Linux網絡屬性管理
局域網:以太網,令牌環網
Ethernet:CSMA/CD
沖突域
廣播域
路由器隔離廣播域
MAC:Media Access Control
48bits:
24bits:IANA分配
24bits:廠商分配
IP:Internet Protocolifconfig
啟用混雜模式:[-]promisc 抓包時使用,“-”表示不開啟,不加“-”表示開啟
route
02-2 25‘‘
[root@www ~]# netstat -rne
Destination Gateway Genmask Flags Metric Ref Use Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
[root@www ~]# netstat -rn
Destination Gateway Genmask Flags MSS Window irtt Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
[root@www ~]# netstat -i
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 54212 0 0 0 3277 0 0 0 BMRU
eth1 1500 0 390 0 0 0 3 0 0 0 BMRU
lo 65536 0 304 0 0 0 304 0 0 0 LRU
[root@www ~]# netstat --interfaces
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 54299 0 0 0 3295 0 0 0 BMRU
eth1 1500 0 390 0 0 0 3 0 0 0 BMRU
lo 65536 0 304 0 0 0 304 0 0 0 LRU
[root@www ~]# netstat -Ieth0
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 54344 0 0 0 3315 0 0 0 BMRU
[root@www ~]# netstat -Ieth1
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth1 1500 0 390 0 0 0 3 0 0 0 BMRU
[root@www ~]# netstat -I eth1
usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}
netstat [-vnNcaeol] [<Socket> ...]
netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]
-r, --route display routing table
-I, --interfaces=<Iface> display interface table for <Iface>
-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP)
-M, --masquerade display masqueraded connections
-v, --verbose be verbose
-n, --numeric don‘t resolve names
--numeric-hosts don‘t resolve host names
--numeric-ports don‘t resolve port names
--numeric-users don‘t resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
-c, --continuous continuous listing
-l, --listening display listening server sockets
-a, --all, --listening display all sockets (default: connected)
-o, --timers display timers
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
-T, --notrim stop trimming long addresses
-Z, --context display SELinux security context for sockets<Iface>: Name of interface to monitor/list.
<Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom
<AF>=Use ‘-A <af>‘ or ‘--<af>‘; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
[root@www ~]# netstat -I
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 54499 0 0 0 3346 0 0 0 BMRU
eth1 1500 0 390 0 0 0 3 0 0 0 BMRU
lo 65536 0 304 0 0 0 304 0 0 0 LRU
[root@www ~]# netstat -Ieth0
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 54532 0 0 0 3353 0 0 0 BMRU
ip show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | address | route }
link OBJECT:
ip-link network device configuration- set 設置網絡接口屬性,比如接口自身的啟用或禁用,也包括接口上的屬性啟用或禁用
o up and down - show
? [dev IFACE]:指定接口
? [up]:僅顯示處於激活狀態的接口
[tzx@www ~]$ ip link show 顯示每個接口對應的簡要描述信息
link:主要是管理二層信息的
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
<大寫>:已經啟用的屬性
BROADCAST:支持廣播
MULTICAST:支持組播、多播
UP:處於啟用狀態
LOWER_UP:???
