溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
CentOs網絡管理:ifconfig家族,iproute家族及配置文件
在centos的網絡管理中ifcfg家族一直占有舉足輕重的位置,這個家族陪伴著centos走過了艱苦創業的青春歲月。但是按照社會法則,逐漸壯大的centos正在逐漸冷落這個糟糠之妻,迎娶對自己前途更有幫助的更龐大的家族--iproute家族。ifcfg家族正在滑向冷宮,iproute家族即將入住正宮。
ifcfg命令家族
ifconfig命令:用于接口及地址查看和管理
ifconfig 顯示一啟用的網卡信息
[root@yph7 ~]# ifconfig----------顯示已啟用的網絡接口的狀態信息 eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.59.1 netmask 255.255.0.0 broadcast 172.16.255.255 inet6fe80::20c:29ff:fe90:fa11 prefixlen64 scopeid 0x20<link> ether00:0c:29:90:fa:11 txqueuelen 1000 (Ethernet) RX packets 641674 bytes 40563451 (38.6 MiB) RX errors 0 dropped 169 overruns 0 frame 0 TX packets 18804 bytes 10014415 (9.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 131 bytes 7618 (7.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 131 bytes 7618 (7.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig -a:顯示所有接口,包括inactive狀態的接口;
[root@yph7 ~]# ifconfig –a -------發現多了一塊網卡,這塊網卡未被啟用 eno16777736:flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet172.16.59.1 netmask 255.255.0.0 broadcast 172.16.255.255 inet6fe80::20c:29ff:fe90:fa11 prefixlen64 scopeid 0x20<link> ether00:0c:29:90:fa:11 txqueuelen 1000 (Ethernet) RXpackets 646011 bytes 40828485 (38.9 MiB) RXerrors 0 dropped 169 overruns 0 frame 0 TXpackets 18835 bytes 10018077 (9.5 MiB) TXerrors 0 dropped 0 overruns 0 carrier 0 collisions 0 eno33554984:flags=4098<BROADCAST,MULTICAST> mtu 1500 - ether00:0c:29:90:fa:1b txqueuelen 1000 (Ethernet) RXpackets 0 bytes 0 (0.0 B) RXerrors 0 dropped 0 overruns 0 frame 0 TXpackets 0 bytes 0 (0.0 B) TXerrors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet127.0.0.1 netmask 255.0.0.0 inet6::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RXpackets 131 bytes 7618 (7.4 KiB) RXerrors 0 dropped 0 overruns 0 frame 0 TXpackets 131 bytes 7618 (7.4 KiB) TXerrors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看指定網絡接口的狀態信息:
[root@yph7 ~]# ifconfigeno33554984 eno33554984:flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 00:0c:29:90:fa:1b txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
配置IP地址、掩碼:
ifconfig IFACE IP/MASK [up|down]
為指定網絡接口配置ip和子網掩碼,并能夠啟用或停用此網絡接口
----設置ip和netmask,并啟用該網卡,下圖出現“up”說明該網卡已啟用
另外一種設置子網掩碼的方式:
ifconfig IFACE IP netmask NETMASK
[root@yph7 ~]# ifconfig eno33554984 192.168.254.254netmask 255.255.255.0
[root@yph7 ~]# ifconfig eno33554984
eno33554984: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet192.168.254.254 netmask255.255.255.0 broadcast 192.168.254.255
ether00:0c:29:90:fa:1b txqueuelen 1000 (Ethernet)
RXpackets 0 bytes 0 (0.0 B)
RXerrors 0 dropped 0 overruns 0 frame 0
TXpackets 0 bytes 0 (0.0 B)
TXerrors 0 dropped 0 overruns 0 carrier 0 collisions 0
停用此網卡,“up”消失,說明此網卡已經停用
刪除IP地址:
[root@yph7 apache2]# ifconfig eth0 0 刪除eth0的ip地址 [root@yph7 apache2]# ifconfig eth0 查看eth0的信息 eth0 Link encap:Ethernet HWaddr 00:0C:29:40:7C:9B inet6 addr: fe80::20c:29ff:fe40:7c9b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3518 errors:0 dropped:0 overruns:0 frame:0 TX packets:208 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:331302 (323.5 KiB) TX bytes:56048 (54.7 KiB)
ifconfig [-]promisc混雜模式啟用或關閉
開啟混雜模式
關閉混雜模式,“PROMISC”消失
注意:ifconfig命令會立即送往內核中的TCP/IP協議棧,并生效;
route命令:路由查看及管理
路由條目類型:
