|
|
我们对网络属性进行配置,可以通过几个命令组进行管理,可以帮助我们实现对linux网络,路由的配置管理。
一.首先是ifcfg命令家族(ifconfig,route,netstat)
1.ifconfig:接口及地址查看和管理
ifconfig [INTERFACE]
1) # ifconfig -a:显示所有接口,包括inactive状态的接口;如图:
2) #ifconfig可以指定某个网卡的激活或者关闭
# ifconfig IFACE IP/MASK [up|down]
如图,已经关闭eno33554984
3)#ifconfig可以指定某网卡的ip及子网掩码,直接设置IP
格式:ifconfig IFACE IP netmask NETMASK
示例:
或者使用[iyunv@localhost ~]# ifconfig eno33554984 192.168.41.3/24 up
同样可以达到目的。
上面的命令时因为立即送往内核中的TCP/IP协议栈,所以会立即生效,但是不会永久生效,重启即消失。
4)启用选项,可以指定某网卡启用某种模式
例如指定eno33554984启用混杂模式promisc
关闭此模式:[iyunv@localhost ~]# ifconfig eno33554984 -promisc
5)管理IPv6地址格式:
添加:add addr/prefixlen
删除:del addr/prefixlen
2.route命令:路由查看及管理命令:
路由的类型有三种:
- 主机路由:目标地址为单个IP;
- 网络路由:目标地址为IP网络;
- 默认路由:目标为任意网络,0.0.0.0/0.0.0.0
1)查看路由
1
2
3
4
5
6
| [iyunv@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736
172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
|
2)添加路由
格式:route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
#给主机添加一个网络路由,示例:
给本机eno33554984这个网卡指定一个到10.0.0.0/8的路由,网关为192.168.41
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# route add -net 10.0.0.0/8 gw 192.168.41.1 dev eno33554984
[iyunv@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736
10.0.0.0 192.168.41.1 255.0.0.0 UG 0 0 0 eno33554984
172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
|
#给主机添加一个默认网关,示例
route add -net 0.0.0.0/0.0.0.0 gw 192.168.10.1
或者:route add default gw 192.168.10.1
#给主机添加一个主机路由 只需要将-net 改成-host即可。
3)删除路由
格式:route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
#给主机删除一个路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736
10.0.0.0 192.168.41.1 255.0.0.0 UG 0 0 0 eno33554984
172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
192.168.124.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
[iyunv@localhost ~]# route del -net 10.0.0.0/8 gw 192.168.41.1
[iyunv@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736
172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
192.168.124.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
|
#删除默认路由:route del default
3.netstat命令:显示网络连接,路由表,接口统计数据,伪装连接及多播成员关系
主要功能:
1)显示路由:netstat -rn
-r:显示内核路由表
-n:数字格式
示例:
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eno16777736
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eno16777736
192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
|
2)显示网络连接
格式:netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
选项解释:
- -t:TCP协议的相关连接,连接均有其状态;FSM(Finate State Machine);
- -u:UDP相关的连接;
- -w:raw socket相关的连接;
- -l:处于监听状态的连接;
- -a:所有状态;
- -n:以数字格式显示IP和Port;
- -e:扩展格式;
- -p:显示相关的进程及PID;
示例:#-tan 显示tcp所有状态的数字格式的连接状况
1
2
3
4
5
6
7
8
9
10
| [iyunv@localhost ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 52 172.16.249.228:22 172.16.41.1:38249 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN
|
#-uan 显示udp所有状态的数字格式的连接状况
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@localhost ~]# netstat -uan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:9213 0.0.0.0:*
udp 0 0 0.0.0.0:55841 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:123 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 :::38403 :::*
udp6 0 0 :::123 :::*
udp6 0 0 ::1:323 :::*
udp6 0 0 :::57286 :::*
|
#-tunlp 显示tcp及UDP处于监听状态的以数字格式连接的监听状态进程的状况
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| [iyunv@localhost ~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1012/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1822/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2263/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1012/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1822/master
tcp6 0 0 ::1:6010 :::* LISTEN 2263/sshd: root@pts
udp 0 0 0.0.0.0:9213 0.0.0.0:* 840/dhclient
udp 0 0 0.0.0.0:55841 0.0.0.0:* 2410/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 2410/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 840/dhclient
udp 0 0 0.0.0.0:123 0.0.0.0:* 792/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 792/chronyd
