|
當我們擁有一個嶄新的計算機的時候,第一步恐怕都是迫不及待的下載各種軟件,看視頻,聽音樂等���,這里的關鍵的一點是要有網(wǎng)絡。現(xiàn)在的個人計算機大部分都是Windows操作系統(tǒng)的��,接入網(wǎng)絡網(wǎng)絡很簡單��,插上網(wǎng)線也許就能上網(wǎng)了����,最麻煩不過找到網(wǎng)絡和共享中心手動配置一個ip地址��、網(wǎng)關地址和dns服務器就能上網(wǎng)了��,當然這都是得益于圖形化界面��。但是現(xiàn)在很多的服務器都是Linux操作系統(tǒng)且沒有圖形化的界面��,這時候我們就需要了解怎樣正確的給Linux主機配置網(wǎng)絡屬性了��,本次博客就來說說以正確的方式打開Linux操作系統(tǒng)的網(wǎng)絡屬性配置(本次博客基于的發(fā)行版和版本:CentOS7����、CentOS6.5)�����。
接入網(wǎng)絡的兩種方式
一����、手動的指定
1.使用命令
一般是臨時的修改�����,重啟后失效,如:ifconfig����、route、ip addr等�。
2.修改配置文件
修改文件配置,永久有效�����,但是可能不能立即生效��,需要重啟服務�。
二、動態(tài)獲取
如果本地網(wǎng)路中存在DHCP服務�����,可以動態(tài)的獲取到ip地址�����、網(wǎng)關地址�、DNS服務器地址等。
常用的管理和配置命令
一���、ifconfig
1.不加任何選項���,查看處于活動狀態(tài)下的接口�����,-a選項顯示所有接口�����,包括inactive狀態(tài)的接口:
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD
inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2168 errors:0 dropped:0 overruns:0 frame:0
TX packets:404 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:149715 (146.2 KiB) TX bytes:29251 (28.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@localhost ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD
inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2223 errors:0 dropped:0 overruns:0 frame:0
TX packets:425 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:153927 (150.3 KiB) TX bytes:32473 (31.7 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
接口的命名方式:
1.傳統(tǒng)的命令方式:
以太網(wǎng):eth1,eth2...ethn #centos6較常見的命名方式
PPP網(wǎng)絡:ppp1,ppp2...pppn
2.可預測的命令方案
如果固件或者BIOS為主板上集成的設備提供的索引信息可以用�,根據(jù)此索引進行命令�����,例如:eno1,eno2....enon;
如果固件或者BIOS為PCI-E擴展槽上所提供的索引信息可以用���,根據(jù)此索引進行命令,例如:ens1,ens2...ensn;
如果硬件接口的物理位置信息可用,則根據(jù)此信息命令����,如enp2s0
如果用戶顯示定義,也可以根據(jù)MAC地址命令,例如enx1232131231
3.命名格式的組成
en:以太網(wǎng)
wl:無線網(wǎng)
ww:廣域網(wǎng)
4.名稱類型
o<index>:集成設備的設備索引號
s<slot>:擴展槽的索引號
x<MAC>:基于MAC地址的命名
p<bus>s<slot>:基于總線槽的拓撲結構進行命名
2. 配置接口ip地址掩碼的兩種方式:
ifconfig INTERFACE IP/MASK [up|down] #up和down為可選項
ifconfig INTERFACE IP netmask NETMASK [up|down]
舉例:
[root@localhost ~]# ifconfig eth1 192.168.1.1/24 up
[root@localhost ~]#
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD
inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2392 errors:0 dropped:0 overruns:0 frame:0
TX packets:510 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:168403 (164.4 KiB) TX bytes:43303 (42.2 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:398 (398.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
3.開啟接口的雜合模式���,這里就不先做太多的說明����,后面博客中會說明:
[root@localhost ~]# ifconfig eth1 promisc
[root@localhost ~]#
[root@localhost ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 #這里多了一個PROMISC
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2985 (2.9 KiB) TX bytes:468 (468.0 b)
4.新增和刪除IPv6地址
ifconfig INTERFACE add addr/prefixlen
ifconfig INTERFACE del addr/prefixlen
舉例:
[root@localhost ~]# ifconfig eth1 add 2001:0:0:12::1/64 #新增一個IPV6地址
[root@localhost ~]#
[root@localhost ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:0:0:12::1/64 Scope:Global
inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:57 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6604 (6.4 KiB) TX bytes:836 (836.0 b)
[root@localhost ~]# ifconfig eth1 del 2001:0:0:12::1/64 #刪除ipv6地址
[root@localhost ~]#