主機路由:目標地址為單個IP;
網絡路由:目標地址為IP網絡;
默認路由:目標為任意網絡,0.0.0.0/0.0.0.0
查看:顯示查看路由條目
route -n以數字格式顯示路由信息,而不要反解,因為反解會消耗系統資源的
[root@yph7 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736 172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
Destination指目標網絡的地址,Genmask指目標網絡的掩碼。
Gateway指下一跳網關地址,Gateway為0.0.0.0說明不需要網關,直連路由。
Metric指到達這個地址需要的開銷
Flags:路由條目的狀態,U表示啟用。G表示網關,但不一定是默認網關。
Iface:自己本地的網卡接口
添加一個路由,格式:
route add [-net|-host] target [netmask NETMASK] [gw GW] [[dev] If]
添加一個路由:以10.0.0.0/8為目的,以192.168.0.1為下一跳,通過eno33554984接口
由于10.0.0.0為網絡地址,所以用-net。
下一跳地址必須是自己Destination能到的,由于我有兩個網卡,其中一塊網卡的IP為192.168.0.5,所以其Destination為192.168.0.0,所以如果要通過這塊網卡添加路由的時候,gw就必須是192.168.0.x;通過另一塊網卡添加是也是同一道理。
[root@yph7 ~]# route add -net 10.0.0.0/8 gw 192.168.0.1 eno33554984 [root@yph7 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eno33554984 172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
添加默認網關,下面這兩種添加方式結果是一樣的,default相當于-net 0.0.0.0/0.0.0.0
[root@yph7 ~]# route add default gw 192.168.0.2 [root@yph7 ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.0.2 [root@yph7 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eno33554984 0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eno33554984 172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
刪除路由:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
刪除默認網關:
[root@yph7 ~]# route del default [root@yph7 ~]# route -n Kernel IP routing table ----------以192.168.0.2為gw的默認網關已經沒了 Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eno33554984 172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
刪除如果有重復的Destination的話,就必須指定gw
[root@yph7 ~]# route del -net 10.0.0.0/8 gw 192.168.0.1 [root@yph7 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736 172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
netstat命令:
Print networkconnections, routing tables, interface statistics, masquerade connections, andmulticast memberships,顯示網絡連接狀態,接口狀態,路由表等信息。
netstat -rn顯示路由表,與route –n相似
-r:routing,顯示內核路由表
-n:數字格式
[root@yph7 ~]#netstat -rn Kernel IP routingtable Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eno16777736 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eno16777736
顯示網絡連接:
-t:顯示已經建立的TCP協議的相關連接,連接均有其狀態;FSM(Finate State Machine)有限狀態機包含的狀態;
[root@yph7 ~]# netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 localhost:ssh localhost:49973 ESTABLISHED
如果加上-n就不會反解主機名,直接以數字顯示
[root@yph7 ~]# netstat -tn Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 172.16.59.1:22 172.16.59.0:49973 ESTABLISHED
proto:協議
recv-Q:接收隊列,等待接收的隊列長度
send-Q:發送隊列,等待發送的長度
LocalAddress:本地主機地址
Foreign Address:遠程連接地址
State:所處的狀態
-u:UDP已經進行的相關的連接,沒有狀態概念了
[root@yph7 ~]# netstat -un -------由于有udp相關服務,所以沒法顯示 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State [root@yph7 ~]#
-w:raw socket裸套接字相關的連接
-l:處于監聽狀態的連接,一直處于等待接待別人的狀態。
-a:所有狀態
-n:以數字格式顯示IP和Port;
-e:擴展格式;user為0說明是root啟動此進程,Inode表示對應的套接字文件的inode號
[root@yph7 ~]# netstat -tne Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 172.16.59.1:22 172.16.59.0:49973 ESTABLISHED 0 20867
-p:顯示相關的進程及PID;
常用組合:
-tnl:加上l說明處于監聽狀態,一直在全神貫注的關注著網絡信息,State變成了“LISTEN”
[root@yph7 ~]# netstat -tnl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN
-unl:監聽udp,因為udp沒有狀態一說,所以State一欄就沒有內容
