  2 23:01:01 node-20 systemd: Started Session 10 of user root.

发现没有报错信息，继续分析，看看重启电脑和虚拟机试试，结果还是不行

最看了一下虚拟机的虚拟网络模式

 

 

 发现虚拟机没有桥接模式，那我们添加一个桥接模式网网络模式

 

 

 

 

 

 

 

 添加完成之后我们再进虚拟机ping一下网关

[root@node-20 ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.828 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=1.19 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=1.02 ms
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.828/1.015/1.197/0.155 ms
[root@node-20 ~]# ping 192.168.0.100
PING 192.168.0.100 (192.168.0.100) 56(84) bytes of data.
64 bytes from 192.168.0.100: icmp_seq=1 ttl=64 time=0.330 ms
64 bytes from 192.168.0.100: icmp_seq=2 ttl=64 time=0.353 ms
64 bytes from 192.168.0.100: icmp_seq=3 ttl=64 time=0.491 ms
64 bytes from 192.168.0.100: icmp_seq=4 ttl=64 time=1.32 ms
^C
--- 192.168.0.100 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.330/0.625/1.329/0.411 ms

成功了。