请教一个关于虚拟网桥下的设备 ping 外网的问题

最近在学习 docker 下桥接网络的实现，容器之间可以 ping 通，但 ping 外网不通

想请教下大家该怎么配置呢？

拓扑图如下：

# 创建两个命名网络空间 $ ip netns add net1 $ ip netns add net2 # 创建两对 veth peer ，并分别将其中一端绑定到两个网络空间中 $ ip link add veth1 type veth peer name veth1_p $ ip link set veth1 netns net1 $ ip link add veth2 type veth peer name veth2_p $ ip link set veth2 netns net2 # 把网络空间中的 veth2 和 veth1 网卡设置 ip 并启用 $ ip netns exec net1 ip addr add 192.168.0.101/24 dev veth1 $ ip netns exec net1 ip link set veth1 up $ ip netns exec net2 ip addr add 192.168.0.102/24 dev veth2 $ ip netns exec net2 ip link set veth2 up # 创建一个 br0 网桥，并把 veth1 和 veth2 的对端接口绑定到网桥上，并启用 $ brctl addbr br0 $ ip link set dev veth1_p master br0 $ ip link set dev veth2_p master br0 $ ip link set veth1_p up $ ip link set veth2_p up $ ip link set br0 up # 在宿主机上添加一对新的 veth pair3 ，一段绑定在 br0 上，一段位于宿主机上 $ ip link add veth3 type veth peer name veth3_p $ ip link set dev veth3_p master br0 $ ip link set veth3_p up $ ip addr add 192.168.0.103/24 dev veth3 $ ip link set veth3 up # 把 net1 和 net2 看成两台拥有网卡的机器，它们通过 br0 网桥连接到一起，所以可以 ping 通 $ ip netns exec net1 ping 192.168.0.102 -I veth1 PING 192.168.0.102 (192.168.0.102) from 192.168.0.101 veth1: 56(84) bytes of data. 64 bytes from 192.168.0.102: icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from 192.168.0.102: icmp_seq=2 ttl=64 time=0.008 ms # net1 、net2 和宿主机 3 台机器通过交换机 br0 连接在一起，可以互通 $ ip netns exec net1 ping 192.168.0.103 -I veth1 PING 192.168.0.103 (192.168.0.103) from 192.168.0.101 veth1: 56(84) bytes of data. 64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=0.100 ms 64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.084 ms 

问题出在这，ping 外网 ping 不通，是因为手机作为一个路由器，没有对 192.168.0.0 网段的数据包做 SNAT 吗?

# 为 net1 配置默认网关 $ ip netns exec net1 route add default gw 192.168.0.103 # ping 百度服务器，ping 不通 $ ip netns exec net1 ping 110.242.68.66 -I veth1 # wlp1s0 网卡能收到 net1 发出的数据 $ tcpdump -vv -i wlp1s0 src host 192.168.0.101 tcpdump: listening on wlp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 16:22:06.427844 IP (tos 0x0, ttl 63, id 2941, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.0.101 > 110.242.68.66: ICMP echo request, id 37009, seq 1, length 64 16:22:07.448181 IP (tos 0x0, ttl 63, id 3138, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.0.101 > 110.242.68.66: ICMP echo request, id 37009, seq 2, length 64 # 本机路由 $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.159.223 0.0.0.0 UG 600 0 0 wlp1s0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlp1s0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 veth3 192.168.159.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0 # 本机部分网卡 $ ip a 2: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 5c:51:4f:10:22:9b brd ff:ff:ff:ff:ff:ff inet 192.168.159.201/24 brd 192.168.159.255 scope global dynamic noprefixroute wlp1s0 valid_lft 3519sec preferred_lft 3519sec inet6 240e:476:ff95:e0d4:3390:ff9f:b0d5:2798/64 scope global temporary dynamic valid_lft 3524sec preferred_lft 3524sec inet6 240e:476:ff95:e0d4:603e:8018:5b5c:5e53/64 scope global dynamic mngtmpaddr noprefixroute valid_lft 3524sec preferred_lft 3524sec inet6 fe80::6009:e9c:61a3:3c9d/64 scope link noprefixroute valid_lft forever preferred_lft forever 21: veth1_p@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether 82:62:51:0d:17:15 brd ff:ff:ff:ff:ff:ff link-netns net1 inet6 fe80::8062:51ff:fe0d:1715/64 scope link valid_lft forever preferred_lft forever 23: veth2_p@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether 6e:fc:d0:ac:ba:84 brd ff:ff:ff:ff:ff:ff link-netns net2 inet6 fe80::6cfc:d0ff:feac:ba84/64 scope link valid_lft forever preferred_lft forever 25: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether ee:ba:bd:86:a2:48 brd ff:ff:ff:ff:ff:ff inet6 fe80::ecba:bdff:fe86:a248/64 scope link valid_lft forever preferred_lft forever 26: veth3_p@veth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether 5e:ff:27:20:56:15 brd ff:ff:ff:ff:ff:ff inet6 fe80::5cff:27ff:fe20:5615/64 scope link valid_lft forever preferred_lft forever 27: veth3@veth3_p: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether d2:6a:18:98:1e:23 brd ff:ff:ff:ff:ff:ff inet 192.168.0.103/24 scope global veth3 valid_lft forever preferred_lft forever inet6 fe80::d06a:18ff:fe98:1e23/64 scope link valid_lft forever preferred_lft forever