[root@yph7 ~]# netstat -unl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 :::123 :::* udp6 0 0 ::1:323 :::*
-tunlp:同時監聽tcp和udp,PID指的是哪個進程在監聽。
[root@yph7 ~]# netstat -tnulp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1037/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2163/master tcp6 0 0 :::22 :::* LISTEN 1037/sshd tcp6 0 0 ::1:25 :::* LISTEN 2163/master udp 0 0 0.0.0.0:123 0.0.0.0:* 807/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 807/chronyd udp6 0 0 :::123 :::* 807/chronyd udp6 0 0 ::1:323 :::* 807/chronyd
-tan: 顯示tcp狀態機里所有狀態鏈接。如下,既顯示通信狀態的鏈接,又顯示監聽等狀態
[root@yph7 ~]# netstat -tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 52 172.16.59.1:22 172.16.59.0:49973 ESTABLISHED tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN
-uan:如下,由于udp暫時沒有通信,所以只顯示了監聽狀態的鏈接
[root@yph7 ~]# netstat -uan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 :::123 :::* udp6 0 0 ::1:323 :::*
傳輸層協議:
tcp:面向連接的協議;通信開始之前,要建立一個虛鏈路;通信完成后還要拆除連接;類似打電話,雙方都要準備,雙方都要被占線,結束后要解除聯系,否則別人就打不進來。
udp:無連接的協議;直接發送數據報文;類似寫信,發過去不需讓對方確認,不會占線。
顯示接口的統計數據:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
-i:顯示所有接口的相關統計信息
[root@yph7 ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno16777 1500 9504 0 17 0 1104 0 0 0 BMRU eno33554 1500 0 0 0 0 0 0 0 0 BMU lo 65536 6 0 0 0 6 0 0 0 LRU
-I<IFace>:顯示指定指定接口的相關統計信息,注意:“-I”和接口名之間沒有空格
[root@yph7 ~]# netstat -Ieno33554984 Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno33554 1500 0 0 0 0 0 0 0 0 BMU
ifup/ifdown命令:啟用或禁某網卡
注意:通過配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE來識別接口并完成配置;如果新添加的網卡沒有配置文件,必須手動添加后再使用此命令。例如我要手動添加/etc/sysconfig/network-scripts/ifcfg-eno33554984這個配置文件后才可以使用這兩個命令。
hostname查看和配置主機名:
查看主機名:
[root@yph7 ~]# hostname yph7.localdomain
配置主機名:但只對當前系統有效,重啟后無效;而且是在設置好主機名后,系統重啟前這個范圍登陸的用戶生效。也就是是說設置好主機名后,退出登陸再登陸才生效,所以下面的例子并沒有看到生效。
[root@yph7 ~]# hostname vbird [root@yph7 ~]# hostname vbird
hostnamectl命令:只適用于CentOS 7。 查看幫助用hostnamectl --help
hostnamectl status:顯示當前主機名的詳細信息;
[root@yph7 ~]# hostnamectl status Static hostname: yph7.localdomain Transient hostname: yph7 Icon name: computer-vm Chassis: vm Machine ID: 0ceb40c75866411c8ccc966de90ff915 Boot ID: 0d23420528e0406480bb2ba9d87aaaec Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-229.el7.x86_64 Architecture: x86_64
hostnamectl set-hostname NAME:設定主機名,永久有效;但必須重新登陸的shell才生效
[root@yph7 ~]# hostnamectl set-hostname vbird [root@yph7 ~]# cat /etc/hostname -------查看配置文件里的名字是否改變 vbird .........................重新登陸一下,下面可以看到新的主機名已經生效了 Hello,root Welcome to login,the time is 2015-12-27-21:55:46 [root@vbird ~]#
主機名的配置文件
centos6:/etc/sysconfig/network
centos7:/etc/hostname
配置DNS服務器指向:把ip地址解析成主機名或把主機名解析成ip地址
編輯配置文件:/etc/resolv.conf
nameserver DNS_SERVER_IP
例如:nameserver 202.106.195.68
最多可配置三個
如何測試,看DNS是否生效(host/nslookup/dig):
hosts文件的作用:
[root@yph7 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.0.1 www.baidu.com g.cn google
如上所示,修改hosts文件,在最后一行添加一個IP和主機的解析,并給172.16.0.1添加了好幾個別名,從下面可以看出,我不論ping的是www.baidu.com,還是g.cn還是google最終都會解析到172.16.0.1這個主機上。只是這樣一來就不能用www.baidu.com這個域名上百度了。
[root@yph7 ~]# ping www.baidu.com PING www.baidu.com (172.16.0.1) 56(84) bytes of data. [root@yph7 ~]# ping g.cn PING www.baidu.com (172.16.0.1) 56(84) bytes of data. [root@yph7 ~]# ping google PING www.baidu.com (172.16.0.1) 56(84) bytes of data.