mtu 1500:最大協議傳輸單元 maximum transport unit 一般以太網的最大傳輸單元為1500字節
qdisc pfifo_fast:流控算法
state UP:狀態為啟用
qlen 1000:傳輸隊列
link/ether:MAC地址
brd:廣播地址
[root@www ~]# ip link show dev eth0 顯示指定接口的信息
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
[root@www ~]# ip link show up 僅顯示當前啟用的接口信息,包括unknown
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:55 brd ff:ff:ff:ff:ff:ff
[root@www ~]# ip link set dev ens34 down
[root@www ~]# ip link show dev ens34
3: ens34: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 00:0c:29:32:5b:76 brd ff:ff:ff:ff:ff:ff
ip addr 協議地址管理工具
ip addr { add | del } IFADDR dev IFACE
註:如果原本某網卡已經有地址,則在這個地址之外添加一個輔助地址;
[ label LABEL ]:添加地址時指明網卡別名
[ scope {global|link|host} ]:指明作用域
global:全局可用;
link:僅鏈接可用;
host:本機可用;
[ broadcat ADDRESS ]:指明廣播地址
ip addr show - look at protocol addresses
[ dev DEVICE ]
[ label PATTERN ]
[ primary and secondary ]
ip addr flush - flush protocol addresses
使用格式同show
addr show[root@www ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
link信息
inet:IPv4地址,brd廣播地址,scope [global|host] 作用域,global 表示可以拿來真正實現通信的,eth0接口名稱
inet6:IPv6地址
addr add
[root@www ~]# ip addr add 172.16.100.13/16 dev eth0
使用add給eth0添加一個輔助地址
[root@www ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
[root@www ~]# ip addr replace 172.16.100.14/16 dev eth0
使用replace,但未指定eth0中的哪一個地址,所以又添加了一個地址上去了
[root@www ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0
inet 172.16.100.14/16 scope global secondary eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
[root@www ~]# ip addr replace 172.16.100.15/16 172.16.100.14/16 dev eth0 ???
Error: either "local" is duplicate, or "172.16.100.14/16" is a garbage.
[root@www ~]# ip addr add 172.16.100.15/16 dev eth0:1
[root@www ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0
inet 172.16.100.14/16 scope global secondary eth0
inet 172.16.100.15/16 scope global secondary eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
addr del
[root@www ~]# ip addr del 172.16.100.14/16 dev eth0
使用del 刪除指定接口上的某個IP
[root@www ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0
inet 172.16.100.15/16 scope global secondary eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
[root@www ~]# ip addr del 172.16.100.13/16 dev eth0
刪除主IP,附加IP一同被刪除
[root@www ~]# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
addr add label NAME
[root@www ~]# ip addr add 172.16.100.13/16 dev eth0 label ‘eth0:0‘
新加一個地址,但沒有加在原來的名字上,而是給這塊網卡取了一個別名,新地址加在了這個別名上,不過地址卻屬於同一塊網卡;
[root@www ~]# ip addr show
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0:0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
[root@www ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:C2:CB:4B
inet addr:172.18.120.120 Bcast:172.18.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fec2:cb4b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93819 errors:0 dropped:0 overruns:0 frame:0
TX packets:2773 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6873912 (6.5 MiB) TX bytes:550400 (537.5 KiB)
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:C2:CB:4B
inet addr:172.16.100.13 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
addr add
? scope SCOPE_VALUE
o global -- the address is globally valid. 全局有效