udp6 0 0 :::38403 :::* 840/dhclient
udp6 0 0 :::123 :::* 792/chronyd
udp6 0 0 ::1:323 :::* 792/chronyd
udp6 0 0 :::57286 :::* 2410/dhclient
|
3)显示接口的统计数据:
格式:netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
#显示所有接口的数据 -i
1
2
3
4
5
6
| [iyunv@localhost ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 14012 0 0 0 946 0 0 0 BMRU
eno33554 1500 302 0 0 0 25 0 0 0 BMRU
lo 65536 11 0 0 0 11 0 0 0 LRU
|
#指定接口:netstat -I<IFace> 此处-I之后不能有空格
1
2
3
4
| [iyunv@localhost ~]# netstat -Ieno33554984
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno33554 1500 320 0 0 0 27 0 0 0 BMRU
|
4.ifup/ifdown命令:启用或者禁用某网卡
#ifup/ifdown IFace
原理:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;所以如果配置文件不存在,此命令无法实现启用或者禁用网卡接口。
5.配置主机名
# hostname命令:
1)查看:hostname
2)配置:hostname HOSTNAME 配置只在当前系统有效,重启后失效
#针对CentOS 7,可以使用另外的命令:
hostnamectl status:显示当前主机名信息;
hostnamectl set-hostname:设定主机名,永久有效;
1
2
3
4
5
6
7
8
9
10
11
| [iyunv@localhost ~]# hostnamectl
Static hostname: localhost.localdomain
Icon name: computer-vm
Chassis: vm
Machine ID: 95aab33025e949cc85ccb116339b7eac
Boot ID: ab8ccd62676d48e9a7b653625eead0cc
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64
|
#通过编辑配置文件也可使其永久生效;
配置文件: /etc/sysconfig/network
HOSTNAME=<HOSTNAME>
修改后不会立即生效,需要重读此文件才有效,但是一直生效。
6.DNS服务器指向
#修改配置文件/etc/resolv.conf
nameserver DNS_SERVER_IP
#测试(host/nslookup/dig):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| [iyunv@localhost ~]# dig -t A mageedu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> -t A mageedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4358
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 10
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageedu.com. IN A
;; ANSWER SECTION:
mageedu.com. 600 IN A 101.200.188.230
;; AUTHORITY SECTION:
mageedu.com. 153286 IN NS v2s1.xundns.com.
mageedu.com. 153286 IN NS v2s2.xundns.com.
;; ADDITIONAL SECTION:
v2s1.xundns.com. 126456 IN A 183.57.38.184
v2s1.xundns.com. 126456 IN A 113.17.169.37
v2s1.xundns.com. 126456 IN A 115.238.241.21
v2s1.xundns.com. 126456 IN A 115.238.253.250
v2s1.xundns.com. 126456 IN A 124.232.156.76
v2s2.xundns.com. 126456 IN A 116.10.184.143
v2s2.xundns.com. 126456 IN A 121.10.104.13
v2s2.xundns.com. 126456 IN A 115.238.241.20
v2s2.xundns.com. 126456 IN A 115.238.253.252
;; Query time: 1110 msec
;; SERVER: 172.16.0.1#53(172.16.0.1)
;; WHEN: 五 12月 25 21:27:59 CST 2015
;; MSG SIZE rcvd: 245
|
二.iproute家族:
1.ip命令:查看及管理路由,设备,策略路由及隧道功能
格式:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns }
1)ip link 网络设备配置
#ip link set - 修改设备属性
#ip link show - 显示设备属性
显示属性示例:
1
2
3
4
5
6
7
| [iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
或者使用list也可以实现查看显示的效果
1
2
3
4
5
6
7
| [iyunv@localhost ~]# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
#ip link set后跟比较多,同ifconfig比较相似。
1)up和down 启用或者禁用。示例:eno33554984被禁用
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# ip link set eno33554984 down
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
重新启用eno33554984:
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# ip link set eno33554984 up
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
2)#multicast on或multicast off:启用或禁用多播功能;示例:
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# ip link set eno33554984 multicast on
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# ip link set eno33554984 multicast off
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
3)name NAME:重命名接口
4)mtu NUMBER:设置MTU的大小,默认为1500;
5)netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
示例:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| [iyunv@localhost ~]# ip netns add mynet
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
[iyunv@localhost ~]# ip link set eno33554984 netns mynet
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
|
可以发现这里我们增加了一个自己命名的网络空间:mynet,并将eno33554984移入到了 mynet空间中,所以原先eno33554984接口消失;
