當我們擁有一個嶄新的計算機的時候,第一步恐怕都是迫不及待的下載各種軟件,看視頻,聽音樂等,這裏的關鍵的一點是要有網絡。現在的個人計算機大部分都是Windows操作系統的,接入網絡網絡很簡單,插上網線也許就能上網了,最麻煩不過找到網絡和共享中心手動配置一個ip地址、網關地址和dns服務器就能上網了,當然這都是得益於圖形化界面。但是現在很多的服務器都是Linux操作系統且沒有圖形化的界面,這時候我們就需要了解怎樣正確的給Linux主機配置網絡屬性了,本次博客就來說說以正確的方式打開Linux操作系統的網絡屬性配置(本次博客基於的發行版和版本:CentOS7、CentOS6.5)。
接入網絡的兩種方式
一、手動的指定
1.使用命令
一般是臨時的修改,重啓後失效,如:ifconfig、route、ip addr等。
2.修改配置文件
修改文件配置,永久有效,但是可能不能立即生效,需要重啓服務。
二、動態獲取
如果本地網路中存在DHCP服務,可以動態的獲取到ip地址、網關地址、DNS服務器地址等。
常用的管理和配置命令
一、ifconfig
1.不加任何選項,查看處於活動狀態下的接口,-a選項顯示所有接口,包括inactive狀態的接口:
[root@localhost ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2168 errors:0 dropped:0 overruns:0 frame:0 TX packets:404 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:149715 (146.2 KiB) TX bytes:29251 (28.5 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@localhost ~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2223 errors:0 dropped:0 overruns:0 frame:0 TX packets:425 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:153927 (150.3 KiB) TX bytes:32473 (31.7 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
接口的命名方式:
1.傳統的命令方式: 以太網:eth1,eth2...ethn #centos6較常見的命名方式 PPP網絡:ppp1,ppp2...pppn 2.可預測的命令方案 如果固件或者BIOS爲主板上集成的設備提供的索引信息可以用,根據此索引進行命令,例如:eno1,eno2....enon; 如果固件或者BIOS爲PCI-E擴展槽上所提供的索引信息可以用,根據此索引進行命令,例如:ens1,ens2...ensn; 如果硬件接口的物理位置信息可用,則根據此信息命令,如enp2s0 如果用戶顯示定義,也可以根據MAC地址命令,例如enx1232131231 3.命名格式的組成 en:以太網 wl:無線網 ww:廣域網 4.名稱類型 o<index>:集成設備的設備索引號 s<slot>:擴展槽的索引號 x<MAC>:基於MAC地址的命名 p<bus>s<slot>:基於總線槽的拓撲結構進行命名
2. 配置接口ip地址掩碼的兩種方式:
ifconfig INTERFACE IP/MASK [up|down] #up和down爲可選項 ifconfig INTERFACE IP netmask NETMASK [up|down]
舉例:
[root@localhost ~]# ifconfig eth1 192.168.1.1/24 up [root@localhost ~]# [root@localhost ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:AD inet addr:192.168.172.136 Bcast:192.168.172.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aaad/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2392 errors:0 dropped:0 overruns:0 frame:0 TX packets:510 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:168403 (164.4 KiB) TX bytes:43303 (42.2 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:398 (398.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
3.開啓接口的雜合模式,這裏就不先做太多的說明,後面博客中會說明:
[root@localhost ~]# ifconfig eth1 promisc [root@localhost ~]# [root@localhost ~]# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 #這裏多了一個PROMISC RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2985 (2.9 KiB) TX bytes:468 (468.0 b)
4.新增和刪除IPv6地址
ifconfig INTERFACE add addr/prefixlen ifconfig INTERFACE del addr/prefixlen
舉例:
[root@localhost ~]# ifconfig eth1 add 2001:0:0:12::1/64 #新增一個IPV6地址 [root@localhost ~]# [root@localhost ~]# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2001:0:0:12::1/64 Scope:Global inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:57 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6604 (6.4 KiB) TX bytes:836 (836.0 b) [root@localhost ~]# ifconfig eth1 del 2001:0:0:12::1/64 #刪除ipv6地址 [root@localhost ~]# [root@localhost ~]# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 00:0C:29:9F:AA:B7 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe9f:aab7/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:62 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7468 (7.2 KiB) TX bytes:1016 (1016.0 b)
如果在沒有配置ipv6地址的情況下,我們會發現每個接口都有一個開頭爲fe80的ipv6地址,這個地址被稱爲鏈路本地的地址,其前64爲都是固定的格式,後64是位是基於EUI-64生成的,通俗的來說就是基於MAC地址生成的,鏈路本地地址只能用戶本地的通信,如果想要實現上網的功能,就必須要給接口配置一個全局的地址,也就是全球可聚合單播地址,配置的方式就如上,顯示爲Global。
可以給接口起別名配置多個IP地址:
[root@localhost ~]# ifconfig ens34:1 192.168.179.130 netmask 255.255.255.0 [root@localhost ~]# [root@localhost ~]# ifconfig ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255 inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet) RX packets 25157 bytes 12826364 (12.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11651 bytes 2175604 (2.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.179.128 netmask 255.255.255.0 broadcast 192.168.179.255 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 666 bytes 91944 (89.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 220 bytes 29356 (28.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens34:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.179.130 netmask 255.255.255.0 broadcast 192.168.179.255 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet)
然後爲別名添加配置文件即可,記得DEVICE爲別名名稱且BOOTPROTO:不支持動態獲取地址。
注意:執行ifconfig的時候,命令執行後立即生效的,但是重啓後失效!