o link -- the address is link local, i.e. it is valid only on this device. 僅鏈接可用,在當前設備上有效,自己能ping自己,別人無法ping你
o host -- the address is valid only inside this host. 僅對當前主機有效
網絡地址不是屬於網卡接口的,而是屬於內核的
內核中有兩個IP地址,不論是否開啟轉發功能,1.2都能ping同2.1
IP1.1 1網絡 IP1.2
內 核 不通
IP2.1 不通
[root@www ~]# ip addr show dev eth0 primary
顯示eth0主IP地址
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 172.16.100.13/16 scope global eth0:0
inet 172.16.100.15/16 scope global secondary eth0:0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever
[root@www ~]# ip addr show dev eth0 secondary
顯示eth0輔助IP地址
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.16.100.15/16 scope global secondary eth0:0
addr flush dev eth0 label ‘eth0:0‘
[root@www ~]# ip addr flush dev eth0 label ‘eth0:0‘
[root@www ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
ip route - routing table management
ip route add
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主機路由:IP
網絡路由:NETWORK/MASK
add TARGET 指明到哪一個位置(網絡)
via gateway 指明下一跳,從本網絡哪個網關出去
dev IFACE 指明流出的接口
添加網關:ip route add default via GW dev IFACE
表示本網絡通過默認網關(本網絡的)到達另一個網絡
[root@www ~]# ip route add 192.168.1.3 via 172.18.0.1 dev eth0
[root@www ~]# ip route show
192.168.1.3 via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
[root@www ~]# ip route add default via 172.18.0.1 proto static
[root@www ~]# ip route show
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
ip route delete
刪除路由:ip route del TARGET
[root@www ~]# ip route del 192.168.1.3
[root@www ~]# ip route show
192.168.0.0/24 via 172.18.0.1 dev eth0
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
[root@www ~]# ip route del 192.168.0.0/24
[root@www ~]# ip route list
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
[root@www ~]# ip route del default
[root@www ~]# ip route list
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
[root@www ~]# ip route add default via 172.18.0.1 proto static
[root@www ~]# ip route show
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
ip route flush
ip route show
[dev IFACE]:只清空或顯示某接口的路由信息
[via PREFIX]:只清空或顯示某網關的路由信息
[root@www ~]# ip route show dev eth0
172.18.0.0/16 proto kernel scope link src 172.18.120.120
169.254.0.0/16 scope link metric 1002
default via 172.18.0.1 proto static
[root@www ~]# ip route show dev eth1
[root@www ~]# ip route add 172.16.0.0/16 via 192.168.100.12
[root@www ~]# ip route show dev eth1
192.168.100.0/24 proto kernel scope link src 192.168.100.12
172.16.0.0/16 via 192.168.100.12
[root@www ~]# ip route flush dev eth1
[root@www ~]# ip route show
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.120.120
169.254.0.0/16 dev eth0 scope link metric 1002
default via 172.18.0.1 dev eth0 proto static
使用命令配置IP地址及路由信息以後,IP等信息在內核的TCP/IP協議棧上,禁用或重啟會清空。
ss命令:
格式:ss [OPTION]... [FILTER]
選項:
-t:tcp協議相關
-u:udp協議相關
-w:裸套接字相關
-x:unix sock相關
-l:listen狀態的鏈接
-a:所有
-n:數字格式
-p:相關的程序及PID
-e:擴展的信息
-m:內存用量
-o: 計時器信息
常用組合:
-tan,-tanl,-tanlp,-uan
FILTER:- [ state TCP-STATE ] [ EXPRESSION ]
TCP的常見狀態:
tcp finite state machine:tcp有限狀態機
LISTEN:監聽
ESTABLISHED:已建立的連接
FIN_WAIT_1:結束等待1
FIN_WAIT_2:結束等待2
SYN_SENT:SYN已發送
SYN_RECV:SYN已接收
CLOSED:已關閉 [root@www ~]# ss -tan state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.18.120.120:22 172.18.118.94:60735