[root@localhost ~]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:62 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7468 (7.2 KiB) TX bytes:1016 (1016.0 b)
如果在沒有配置ipv6地址的情況下,我們會發(fā)現(xiàn)每個接口都有一個開頭為fe80的ipv6地址�,這個地址被稱為鏈路本地的地址,其前64為都是固定的格式����,后64是位是基于EUI-64生成的,通俗的來說就是基于MAC地址生成的����,鏈路本地地址只能用戶本地的通信,如果想要實現(xiàn)上網(wǎng)的功能��,就必須要給接口配置一個全局的地址�,也就是全球可聚合單播地址,配置的方式就如上���,顯示為Global����。
可以給接口起別名配置多個IP地址:
[root@localhost ~]# ifconfig ens34:1 192.168.179.130 netmask 255.255.255.0
[root@localhost ~]#
[root@localhost ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet)
RX packets 25157 bytes 12826364 (12.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11651 bytes 2175604 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.179.128 netmask 255.255.255.0 broadcast 192.168.179.255
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 666 bytes 91944 (89.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 220 bytes 29356 (28.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.179.130 netmask 255.255.255.0 broadcast 192.168.179.255
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
然后為別名添加配置文件即可�,記得DEVICE為別名名稱且BOOTPROTO:不支持動態(tài)獲取地址��。
注意:執(zhí)行ifconfig的時候����,命令執(zhí)行后立即生效的��,但是重啟后失效�!
二、route
1.查看路由條目
route -n #用數(shù)字表示��,不加-n選項����,可能會以主機名和其他的符號來顯示地址
舉例:
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.172.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]#
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
2.添加路由條目
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
舉例:
[root@localhost ~]# route add -net 100.100.100.0/24 gw 192.168.1.1 #接口可省略
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
[root@localhost ~]# route add default gw 192.168.1.1 dev eth1 #使用default參數(shù)創(chuàng)建默認路由
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
3.刪除路由
route del [-net|-host] target [gw GW] [netmask Nm] [[dev] If]
舉例:
[root@localhost ~]# route del -net 100.100.100.0/24
[root@localhost ~]# route del -net 0.0.0.0/0 gw 192.168.1.1 #如果目的IP地址存在多個,可以指定網(wǎng)關地址�,避免誤刪
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
三、netstat命令
專門用來顯示命令
1.顯示路由表
netstat -rn
-r:顯示內(nèi)核路由表
-n:數(shù)字格式
舉例:
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
2.顯示網(wǎng)絡連接
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t:TCP的相關連接
-u:UDP相關連接
-w:raw socket相關連接
-l:處于監(jiān)聽狀態(tài)的連接
-a:所有狀態(tài)
-n:以數(shù)字格式顯示ip和端口
-e:擴展格式
-p:顯示相關進程及PID
常用組合:
-tan -uan -tnl -unl -tunlp
舉例:
[root@localhost ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 64 192.168.172.136:22 192.168.172.1:60645 ESTABLISHED
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
[root@localhost ~]# netstat -uan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:68 0.0.0.0:*
[root@localhost ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
[root@localhost ~]# netstat -unl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:68 0.0.0.0:*
[root@localhost ~]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1008/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1084/master
tcp 0 0 :::22 :::* LISTEN 1008/sshd
tcp 0 0 ::1:25 :::* LISTEN 1084/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 904/dhclient
3.顯示接口的統(tǒng)計數(shù)據(jù)
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
所有接口的信息:netstat -i
指定的接口:netstat -I<INTERFACE>