二、route
1.查看路由條目
route -n #用數字表示,不加-n選項,可能會以主機名和其他的符號來顯示地址
舉例:
[root@localhost ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.172.0 * 255.255.255.0 U 0 0 0 eth0 link-local * 255.255.0.0 U 1002 0 0 eth0 default 192.168.172.2 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]# [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
2.添加路由條目
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
舉例:
[root@localhost ~]# route add -net 100.100.100.0/24 gw 192.168.1.1 #接口可省略 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 100.100.100.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0 [root@localhost ~]# route add default gw 192.168.1.1 dev eth1 #使用default參數創建默認路由 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 100.100.100.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
3.刪除路由
route del [-net|-host] target [gw GW] [netmask Nm] [[dev] If]
舉例:
[root@localhost ~]# route del -net 100.100.100.0/24 [root@localhost ~]# route del -net 0.0.0.0/0 gw 192.168.1.1 #如果目的IP地址存在多個,可以指定網關地址,避免誤刪 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
三、netstat命令
專門用來顯示命令
1.顯示路由表
netstat -rn -r:顯示內核路由表 -n:數字格式
舉例:
[root@localhost ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
2.顯示網絡連接
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p] -t:TCP的相關連接 -u:UDP相關連接 -w:raw socket相關連接 -l:處於監聽狀態的連接 -a:所有狀態 -n:以數字格式顯示ip和端口 -e:擴展格式 -p:顯示相關進程及PID 常用組合: -tan -uan -tnl -unl -tunlp
舉例:
[root@localhost ~]# netstat -tan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 64 192.168.172.136:22 192.168.172.1:60645 ESTABLISHED tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN [root@localhost ~]# netstat -uan Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* [root@localhost ~]# netstat -tnl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN [root@localhost ~]# netstat -unl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:68 0.0.0.0:* [root@localhost ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1008/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1084/master tcp 0 0 :::22 :::* LISTEN 1008/sshd tcp 0 0 ::1:25 :::* LISTEN 1084/master udp 0 0 0.0.0.0:68 0.0.0.0:* 904/dhclient
3.顯示接口的統計數據
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n] 所有接口的信息:netstat -i 指定的接口:netstat -I<INTERFACE>
舉例:
[root@localhost ~]# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 2288 0 0 0 1099 0 0 0 BMRU eth1 1500 0 8 0 0 0 6 0 0 0 BMRU lo 16436 0 0 0 0 0 0 0 0 0 LRU [root@localhost ~]# netstat -Ieth1 Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth1 1500 0 8 0 0 0 6 0 0 0 BMRU
四、ifup和ifdown
開啓或者關閉接口,通過配置文件來識別接口並完成配置,如果接口沒有配置文件,則不能生效。
ifup INTERFACE
ifdown INTERFACE
五、ip
ip的功能很強大,這裏只做一些常用的用法的介紹,具體可以見man手冊。
NAME:show / manipulate routing, devices, policy routing and tunnels ip [ OPTIONS ] OBJECT { COMMAND | help } OBJECT := { link | addr | route | netns } #注意,在寫命令的時候,OBJECT可以簡寫,各個OBJECT的子命令也可以簡寫
1. ip link:網絡設備管理
ip link set:修改設備的屬性 dev NAME:默認參數,指明要管理的設備,關鍵字dev可以省略; {up|down}:開啓或關閉設備 {multicast on|multicast off}:開啓或關閉多播功能 {name NAME}:重命名接口,必須先將設備關閉 netns PID|netnsname:netns爲名稱空間,將接口移動到指定的網絡名稱空間 ip link show:查看設備的狀態 ip link help:顯示幫助信息
舉例:
[root@localhost ~]# ip link set ens34 down #關閉ens34 [root@localhost ~]# ip link set ens34 name eth34 #重命名 [root@localhost ~]# [root@localhost ~]# ifconfig -a ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255 inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet) RX packets 14177 bytes 10140644 (9.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5848 bytes 1208376 (1.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth34: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 399 bytes 55093 (53.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 102 bytes 15624 (15.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ip link set eth34 name ens34 [root@localhost ~]# ip link set ens34 up [root@localhost ~]# ifconfig ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255 inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet) RX packets 14382 bytes 10157346 (9.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5954 bytes 1220936 (1.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.179.128 netmask 255.255.255.0 broadcast 192.168.179.255 inet6 fe80::3062:d2dc:471:6045 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 403 bytes 55727 (54.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 112 bytes 16702 (16.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.ip netns:管理網絡名稱空間(manage network namespaces)
ip netns list:列出所有的網絡名稱空間
ip netns add NAME:創建指定的網絡名稱空間
ip netns del NAME:刪除指定的網絡名稱空間