0 0 172.18.120.120:22 172.18.118.94:63366
[root@www ~]# ss -tan state LISTENING
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 128 :::58018 :::
0 128 :60425 :
EXPRESSION:
dport =
sport =
示例:‘( dport = :ssh or sport = :ssh )‘
[root@www ~]# ss -tan ‘dport = :60735‘
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 160 172.18.120.120:22 172.18.118.94:60735
[root@www ~]# ss -tan ‘sport = :22‘
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::
LISTEN 0 128 :22 :
ESTAB 0 64 172.18.120.120:22 172.18.118.94:60735
ESTAB 0 0 172.18.120.120:22 172.18.118.94:63366
Linux網絡屬性配置(3):修改配置文件
IP、MASK、GW、DNS相關配置文件:
/etc/sysconfig/network-scritps/ifcfg-IFACE
路由相關的配置文件:
/etc/sysconfig/network-scripts/route-IFACE/etc/sysconfig/network-scritps/ifcfg-IFACE:
DEVICE:此配置文件應用到的設備;
HWADDR:對應的設備的MAC地址;
BOOTPROTO:激活此設備時使用的地址配置協議,常用的dhcp,static,none,boot;
NM_CONTROLLED:NM是NetworkManager的簡寫:此網卡是否接受NM控制;Centos6建議為"no";
ONBOOT:在系統引導時是否激活此設備;
TYPE:接口類型:常見的有Ethernet,Bridge
UUID:設備的唯一標識;
如果BOOTPROTO=static;則自行配置IP等信息:
IPADDR:指明IP地址;主地址;
NETMASK:子網掩碼;或者 PREFIX=
GATEWAY:默認網關;
DNS1:第一個DNS服務器指向;
DNS2:第二個DNS服務器指向;
USERCTL:普通用戶是否可控制此設備;
PEERDNS:如果BOOTPROTO值為"dhcp",是否允許dhcp server 分配的dns服務器指向信息直接覆蓋至/etc/resolv.conf文件中的;
此處的DNS比/etc/resolv.conf中的優先級高,因為這裏是直接作用在網卡接口上。
為什麽在此處可以修改DNS,因為普通用戶是沒有權限修改/etc/resolv.conf文件。/etc/sysconfig/network-scripts/route-IFACE
兩種風格
- TARGET via GW
[root@www ~]# vim /etc/sysconfig/network-scripts/route-eth0
192.168.0.0/24 via 172.16.0.1 - 每三行定義一條路由
ADDRESS#=TARGET
NETMASK#=mask
GATEWAY#=GW
[root@www ~]# vim /etc/sysconfig/network-scripts/route-eth0
ADDRESS0=192.168.20.0
NETMASK0=255.255.255.0
GATEWAY0=172.16.0.1
ADDRESS1=192.168.30.0
NETMASK1=255.255.255.0
GATEWAY1=172.16.0.1
兩種風格不能同時使用;
給網卡配置多個地址:
-
ifconfig
[root@www ~]# ifconfig eth0:0 192.168.0.22/24 up
[root@www ~]# ifconfig
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:C2:CB:4B
inet addr:192.168.0.22 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[root@www ~]# ip addr show dev eth0:0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c2:cb:4b brd ff:ff:ff:ff:ff:ff
inet 172.18.120.120/16 brd 172.18.255.255 scope global eth0
inet 192.168.0.22/24 brd 192.168.0.255 scope global eth0:0
inet6 fe80::20c:29ff:fec2:cb4b/64 scope link
valid_lft forever preferred_lft forever -
ip addr add IP dev eth0 label ‘eth0:0‘
- 配置文件:
ifcfg-IFACE_ALIAS
DEVICE=IFACE_ALIAS
[root@www network-scripts]# cp ifcfg-eth0 ifcfg-eth0:0
[root@www network-scripts]# cat ifcfg-eth0:0
DEVICE=eth0:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.0.22
NETMASK=255.255.255.0
註意:別名是不能使用dhcp協議引導;必須指定IP地址;
Linux網絡屬性配置的tui(text user interface)
system-config-network-tui
也可以使用setup找到
註意:記得啟動重啟網絡服務方能生效;配置當前主機的主機名:
hostname [HOSTNAME]
/etc/sysconfig/network
[root@www ~]# cat /etc/sysconfig/network
NETWORKING=yes 網絡總開關
HOSTNAME=www.tzx.com 主機名,FQDN
網絡接口識別並命名相關的udev配置文件:
/etc/udev/rules.d/70-persistent-net.rules
PCI device 0x8086:0x100f (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?", ATTR{address}=="00:0c:29:c2:cb:4b", ATTR{type}=="1", KERNEL=="eth", NAME="eth0"
卸載網卡驅動:
lsmod
modprobe -r e1000
裝載網卡驅動:
modprobe e1000
註意:改完後,需改對應的網卡配置文件;Centos 7 網絡屬性配置
傳統命名:以太網eth[0,1,2,...]