dig -t A FQDN,把主機名解析成ip地址,直接拿ip地址也可以訪問網站
[root@yph7 ~]# dig -t A www.magedu.com 600 IN A 101.200.188.230
dig -x IP:將ip解析成主機名
不過大多網站都是進行這樣反解析的,所以很可能不成功
iproute家族
iproute的版本號與內核是一一致的,因為iproute很多設置是直接放置到內核中去的。(想要驗證版本號的話請用:rpm -qi iproute;查看內核版本用uname -r)
ip命令:
show / manipulaterouting, devices, policy routing and tunnels
ip OBJECT:link、addr 、 route 、 netns
ip link: network device configuration完成網絡設備配置,查看幫助用ip link help
注意: ip link set 可簡寫成ip li se
ip link set - change device attributes管理設備屬性
dev NAME(default):指明要管理的設備,dev這個關鍵字可省略;
up和down:啟用和禁用網卡
禁用網卡
[root@yph7 ~]# ip link set eno33554984 down [root@yph7 ~]# ip link list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff 3: eno33554984: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
啟用網卡
[root@yph7 ~]# ip link set eno33554984 up ----請用此網卡,“up”標志又回來了 [root@yph7 ~]# ip link list dev eno33554984 3: eno33554984: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
multicast on或multicast off:啟用或禁用多播功能;
禁用多播功能
[root@yph7 ~]# ip link set eno33554984 multicast off [root@yph7 ~]# ip link show eno33554984 --------可看出多播功能已經關閉 3: eno33554984: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
啟用多播功能
[root@yph7 ~]# ip link set eno33554984 multicast on [root@yph7 ~]# ip link list eno33554984 -----------可以看出多播功能又會來了 3: eno33554984: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
name NAME:為網絡接口重命名
[root@yph7 ~]# ip link set eno33554984 down --------改名前先禁用網卡 [root@yph7 ~]# ip link set eno33554984 name eno33333333 [root@yph7 ~]# ip link show ------------------網卡重命名成功 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff 3: eno33333333: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
mtu NUMBER:設置MTU的大小,默認為1500;
[root@yph7 ~]# ip link set eno33554984 mtu 1200 [root@yph7 ~]# ip link list eno33554984 -----------mtu已經變成1200了 3: eno33554984: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1200 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
ip link show - display device attributes顯示設備屬性ip ; link help - 顯示簡要使用幫助。
ip link list:用法與ip link show 相似
[root@yph7 ~]# ip link show ----顯示出所有網卡的狀態,包括未啟用的網卡 [root@yph7 ~]# ip link show eno33554984 -------顯示指定網絡接口的狀態
ip netns: - manage network namespaces.管理網絡用戶空間
netns PID:ns為namespace,用于將接口移動到指定的網絡名稱空間;可用此方法構建非常復雜的虛擬網絡。只有centos7可以用
ip netns list:列出所有的netns;可以簡寫:ip link list或ip li li
ip netns add NAME:創建指定的netns
ip netns del NAME:刪除指定的netns
ip netns exec NAME COMMAND:在指定的netns中運行命令
[root@yph7 ~]# ip netns add mynet --------添加新的網絡名稱空間 [root@yph7 ~]# ip netns list -------查看是否添加成功 mynet [root@yph7 ~]# ip link show -----------現在一共有兩塊網卡 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff 3: eno33333333: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff [root@yph7 ~]# ip link set eno33333333 netns mynet ---將指定網卡移動到網絡名稱空間 [root@yph7 ~]# ip link show ---------------現在只剩一塊網卡,因為另一塊被移走了 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff [root@yph7 ~]# ip