kvm虚拟机中无法进行dns域名解析的问题
来源:互联网 发布:淘宝零成本赚钱机6.0 编辑:程序博客网 时间:2024/06/05 08:18
环境:
物理机:CentOS 5.6 x86_64 + KVM
虚拟机:CentOS 5.6 x86_64, Windows 2003 server
问题:
- 在物理机上可以使用域名访问网网站,在虚拟机中却无法使用域名访问网站,但可以通过ip访问网站。
- 关闭物理机的防火墙(iptables)后,虚拟机可以使用域名访问网站
分析:
应该是物理机防火墙(iptables)配置的问题
解决:
物理机防火墙对虚拟机的域名解析有影响。
域名解析使用53号端口,因此查看物理机的53号端口:
[root@centos56 ~]# netstat -ano |grep 53
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 211.98.99.249:5904 61.237.253.2:10455 ESTABLISHED off (0.00/0/0)
tcp 0 0 211.98.99.249:445 61.237.253.2:35742 ESTABLISHED keepalive (3697.76/0/0)
tcp 0 52 211.98.99.249:22 61.237.253.2:41058 ESTABLISHED on (0.41/0/0)
tcp 0 0 211.98.99.249:5904 61.237.253.2:61023 ESTABLISHED off (0.00/0/0)
tcp 0 0 211.98.99.249:5903 61.237.253.2:32072 ESTABLISHED off (0.00/0/0)
tcp 0 0 211.98.99.249:5902 61.237.253.2:16918 ESTABLISHED off (0.00/0/0)
tcp 0 0 211.98.99.249:445 61.237.253.2:34823 ESTABLISHED keepalive (4749.99/0/0)
udp 0 0 192.168.122.1:53 0.0.0.0:* off (0.00/0/0)
udp 0 0 0.0.0.0:5353 0.0.0.0:* off (0.00/0/0)
192.168.122.1上开了53号端口,推测kvm在virbr0上开了域名解析服务。
192.168.122.1是虚拟网桥virbr0的ip
[root@centos56 ~]# ifconfig virbr0
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2086 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:548897 (536.0 KiB)
解决:
修改物理机iptables配置,把53号端口加入防火墙
[root@centos56 ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
上述修改完成后,使用service iptables restart重启防火墙
- kvm虚拟机中无法进行dns域名解析的问题
- 简述DNS进行域名解析的过程
- 简述DNS进行域名解析的原理
- 解决virsh console无法连接到KVM虚拟机的问题
- 解决virshconsole无法连接到KVM虚拟机的问题
- Linux 无法进行域名解析
- DNS域名解析的过程
- virt-manager 解决 kvm虚拟机中鼠标不同步的问题
- 查看DNS主机名解析的主机IP并向DNS服务器进行DNS域名解析
- 远程进行kvm虚拟机的安装
- 虚拟机redhat9.0域名解析DNS配置
- DNS域名解析服务器的配置
- dns泛域名解析的应用
- DNS域名解析服务器的搭建
- DNS域名解析器的配置
- DNS域名解析的基本过程
- kvm中虚拟机的硬盘扩容
- kvm中虚拟机的硬盘扩容
- C_Primer_Plus(第五版)全书源代码
- 通信经典书籍(转载)
- Android 支持多屏幕机制
- 【转】J2EE学习方法摘要
- 第一周 2011-05-30 ~ 2011-06-03
- kvm虚拟机中无法进行dns域名解析的问题
- 万种图书惊爆价60折起65折封顶
- HSV color space
- iPhone JSON Flickr Tutorial – Part 1
- 2011-06-07 10:50:57
- 关于window.style
- 这个月要养成的习惯
- iPhone JSON Flickr Tutorial – Part 1
- SQL Server 数据类型