ip netns exec NAME COMMAND:在指定的netns中運行命令
舉例:
[root@localhost ~]# ip netns add mynetns #創建了一個名稱空間 [root@localhost ~]# [root@localhost ~]# ip netns list #查看名稱空間 mynetns [root@localhost ~]# ip link set ens34 netns mynetns #將ens34綁定到名稱空間mynetns [root@localhost ~]# ifconfig -a #這時候我們會發現設備沒有了 ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255 inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet) RX packets 14892 bytes 10199499 (9.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6234 bytes 1258060 (1.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 72 bytes 6260 (6.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 72 bytes 6260 (6.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:db:7f:47 brd ff:ff:ff:ff:ff:ff [root@localhost ~]# ip netns exec mynetns ip link show #只有在名稱空間內執行命令才能看到,使用ifconfig無效 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: ens34: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff [root@localhost ~]# ip netns exec mynetns ip link set ens34 up #啓用接口 [root@localhost ~]# ip netns exec mynetns ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff
3.ip address:協議地址管理(protocol address management)
ip address IFADDR dev INTERFACE:新增地址,一個接口可以有多個地址
ip address delete IFADDR dev INTERFACE:刪除接口的地址
ip address show [INTERFACE]:顯示接口地址
ip address flush dev INTERFACE:刪除接口地址
舉例:
[root@localhost ~]# ip address flush ens34 [root@localhost ~]# ifconfig ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.172.134 netmask 255.255.255.0 broadcast 192.168.172.255 inet6 fe80::4:ed31:efad:25d0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:db:7f:47 txqueuelen 1000 (Ethernet) RX packets 15955 bytes 10285157 (9.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6762 bytes 1356066 (1.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 413 bytes 57483 (56.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 138 bytes 18976 (18.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ip address add 192.168.179.22/24 dev ens34 [root@localhost ~]# [root@localhost ~]# ifconfig ens34 ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.179.22 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 416 bytes 57775 (56.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 141 bytes 19212 (18.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ip address delete 192.168.179.22/24 dev ens34 [root@localhost ~]# ifconfig ens34 ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:db:7f:51 txqueuelen 1000 (Ethernet) RX packets 424 bytes 58479 (57.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 149 bytes 19804 (19.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# ip address show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:db:7f:47 brd ff:ff:ff:ff:ff:ff inet 192.168.172.134/24 brd 192.168.172.255 scope global dynamic ens32 valid_lft 1180sec preferred_lft 1180sec inet6 fe80::4:ed31:efad:25d0/64 scope link valid_lft forever preferred_lft forever 3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:db:7f:51 brd ff:ff:ff:ff:ff:ff
4.ip route:路由表管理(routing table management)
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]:新增一條路由 ip route delete TYPE PREFIX:刪除路由 ip route show [TYPE PRIFIX]:查看路由 ip route flush:清空路由 ip route get TYPE PREFIX:獲得一個單獨的路由信息 詳見幫助信息:man ip route
舉例:
[root@localhost ~]# ip route show default via 192.168.172.2 dev ens32 proto static metric 100 192.168.172.0/24 dev ens32 proto kernel scope link src 192.168.172.134 metric 100 192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 metric 100 [root@localhost ~]# [root@localhost ~]# ip route add 100.100.100.0/24 via 192.168.179.128 dev ens34 [root@localhost ~]# [root@localhost ~]# ip route show default via 192.168.172.2 dev ens32 proto static metric 100 100.100.100.0/24 via 192.168.179.128 dev ens34 192.168.172.0/24 dev ens32 proto kernel scope link src 192.168.172.134 metric 100 192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 192.168.179.0/24 dev ens34 proto kernel scope link src 192.168.179.128 metric 100 [root@localhost ~]# ip route show 100.100.100.0/24 100.100.100.0/24 via 192.168.179.128 dev ens34 [root@localhost ~]# ip route get 100.100.100.0/24 100.100.100.0 dev ens34 src 192.168.179.128 cache
六、ss命令
ss和netstat的功能類似,但是比netstat的功能強大。
net [options] [FILTER] options: -t:TCP的相關連接 -u:UDP的相關連接 -w:raw socket的相關連接 -l:監聽狀態的連接 -a:所有狀態的連接 -n:數字格式顯示 -p:相關的程序及其PID -e:擴展格式信息 -m:內存用量 -o:計時器信息 FILTER: [ state TCP-STATE ] [ EXPRESSION ] TCP-STATE: LISTEN:監聽 ESTABLISEHD:已經建立連接 FIN_WAIT_1: FIN_WAIT_2: SYN_SENT: SYN_RECV: CLOSED: EXPRESSION: dport:目的端口 sport:源端口 ...