1
2
3
4
5
| [iyunv@localhost ~]# ip netns exec mynet ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eno33554984: <BROADCAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
此时在mynet空间中执行查看接口信息,即可发现消失的eno33554984信息。
1
2
3
4
5
6
7
8
| [iyunv@localhost ~]# ip netns del mynet
[iyunv@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
|
将mynet空间删除,eno33554984即可归来。
6)ip netns:管理用户网络空间
选项:
- ip netns list:列出所有的netns
- ip netns add NAME:创建指定的netns
- ip netns del NAME:删除指定的netns
- ip netns exec NAME COMMAND:在指定的netns中运行命令
7)ip address - 协议地址管理,管理网络上的IP地址
<一>格式:ip addr add IFADDR dev IFACE
示例:删除了eno33554984的IP
# 为eno33554984新增一个IP-192.168.41.3/24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| [iyunv@localhost ~]# ip addr add 192.168.41.3/24 dev eno33554984
[iyunv@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.228/16 brd 172.16.255.255 scope global dynamic eno16777736
valid_lft 78030sec preferred_lft 78030sec
inet6 fe80::20c:29ff:feee:d3f1/64 scope link
valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.41.3/24 scope global eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feee:d3fb/64 scope link
valid_lft forever preferred_lft forever
|
#为同一个网卡增加第二个地址
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| [iyunv@localhost ~]# ip addr add 192.168.41.4/24 dev eno33554984
[iyunv@localhost ~]# ip adr list
Object "adr" is unknown, try "ip help".
[iyunv@localhost ~]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
inet 172.16.249.228/16 brd 172.16.255.255 scope global dynamic eno16777736
valid_lft 77507sec preferred_lft 77507sec
inet6 fe80::20c:29ff:feee:d3f1/64 scope link
valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.41.3/24 scope global eno33554984
valid_lft forever preferred_lft forever
inet 192.168.41.4/24 scope global secondary eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feee:d3fb/64 scope link
valid_lft forever preferred_lft forever
|
# 此时新增的IP在ifconfig下是显示不出来的,如果想要显示,就需要增加一个标签。
ip addr add label NAME,示例:
[iyunv@localhost ~]# ip addr add 192.168.41.5/24 dev eno33554984 label eno33554984:0
1
2
3
4
5
6
7
8
9
10
11
| [iyunv@localhost ~]# ip addr list eno33554984
3: eno33554984: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
inet 192.168.41.3/24 scope global eno33554984
valid_lft forever preferred_lft forever
inet 192.168.41.4/24 scope global secondary eno33554984
valid_lft forever preferred_lft forever
inet 192.168.41.5/24 scope global secondary eno33554984:0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feee:d3fb/64 scope link
valid_lft forever preferred_lft forever
|
此时ifconfig也是可以显示eno33554984:0的信息。
# ip address add [broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
# ip address add [scope SCOPE_VALUE]:作用域
global:全局可用
link:接口可用; 自己ping自己可以,别人不可以
host:仅本机可用;除了自己可见,别人无法ping。
<二>ip address delete - delete protocol address -删除
格式:ip addr delete IFADDR dev IFACE
示例:删除eno33554984上的192.168.41.5/24的IP
1
| [iyunv@localhost ~]# ip addr del 192.168.41.5/24 dev eno33554984
|
<三>ip address show - look at protocol addresses-显示接口信息
同:ip addr list [IFACE]:显示接口的地址;
<四>ip address flush - flush protocol addresses--清除接口信息
ip addr flush dev IFACE
8)ip route:管理路由表
ip route add - add new route-添加路由;
ip route change - change route--修改路由;
ip route replace - change or add new one---替换路由,修改已有或者添加新的;
ip route delete - delete route--删除路由;
ip route show--list routes-显示路由
ip route flush - flush routing tables--清空路由;
ip route get - get a single route--获取单条路由;
格式:ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
1
2
3
4
5
6
7
8
9
| [iyunv@localhost ~]# ip route add 192.168.0.0/24 via 10.0.0.1 dev eno33554984
[iyunv@localhost ~]# ip route list
default via 172.16.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41
172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100
192.168.0.0/24 via 10.0.0.1 dev eno33554984
192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