netns exec mynet ip link show ----類似進入虛擬世界執行ip link show命令 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: eno33333333: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff [root@yph7 ~]# ip netns del mynet -------------刪除虛擬網絡名稱空間 [root@yph7 ~]# ip link show -----------------我們的網卡又回到現實世界中來了 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:11 brd ff:ff:ff:ff:ff:ff 3: eno33554984: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:90:fa:1b brd ff:ff:ff:ff:ff:ff
ip addr -protocol address management.管理ip網絡接口地址
ip address add -add new protocol address添加新的協議地址
ip addr add IFADDR dev IFACE
[root@yph7 apache2]# ip addr add 192.168.100.10/24 dev eth0 [root@yph7 apache2]# ip addr add 192.168.100.20/24 dev eth0 [root@yph7 apache2]# ip addr add 10.0.0.0/8 dev eth0 ---給eth0添加3個ip地址 [root@yph7 apache2]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:9b brd ff:ff:ff:ff:ff:ff inet 192.168.100.10/24 scope global eth0 inet 10.0.0.0/8 scope global eth0 ----------eth0有三個ip地址 inet 192.168.100.20/24 scope global secondary eth0---為secondary,因為前面有了一個同一網段的ip inet6 fe80::20c:29ff:fe40:7c9b/64 scope link valid_lft forever preferred_lft forever
label NAME:為額外添加的地址指明接口別名;給某一接口的ip地址都添加一個別名,用ifconfig命令才能查看到接口的所有ip。
[root@yph7 apache2]# ip addr add 192.168.100.1 dev eth0 [root@yph7 apache2]# ip addr add 192.168.100.2 dev eth0 label eth0:0 [root@yph7 apache2]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:40:7C:9B inet addr:192.168.100.1 Bcast:0.0.0.0 Mask:255.255.255.255---沒指定掩碼的結果 ...................................................... eth0:0 Link encap:Ethernet HWaddr 00:0C:29:40:7C:9B inet addr:192.168.100.2 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
broadcast ADDRESS:廣播地址;會根據IP和NETMASK自動計算得到,所以一般不用我們手動設定
scope SCOPE_VALUE:下面是scope的三個選項
global:全局可用;別人可以ping通
link:接口可用;別人ping不通,自己可以ping通
host:僅本機可用;除本主機以外的主機看不到這個ip
ip address delete- delete protocol address刪除指定接口的指定ip地址
ip addr delete IFADDR dev IFACE
[root@yph7 apache2]# ip addr add 192.168.100.2/24 dev eth0 [root@yph7 apache2]# ip addr del 192.168.100.2/24 dev eth0 [root@yph7 apache2]# ip addr show dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:9b brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/32 scope global eth0
ip address show -look at protocol addresses
ip addr list [IFACE]:顯示接口的地址;
ip address flush- flush protocol addresses清空指定接口所有的ip地址
ip addr flush dev IFACE
[root@yph7 apache2]# ip addr show eth0 -----eth0原有3個ip 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:9b brd ff:ff:ff:ff:ff:ff inet 192.168.100.10/24 scope global eth0 inet 10.0.0.0/8 scope global eth0 inet 192.168.100.20/24 scope global secondary eth0 inet6 fe80::20c:29ff:fe40:7c9b/64 scope link valid_lft forever preferred_lft forever [root@yph7 apache2]# ip addr flush eth0 -----------清空eth0的所有ip地址 Failed to send flush request: Cannot assign requested address [root@yph7 apache2]# ip addr list eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:9b brd ff:ff:ff:ff:ff:ff