舉例:
[root@localhost ~]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2288 0 0 0 1099 0 0 0 BMRU
eth1 1500 0 8 0 0 0 6 0 0 0 BMRU
lo 16436 0 0 0 0 0 0 0 0 0 LRU
[root@localhost ~]# netstat -Ieth1
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth1 1500 0 8 0 0 0 6 0 0 0 BMRU
四���、ifup和ifdown
開啟或者關閉接口����,通過配置文件來識別接口并完成配置�,如果接口沒有配置文件���,則不能生效�����。
ifup INTERFACE
ifdown INTERFACE
五����、ip
ip的功能很強大,這里只做一些常用的用法的介紹��,具體可以見man手冊��。
NAME:show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns } #注意�����,在寫命令的時候,OBJECT可以簡寫��,各個OBJECT的子命令也可以簡寫
1. ip link:網(wǎng)絡設備管理
ip link set:修改設備的屬性
dev NAME:默認參數(shù)�,指明要管理的設備,關鍵字dev可以省略�;
{up|down}:開啟或關閉設備
{multicast on|multicast off}:開啟或關閉多播功能
{name NAME}:重命名接口,必須先將設備關閉
netns PID|netnsname:netns為名稱空間���,將接口移動到指定的網(wǎng)絡名稱空間
ip link show:查看設備的狀態(tài)
ip link help:顯示幫助信息
舉例:
[root@localhost ~]# ip link set ens34 down #關閉ens34
[root@localhost ~]# ip link set ens34 name eth34 #重命名
[root@localhost ~]#
[root@localhost ~]# ifconfig -a
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet)
RX packets 14177 bytes 10140644 (9.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5848 bytes 1208376 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth34: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 399 bytes 55093 (53.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 102 bytes 15624 (15.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip link set eth34 name ens34
[root@localhost ~]# ip link set ens34 up
[root@localhost ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet)
RX packets 14382 bytes 10157346 (9.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5954 bytes 1220936 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.179.128 netmask 255.255.255.0 broadcast 192.168.179.255
inet6 fe80::3062:d2dc:471:6045 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 403 bytes 55727 (54.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 112 bytes 16702 (16.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.ip netns:管理網(wǎng)絡名稱空間(manage network namespaces)
ip netns list:列出所有的網(wǎng)絡名稱空間
ip netns add NAME:創(chuàng)建指定的網(wǎng)絡名稱空間
ip netns del NAME:刪除指定的網(wǎng)絡名稱空間
ip netns exec NAME COMMAND:在指定的netns中運行命令
舉例:
[root@localhost ~]# ip netns add mynetns #創(chuàng)建了一個名稱空間
[root@localhost ~]#
[root@localhost ~]# ip netns list #查看名稱空間
mynetns
[root@localhost ~]# ip link set ens34 netns mynetns #將ens34綁定到名稱空間mynetns
[root@localhost ~]# ifconfig -a #這時候我們會發(fā)現(xiàn)設備沒有了
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet)
RX packets 14892 bytes 10199499 (9.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6234 bytes 1258060 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 72 bytes 6260 (6.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6260 (6.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:db:7f:47 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip netns exec mynetns ip link show #只有在名稱空間內(nèi)執(zhí)行命令才能看到����,使用ifconfig無效
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: ens34: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip netns exec mynetns ip link set ens34 up #啟用接口
[root@localhost ~]# ip netns exec mynetns ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff
3.ip address:協(xié)議地址管理(protocol address management)
ip address IFADDR dev INTERFACE:新增地址,一個接口可以有多個地址
ip address delete IFADDR dev INTERFACE:刪除接口的地址
ip address show [INTERFACE]:顯示接口地址
ip address flush dev INTERFACE:刪除接口地址
舉例:
[root@localhost ~]# ip address flush ens34
[root@localhost ~]# ifconfig
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255
inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet)
RX packets 15955 bytes 10285157 (9.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6762 bytes 1356066 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 413 bytes 57483 (56.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 138 bytes 18976 (18.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip address add 192.168.179.22/24 dev ens34
[root@localhost ~]#
[root@localhost ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.179.22 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 416 bytes 57775 (56.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 141 bytes 19212 (18.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip address delete 192.168.179.22/24 dev ens34
[root@localhost ~]# ifconfig ens34
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
RX packets 424 bytes 58479 (57.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 149 bytes 19804 (19.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:db:7f:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.172.134/24 brd 192.168.172.255 scope global dynamic ens32
valid_lft 1180sec preferred_lft 1180sec
inet6 fe80::4:ed31:efad:25d0/64 scope link
valid_lft forever preferred_lft forever
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff
4.ip route:路由表管理(routing table management)
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]:新增一條路由
ip route delete TYPE PREFIX:刪除路由
ip route show [TYPE PRIFIX]:查看路由
ip route flush:清空路由
ip route get TYPE PREFIX:獲得一個單獨的路由信息
詳見幫助信息:man ip route
舉例:
[root@localhost ~]# ip route show
default via 192.168.172.2 dev ens32 proto static metric 100
192.168.172.0/24 dev ens32 proto kernel scope link src 192.168.172.134 metric 100
192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128
192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 metric 100
[root@localhost ~]#
[root@localhost ~]# ip route add 100.100.100.0/24 via 192.168.179.128 dev ens34
[root@localhost ~]#
[root@localhost ~]# ip route show
default via 192.168.172.2 dev ens32 proto static metric 100
100.100.100.0/24 via 192.168.179.128 dev ens34
192.168.172.0/24 dev ens32 proto kernel scope link src 192.168.172.134 metric 100
192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128
192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 metric 100
[root@localhost ~]# ip route show 100.100.100.0/24
100.100.100.0/24 via 192.168.179.128 dev ens34
[root@localhost ~]# ip route get 100.100.100.0/24
100.100.100.0 dev ens34 src 192.168.179.128
cache
六����、ss命令
ss和netstat的功能類似,但是比netstat的功能強大���。
net [options] [FILTER]
options:
-t:TCP的相關連接
-u:UDP的相關連接
-w:raw socket的相關連接
-l:監(jiān)聽狀態(tài)的連接
-a:所有狀態(tài)的連接
-n:數(shù)字格式顯示
-p:相關的程序及其PID
-e:擴展格式信息
-m:內(nèi)存用量
-o:計時器信息
FILTER:
[ state TCP-STATE ] [ EXPRESSION ]
TCP-STATE:
LISTEN:監(jiān)聽
ESTABLISEHD:已經(jīng)建立連接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION:
dport:目的端口
sport:源端口
...