|
示例:特指定出去的ip为10.0.10.41的路由网关,由src指定
1
2
3
4
5
6
7
8
9
10
| [iyunv@localhost ~]# ip route add 192.168.1.0/24 via 10.0.0.1 dev eno33554984 src 10.0.10.41
[iyunv@localhost ~]# ip route list
default via 172.16.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41
172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100
192.168.0.0/24 via 10.0.0.1 dev eno33554984
192.168.1.0/24 via 10.0.0.1 dev eno33554984 src 10.0.10.41
192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
|
# 增加默认网关:
ip route add default via 172.16.0.1 dev eno16777736
#删除网关:
ip route del TYPE PRIFIX
示例: 删除到192.168.1.0/24的网关
1
2
3
4
5
6
7
8
9
| [iyunv@localhost ~]# ip route del 192.168.1.0/24
[iyunv@localhost ~]# ip route list
default via 172.16.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41
172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100
192.168.0.0/24 via 10.0.0.1 dev eno33554984
192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
|
#ip route show - list routes-显示地址
#ip route get - get a single route-获得一个路由
格式:ip route get TYPE PRIFIX
#ip route flush - flush routing tables- 清空路由表 ,可以指定网络
格式:TYPE PRIFIX
清空到10.0.0.0/8的路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@localhost ~]# ip route list
default via 172.16.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41
172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100
192.168.0.0/24 via 10.0.0.1 dev eno33554984
192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
[iyunv@localhost ~]# ip route flush 10.0.0.0/8
[iyunv@localhost ~]# ip route list
default via 172.16.0.1 dev eno16777736 proto static metric 100
172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100
192.168.0.0/24 via 10.0.0.1 dev eno33554984
192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128
192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
|
2.ss命令:另一个显示socket的工具
格式:ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ] 用来过滤连接
其中:TCP的状态有如下:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:分手阶段,等待一方回应
FIN_WAIT_2:分手时候,一方分完,另一方确认
SYN_SENT:
SYN_RECV:
CLOSED:
示例:'( dport = :22 or sport = :22)'
#只显示tan状态中22端口的链接
1
2
3
4
5
| [iyunv@localhost ~]# ss -tan '( dport = :22 or sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
ESTAB 0 0 172.16.249.228:22 172.16.41.1:38249
LISTEN 0 128
|
三.配置文件修改
1.IP/NETMASK/GW/DNS等属性的配置文件
位置:/etc/sysconfig/network-scripts/ifcfg-IFACE,其中IFACE:接口名称;
2.路由的相关配置文件:
/etc/sysconfig/networkj-scripts/route-IFACE
注意:配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通过大量参数来定义接口的属性;其可通过vim等文本编辑器直接修改,也可以使用专用的命令的进行修改(CentOS 6:system-config-network (setup),CentOS 7: nmtui)
3.对IP/NETMASK/GW/DNS等属性的配置文件 ifcfg-IFACE参数的解释:
DEVICE:此配置文件对应的设备的名称;
ONBOOT:在系统引导过程中,是否激活此接口;
UUID:此设备的惟一标识;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp、bootp、static、none;
TYPE:接口类型,常见的有Ethernet, Bridge;
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子网掩码;CentOS 7支持使用PREFIX以长度方式指明子网掩码;
GATEWAY:默认网关;
USERCTL:是否允许普通用户控制此设备;
PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向覆盖本地手动指定的DNS服务器指向;默认为允许;
HWADDR:设备的MAC地址;
NM_CONTROLLED:是否使用NetworkManager服务来控制接口;centos6上不建议打开。
3.管理网络服务
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之后,如果要生效,需要重启网络服务;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
4.日常工作中我们需要将一些默认路由永久生效,也需要写到配置文件中
文件位置:/etc/sysconfig/network-scripts/route-IFACE
支持两种配置方式,但不可混用;
(1) 每行一个路由条目:
格式:TARGET via GW
例:目标:下一跳:网关
10.0.0.0/24 via 192.168.10.1
# 即到达10.0.0.0/24经由192.168.10.1通过
(2) 每三行一个路由条目:
格式:ADDRESS#=TARGET ADDRESS0=20.0.0.0
NETMASK#=MASK NETMASK0=255.255.255.0
GATEWAY#=NEXTHOP GATEWAY0=192.168.10.2
#即到达达20.0.0.0/24经由192.168.10.2通过
5.给接口配置多个地址,除ip addr之外,ifconfig或配置文件都可以;
(1) ifconfig IFACE_LABEL IPADDR/NETMASK
即:IFACE_LABEL: eth0:0, eth0:1, ...
(2) 为别名添加配置文件;
DEVICE=IFACE_LABEL
BOOTPROTO:网上别名不支持动态获取地址
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-12-25 09:36:07
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