可預測功能
udev支持多種不同的命名方案;
Firmware(固件),拓撲結構- 網卡命名機制
systemd對網絡設備的命名方式: - 如果Firmware或BIOS為主板上集成的設備提供的索引信息可用,且可預測則根據此索引進行命名,例如 eno1;
- 如果Firmware或BIOS為PCI-E擴展槽所提供的索引信息可用,且可預測,則根據此索引進行命名,例如 ens1;
- 如果硬件接口的物理位置信息可用,則根據此信息進行命名, 例如 enp2s0;
- 如果用戶顯示啟動,也可根據MAC地址進行命名,enx2387a1dc56;
-
上述均不可用時,則使用傳統命名機制;
上述命名機制中,有的需要biosdevname程序的參與 -
名稱組成格式
en:Ethernet
wl:wlan wireless local area network 無線局域網設備
ww:wwan wireless wide area network 無線廣域網設備名稱類型: o<index>:Onboard集成設備的設備索引號; s<slot>:擴展槽的索引號;支持虛擬設備,而且後面支持跟上設備ID,也會非常的長; x<MAC>:基於MAC地址的命名; p<bus>s<slot>:enp2s1;p後面跟上PCI總線的標號,每一個PCI總線上還有多個插槽s<slot>;
網卡設備的命名過程:
第一步:
udev,輔助工具程序/lib/udev/rename_device,/usr/lib/udev/rules.d/60-net.rules
udev是內核中的一種機制,它能夠將內核所識別的每一個硬件設備及其相關信息通過sys這麽一個偽文件系統向用戶空間進行輸出,用戶空間的工具根據這些信息能夠判斷出硬件設備的接口型號,並根據這些型號可以給它關聯特定的驅動甚至加載額外的輔助功能;sys的這些功能是至關重要的,而udev是主要用來根據sys中的這些功能創建設備文件的;像/dev目錄下為什麽會有sda,sdb?有些在內核啟動時就能識別,這是就可以通過devtmpfs來實現輸出,而剩余的則有可能就需要用到用戶空間的一些輔助工具來幫忙探測並加載驅動程序的,所以udev就是這麽一款工具;
第一步:這個輔助文件會去查找/etc/sysconfig/network-scripts/ifcfg-開頭的網絡接口配置文件,在配置文件中查HWADDR=這一項,界定了每一塊網卡的MAC地址,然後拿著MAC地址看哪個配置文件跟這個MAC一樣,就去讀取這個文件中的DEVICE所填寫的名稱,將這個名稱設置成這個網卡的名稱。
第一步成功則使用第一種命名機制;後面則進行;第一步不成功則執行第二步,以此類推;如果以上三步都沒有匹配成功,接口不再被重命名,則使用傳統命名。
第二步:
biosdevname 會根據/usr/lib/udev/rules.d/71-biosdevname.rules
第三步:
通過檢測網絡接口設備,根據/usr/lib/udev/rules.d/75-net-description
ID_NET_NAME_ONBOARD,ID_NET_NAME_SLOT,ID_NET_NAME_PATH
要想徹底使用傳統命名方式,則將這些文件統統刪了,再將/dev/null鏈接到這些文件上; 回歸傳統命名方式:
[root@www ~]# vim /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed ‘s, release .*$,,g‘ /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
GRUB_CMDLINE_LINUX="net.ifnames=0 rhgb quiet" 禁止修改網絡接口名稱,默認是修改,0為禁止;改完之後不會立即生效,還需要使用grub2-mkconfig生成工具,來生成新的配置文件
[root@www ~]# grub2-mkconfig -o /etc/grub2.cfg -o 指定需生成的配置文件
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-862.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-0263441c05d84ee385ad53362a383086
Found initrd image: /boot/initramfs-0-rescue-0263441c05d84ee385ad53362a383086.img
done
重啟系統
重啟後,系統沒有給網絡接口取別名,還原為傳統網卡名稱ethX,此時的地址是通過dhcp獲取的,系統並未給出配置文件,需自行編輯網卡接口配置文件。
nmcli IP地址配置工具 - command-line tool for controlling NetworkManager
nmcli [ OPTIONS ] OBJECT { COMMAND | help }
device - show and manage network interfaces
connection - start, stop, and manage network connections
nmcli connection { COMMAND | help }
COMMAND := { show | up | down | add | modify | clone | edit | delete | monitor | reload | load | import | export }
如何修改IP地址等屬性:
nmcli connection modify IFACE ([+|-]<setting>.<property> <value>)+
setting.property:
ipv4.addresses 設置ipv4地址
ipv4.gateway 設置默認網關
ipv4.dns1 設置默認DNS
ipv4.method ipv4地址配置方式
manual 手動配置方式
dhcp使用connection modify IFACE +ipv4.addresses IPADDR/PREEFIX給已知網卡加新地址
[root@www ~]# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:32:5B:6C
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.18.119.119/16
IP4.GATEWAY: 172.18.0.1
IP4.ROUTE[1]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.18.0.1, mt = 100
IP6.ADDRESS[1]: fe80::57fd:69c8:aa8b:8cd7/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 100
[root@www ~]# nmcli connection modify ens33 +ipv4.addresses 172.18.21.120/16 給ens33增加一個IPADDR,不寫+,表示修改當前IPADDR
[root@www ~]# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:32:5B:6C