ip route -routing table management實現路由表管理
ip route add -add new route
ip route change -change route
ip route replace- change or add new one替換路由
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
src是你網卡的ip,只有你網卡的ip被設置多個時才有必要指定src。例如你給某網卡配置了三個ip,src應為這三個ip中的某一個。
[root@yph7 ~]# ip addr add 172.16.10.20/16 dev eth2 增加一個新IP [root@yph7 ~]# ip addr list dev eth2 3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:a5 brd ff:ff:ff:ff:ff:ff inet 192.168.0.106/24 brd 192.168.0.255 scope global eth2 inet 172.16.10.20/16 scope global eth2 inet6 fe80::20c:29ff:fe40:7ca5/64 scope link valid_lft forever preferred_lft forever
利用新IP添加一個新路由
[root@yph7 ~]# ip route add 192.168.10.0/24 via 172.16.0.20 dev eth2 src 172.16.10.20 [root@yph7 ~]# ip route list 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.110 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.106 metric 1 192.168.10.0/24 via 172.16.0.20 dev eth2 src 172.16.10.20 172.16.0.0/16 dev eth2 proto kernel scope link src 172.16.10.20 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.0.1 dev eth0 proto static
添加默認路由:
[root@yph7 ~]# ip route add default via 172.16.0.10 dev eth2 src 172.16.10.20 [root@yph7 ~]# ip route list via 172.16.0.10 default dev eth2 src 172.16.10.20
第一次寫錯提示“RTNETLINK answers: Network is unreachable”,后來發現把eth2寫錯成eth0了。
ip route del TYPE PRIFIX 刪除路由
[root@yph7 ~]# ip route del default [root@yph7 ~]# ip route del 192.168.0.0/24 dev eth0 [root@yph7 ~]# ip route del 192.168.10.0/24 一連刪除了三個路由 [root@yph7 ~]# ip route list 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.106 metric 1 172.16.0.0/16 dev eth2 proto kernel scope link src 172.16.10.20 169.254.0.0/16 dev eth0 scope link metric 1002
ip route show -,顯示路由,可以指定via、src等
[root@yph7 ~]# ip route show src 172.16.10.20 172.16.0.0/16 dev eth2 proto kernel scope link
ip route flush -flush routing tables清空某類路由
[root@yph7 ~]# ip route flush 169/8 ---凡是169網段的都刪掉,但不一定能刪掉系統創建的路由 [root@yph7 ~]# ip route list 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.106 metric 1 172.16.0.0/16 dev eth2 proto kernel scope link src 172.16.10.20 169.254.0.0/16 dev eth0 scope link metric 1002 default via 172.16.0.10 dev eth2 src 172.16.10.20
[root@yph7 ~]# ip route flush 169.254/16---在上面的基礎上把范圍再精確一些,發現就能刪掉了 [root@yph7 ~]# ip route list 192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.106 metric 1 172.16.0.0/16 dev eth2 proto kernel scope link src 172.16.10.20 default via 172.16.0.10 dev eth2 src 172.16.10.20
ip route get -get a single route 查看單條路由
ip route get TYPE PRIFIX
[root@yph7 ~]# ip route get 192.168.0.0/24 broadcast 192.168.0.0 dev eth0 src 192.168.0.110 cache <local,brd> mtu 1500 advmss 1460 hoplimit 64
ss命令:是顯示socket的工具,被設計用來獨愛netstat的工具
ss [options] [ FILTER ]
選項:
-t:TCP協議的相關連接
-u:UDP相關的連接
-w:raw socket相關的連接
-l:監聽狀態的連接
-a:所有狀態的連接
-n:數字格式
-p:相關的程序及其PID