舉例:
[root@localhost ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 0 192.168.172.134:22 192.168.172.1:57461
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# ss -tanp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=943,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1038,fd=13))
ESTAB 0 180 192.168.172.134:22 192.168.172.1:57461 users:(("sshd",pid=1074,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=943,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1038,fd=14))
[root@localhost ~]# ss -uan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.172.134:60204 61.216.153.106:123
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:1524 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 *:30403 *:*
UNCONN 0 0 :::27349 :::*
UNCONN 0 0 ::1:323 :::*
UNCONN 0 0 :::5011 :::*
[root@localhost ~]# ss -tan '( dport = :22 or sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
ESTAB 0 52 192.168.172.134:22 192.168.172.1:57461
LISTEN 0 128 :::22 :::*
[root@localhost ~]#
[root@localhost ~]# ss -tan state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 52 192.168.172.134:22 192.168.172.1:57461
七�����、配置主機名
hostname
hostname:查看主機名
hostname HOSTNAME:修改主機名����,重啟后無效
在centos7中:
hostnamectl status:顯示當前主機名等信息
hostnamectl set-hostname HOSTNAME:設置主機名�,永久有效
網(wǎng)絡屬性配置文件
一、主機名的配置文件
/etc/sysconfig/network (在centos7有這個文件���,但是為空�����,因為在centos7中新增了hostnamectl set-hostname,可以設置永久有效的主機名了):
centos6:
[root@localhost ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
注意:修改配置文件不會立即生效��,但是以后會一直有效����。
二�����、DNS的配置文件
/etc/hosts:負責ip地址與域名快速解析的文件�����,hosts文件包含了IP地址和主機名之間的映射��,在域名解析的過程中��,會先查看hosts文件中是否有域名和ip地址之間的映射關系����,如果沒有則向DNS服務器發(fā)起域名解析的請求:
[root@frankhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
/etc/resolv.conf:配置的是DNS服務器的地址,當主機要訪問某個域名的時候��,就會向resolv.conf的中的DNS服務器發(fā)起解析的請求:
[root@localhost ~]# vim /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.172.2
nameserver 192.168.179.1
三��、接口和路由的配置文件
/etc/sysconfig/network-scripts/ifcfg-IFACE:通過大量的參數(shù)來定義接口的屬性�����,可以通過vim等文本編輯器直接修改:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet #接口類型
BOOTPROTO=dhcp #激活此接口使用什么協(xié)議來配置接口的屬性,有dhcp�����、bootp����、static、none等
DEFROUTE=yes #是否以此接口創(chuàng)建默認路由
PEERDNS=yes #如果BOOTPROTO的值為DHCP�,是否允許dhcp server分配的dns服務器指向覆蓋本地手動指定的DNS服務器指向
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes #是否初始化IPV6
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32 #此配置文件對于的設備名稱
UUID=a3471195-913d-4e38-b521-47ffa1859ffe #此設備的唯一標識
DEVICE=ens32 #此設備文件對于的設備名稱
ONBOOT=yes
除了以上的一些參數(shù)之外還有其他一些比較重要的參數(shù):
DNS1:DNS指向,最多可以有三個
DOMAIN:DNS搜索域
IPADDR:ip地址
NETMASK:子網(wǎng)掩碼�;在centos7中支持使用PREFIX以長度方式指明子網(wǎng)掩碼
GATEWAY:默認網(wǎng)關
USERCTL:是否允許普通用戶控制
HWADDR:設備的MAC地址
NM_CONTROLLED:是否使用NetworkManager服務來控制接口
/etc/sysconfig/network-scripts/route-IFACE:針對每個接口都有其對應的路由配置文件,有兩種配置方式�����,但是不可以混用:
(1)每行配置一條路由:
(2)每三行配置一條路由:
ADDRESS#=target
NETWORK#=mask
GATEWAY#=NEXTHOP
#為數(shù)字0.1.2.3....
舉例:
[root@frankhost ~]# vim /etc/sysconfig/network-scripts/route-eth0
100.100.100.0/24 via 192.168.172.136
[root@frankhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
100.100.100.0 192.168.172.136 255.255.255.0 UG 0 0 0 eth0
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0
[root@frankhost ~]# vim /etc/sysconfig/network-scripts/route-eth0
ADDRESS0=192.168.1.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.172.136
[root@frankhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 192.168.172.136 255.255.255.0 UG 0 0 0 eth0
192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
圖像化的方式配置網(wǎng)絡屬性
在centos6中:
執(zhí)行system-config-network或者setup命令:
安裝:yum -y install system-config-network-tui
安裝:yum -y install setuptool
setup界面:
執(zhí)行nmtui命令
該怎么用就不多說了�,畢竟是傻瓜式的配置,永久有效�����。
在centos7中有一個很強大也很復雜的網(wǎng)絡配置管理命令:nmcli,這里暫時就不做介紹了�,以后有機會單獨寫一篇博客,nmcli參考鏈接:http://www./Linux/2015-09/123179.htm���,或者請看man手冊�。
本文永久更新鏈接地址:http://www./Linux/2017-09/146911.htm
|