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.18.119.119/16 此時第二個地址並沒有顯示
IP4.GATEWAY: 172.18.0.1
IP4.ROUTE[1]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.18.0.1, mt = 100
IP6.ADDRESS[1]: fe80::57fd:69c8:aa8b:8cd7/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 100
[root@www ~]# nmcli connection down ens33;nmcli connection up ens33 必須先禁用再啟用網卡ens33,新地址才生效,通過重啟NetworkManager無效
Connection ‘ens33‘ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@www ~]# nmcli device show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:32:5B:6C
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/5
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.18.119.119/16
IP4.ADDRESS[2]: 172.18.21.120/16 新地址生效
IP4.GATEWAY: 172.18.0.1
IP4.ROUTE[1]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 102
IP4.ROUTE[2]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 102
IP4.ROUTE[3]: dst = 0.0.0.0/0, nh = 172.18.0.1, mt = 102
IP6.ADDRESS[1]: fe80::57fd:69c8:aa8b:8cd7/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 102
刪除IP地址IPADDR
[root@www ~]# nmcli connection modify ens33 -ipv4.addresses 172.18.21.120/16 刪除剛剛新增的IPADDR2
[root@www ~]# nmcli connection down ens33;nmcli connection up ens33 禁用,啟用ens33接口
Connection ‘ens33‘ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@www ~]# nmcli device show ens33 顯示ens33接口信息,IPADDR2已刪除
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:32:5B:6C
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/6
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.18.119.119/16
IP4.GATEWAY: 172.18.0.1
IP4.ROUTE[1]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 102
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.18.0.1, mt = 102
IP6.ADDRESS[1]: fe80::57fd:69c8:aa8b:8cd7/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 102
修改/增加網關,增加DNS
[root@www ~]# nmcli connection modify ens33 ipv4.gateway 172.18.0.1 修改默認網關
[root@www ~]# nmcli connection modify ens33 ipv4.dns 223.5.5.5 增加DNS
[root@www ~]# nmcli connection modify ens33 +ipv4.dns 8.8.8.8 增加DNS
[root@www ~]# nmcli connection down ens33 ;nmcli connection up ens33 禁用,啟用ens33
Connection ‘ens33‘ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@www ~]# nmcli device show ens33 顯示ens33信息
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:32:5B:6C
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/8
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.18.119.119/16
IP4.GATEWAY: 172.18.0.1
IP4.ROUTE[1]: dst = 172.18.0.0/16, nh = 0.0.0.0, mt = 102
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.18.0.1, mt = 102
IP4.DNS[1]: 223.6.6.6
IP4.DNS[2]: 8.8.8.8
IP6.ADDRESS[1]: fe80::57fd:69c8:aa8b:8cd7/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 102
nmtui:網絡接口配置tui工具
hostnamectl:主機名稱配置工具
[root@www ~]# hostnamectl set-hostname www.tzx.com
參考資料:http://www.redhat.com/hdocs
Network Administration Guide 網絡管理指南,Centos7
nmap,ncat,tcpdump 工具使用
nmap 網絡掃描器
ncat 文件服務器工具
tcpdump 抓包解析工具
網絡客戶端工具
lftp,ftp,lftpget,wget
lftp [ -p port ] [ -u user[,password]] SERVER
子命令:
get
mget
ls
help
lftpget URL
wget
wget [option]... [URL]...
-q:靜默模式
-c:斷點續傳
-D:保存位置
--limit-rates=:指定傳輸速率Linux網絡屬性管理