-e:擴展格式信息
下面兩個是netstat沒有的:
-m:內存用量
-o:計時器信息
[root@yph7 ~]# ss -m State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 52 192.168.0.110:ssh 192.168.0.104:51158 mem:(r0,w604,f3492,t0) [root@yph7 ~]# ss -o State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 52 192.168.0.110:ssh 192.168.0.104:51158 timer:(on,370ms,0)
FILTER := [ stateTCP-STATE ] [ EXPRESSION ] 只看相關狀態的鏈接
TCP的常見狀態:
TCP FSM:
LISTEN:監聽
ESTABLISEHD:建立的連接,雙方正在通話
FIN_WAIT_1:一方提出分手,在等待回應
FIN_WAIT_2:分就分,答應分手
SYN_SENT:
SYN_RECV:
CLOSED:
[root@yph7 ~]# ss -tan state CLOSED 沒有這種狀態的進程 Recv-Q Send-Q Local Address:Port Peer Address:Port
[root@yph7 ~]# ss -tan state ESTABLISHED Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.0.110:22 192.168.0.104:51158
EXPRESSION:
dport = 目標端口
sport = 源端口
例如:'( dport = :22or sport = :22)' 把源端口或目標端口為22號端口的都顯示出來
[root@yph7 ~]# ss -tan state ESTABLISHED '( dport = :22 or sport = :22 )' Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.0.110:22 192.168.0.104:51158
[root@yph7 ~]# ss -tan '( dport = :22 or sport = :22 )' State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* ESTAB 0 52 192.168.0.110:22 192.168.0.104:51158
配置文件:
IP/NETMASK/GW/DNS等屬性的配置文件為:
/etc/sysconfig/network-scripts/ifcfg-IFACE
例如: /etc/sysconfig/network-scripts/ifcfg-eno16777736
/etc/sysconfig/network-scripts/ifcfg-eth0
路由屬性配置文件為:
/etc/sysconfig/network-scripts/route-IFACE
配置文件的修改:
1、通過vim等文本編輯器直接修改
2、使用命令的進行修改
CentOS 6:system-config-network 或者setup
CentOS 7: nmtui
ifcfg-IFACE配置文件參數:
DEVICE:此配置文件對應的設備的名稱;
ONBOOT:在系統引導過程中,是否激活此接口;
UUID:此設備的惟一標識;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口時使用什么協議來配置接口屬性(ip),常用的有dhcp、bootp、static、none(其實也是靜態);
TYPE:接口類型,常見的有Ethernet, Bridge;
DNS1:第一DNS服務器指向;
DNS2:備用DNS服務器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子網掩碼;CentOS 7支持使用PREFIX以長度方式指明子網掩碼(PREFIX=16);
GATEWAY:默認網關;
USERCTL:是否允許普通用戶控制此設備;
PEERDNS:如果BOOTPROTO的值為“dhcp”,是否允許dhcpserver分配的dns服務器指向覆蓋本地手動指定的DNS服務器指向;默認為yes;
HWADDR:設備的MAC地址;這個不用配置,因為是網卡自帶的
NM_CONTROLLED:是否使用NetworkManager服務來控制接口;對centos6一般為no;centos7為yes
為eth2手動配置文件(centos6):
[root@yph7 network-scripts]# cp ifcfg-eth0 ifcfg-eth2 [root@yph7 network-scripts]# vim ifcfg-eth2 [root@yph7 network-scripts]# cat ifcfg-eth2 DEVICE="eth2" BOOTPROTO="none" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" IPADDR=10.100.100.10 NETMASK=255.0.0.0
[root@yph7 network-scripts]# service network restart -------重啟網卡 [root@yph7 network-scripts]# ip addr list dev eth2 ----發現剛才的配置應經生效了 3: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:40:7c:a5 brd ff:ff:ff:ff:ff:ff inet 10.100.100.10/8 brd 10.255.255.255 scope global eth2 inet6 fe80::20c:29ff:fe40:7ca5/64 scope link valid_lft forever preferred_lft forever
為eno33554984配置文件(centos7):
從eno16777737復制過去,然后編輯成下面樣式
NAME="eno33554984" DEVICE="eno33554984" ONBOOT=yes NETBOOT=yes IPV6INIT=no BOOTPROTO=none TYPE=Ethernet DEFROUTE=yes IPADDR=172.10.100.10 PREFIX=24
網絡服務:
network和NetworkManager
centos6中最好用network
centos7用NetworkManager
管理網絡服務:
CentOS 6: service SERVICE {start|stop|restart|status(查看狀態)}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之后,需要重啟網絡服務才能讓配置文件生效哦;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
其實centos7也可與6的用法一樣,只是不太正規。
配置非默認網關路由:/etc/sysconfig/network-scripts/route-IFACE
支持兩種配置方式,但不可混用;
(1) 每行一個路由條目:
TARGET via GW
(2) 每三行一個路由條目:(#表示組號)
ADDRESS#=TARGET
NETMASK#=MASK
GATEWAY#=NEXTHOP
給eno33554984配置路由文件:
[root@yph7 network-scripts]# vim route-eno33554984
[root@yph7 network-scripts]# cat route-eno33554984
10.0.0.0/8 via 192.168.0.1
或者以下面的格式:
ADDRESS0=20.0.0.0
NETMASK0=255.0.0.0
GATEWAY0=192.168.10.2
給接口配置多個地址:
ip addr之外,ifconfig或配置文件都可以;
(1) 用ifconfig或ip addr 配置多個ip
[root@yph7 network-scripts]# ifconfig eth2:0 192.168.0.10
(2) 為網卡別名添加配置文件;
在上面講的配置文件創建的基礎上只需修改兩項:
DEVICE="eth2:0"
IPADDR=
注意:BOOTPROTO:網上別名不支持動態獲取地址;只支持static, none
nmcli:centos7上ip配置的另一個命令:
nmcli [ OPTIONS ] OBJECT { COMMAND | help }
device -- show andmanage network interfaces查看和管理網絡接口
COMMAND = {status | show | connect | disconnect | delete | wifi | wimax }
[root@yph7 ~]# nmcli device show GENERAL.設備: eno16777736 GENERAL.類型: ethernet GENERAL.硬盤: 00:0C:29:90:FA:11 GENERAL.MTU: 1500 GENERAL.狀態: 100 (連接的) GENERAL.CONNECTION: 有線連接 1 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/0 WIRED-PROPERTIES.容器: 開 IP4.地址[1]: 192.168.0.111/24 IP4.網關: 192.168.0.1 IP4.DNS[1]: 211.140.197.58 IP4.DNS[2]: 211.137.32.178 IP6.地址[1]: fe80::20c:29ff:fe90:fa11/64 IP6.網關: fe80::512c:9097:f2a8:42f5
[root@yph7 ~]# nmcli device status 設備 類型 狀態 CONNECTION eno16777736 ethernet 連接的 有線連接 1 eno33554984 ethernet 連接的 eno33554984 lo loopback 未管理 --
[root@yph7 ~]# nmcli device disconnect eno33554984 Device 'eno33554984' successfully disconnected.
[root@yph7 ~]# nmcli device status 設備 類型 狀態 CONNECTION eno16777736 ethernet 連接的 有線連接 1 eno33554984 ethernet 已斷開 -- lo loopback 未管理 --
connection -start, stop, and manage network connections開啟、禁止、管理網絡連接
COMMAND = { show| up | down | add | edit | modify | delete | reload | load }
[root@yph7 network-scripts]# nmcli conn down eno33554984 [root@yph7 network-scripts]# nmcli conn up eno33554984 [root@yph7 network-scripts]# nmcli conn show
如何修改IP地址等屬性:
# nmcli conn modify IFACE [+|-]setting.property value
modify支持的屬性如下:
ipv4.address
ipv4.gateway
ipv4.dns1
ipv4.method
manual
此命令不成熟,添加地址后,先down在up才能生效
[root@yph7 network-scripts]# nmcli conn modify eno33554984 +ipv4.address 192.168.200.10/24 [root@yph7 network-scripts]# nmcli conn down eno33554984 [root@yph7 network-scripts]# nmcli conn up eno33554984 [root@yph7 network-scripts]# nmcli conn show
[root@yph7 network-scripts]# nmcli conn modify eno33554984 -ipv4.address 192.168.200.10/24 [root@yph7 network-scripts]# nmcli conn down eno33554984 [root@yph7 network-scripts]# nmcli conn up eno33554984 [root@yph7 network-scripts]# nmcli conn show
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