舉例:
[root@localhost ~]# ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 0 192.168.172.134:22 192.168.172.1:57461 LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@localhost ~]# ss -tanp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* users:(("sshd",pid=943,fd=3)) LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1038,fd=13)) ESTAB 0 180 192.168.172.134:22 192.168.172.1:57461 users:(("sshd",pid=1074,fd=3)) LISTEN 0 128 :::22 :::* users:(("sshd",pid=943,fd=4)) LISTEN 0 100 ::1:25 :::* users:(("master",pid=1038,fd=14)) [root@localhost ~]# ss -uan State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 0 192.168.172.134:60204 61.216.153.106:123 UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 *:1524 *:* UNCONN 0 0 *:68 *:* UNCONN 0 0 *:68 *:* UNCONN 0 0 *:30403 *:* UNCONN 0 0 :::27349 :::* UNCONN 0 0 ::1:323 :::* UNCONN 0 0 :::5011 :::* [root@localhost ~]# ss -tan '( dport = :22 or sport = :22 )' State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* ESTAB 0 52 192.168.172.134:22 192.168.172.1:57461 LISTEN 0 128 :::22 :::* [root@localhost ~]# [root@localhost ~]# ss -tan state ESTABLISHED Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.172.134:22 192.168.172.1:57461
七、配置主機名
hostname
hostname:查看主機名 hostname HOSTNAME:修改主機名,重啓後無效
在centos7中:
hostnamectl status:顯示當前主機名等信息 hostnamectl set-hostname HOSTNAME:設置主機名,永久有效
網絡屬性配置文件
一、主機名的配置文件
/etc/sysconfig/network (在centos7有這個文件,但是爲空,因爲在centos7中新增了hostnamectl set-hostname,可以設置永久有效的主機名了):
centos6: [root@localhost ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=localhost.localdomain
注意:修改配置文件不會立即生效,但是以後會一直有效。
二、DNS的配置文件
/etc/hosts:負責ip地址與域名快速解析的文件,hosts文件包含了IP地址和主機名之間的映射,在域名解析的過程中,會先查看hosts文件中是否有域名和ip地址之間的映射關係,如果沒有則向DNS服務器發起域名解析的請求:
[root@frankhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
/etc/resolv.conf:配置的是DNS服務器的地址,當主機要訪問某個域名的時候,就會向resolv.conf的中的DNS服務器發起解析的請求:
[root@localhost ~]# vim /etc/resolv.conf # Generated by NetworkManager search localdomain nameserver 192.168.172.2 nameserver 192.168.179.1
三、接口和路由的配置文件
/etc/sysconfig/network-scripts/ifcfg-IFACE:通過大量的參數來定義接口的屬性,可以通過vim等文本編輯器直接修改:
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens32 TYPE=Ethernet #接口類型 BOOTPROTO=dhcp #激活此接口使用什麼協議來配置接口的屬性,有dhcp、bootp、static、none等 DEFROUTE=yes #是否以此接口創建默認路由 PEERDNS=yes #如果BOOTPROTO的值爲DHCP,是否允許dhcp server分配的dns服務器指向覆蓋本地手動指定的DNS服務器指向 PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes #是否初始化IPV6 IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens32 #此配置文件對於的設備名稱 UUID=a3471195-913d-4e38-b521-47ffa1859ffe #此設備的唯一標識 DEVICE=ens32 #此設備文件對於的設備名稱 ONBOOT=yes
除了以上的一些參數之外還有其他一些比較重要的參數:
DNS1:DNS指向,最多可以有三個
DOMAIN:DNS搜索域
IPADDR:ip地址
NETMASK:子網掩碼;在centos7中支持使用PREFIX以長度方式指明子網掩碼
GATEWAY:默認網關
USERCTL:是否允許普通用戶控制
HWADDR:設備的MAC地址
NM_CONTROLLED:是否使用NetworkManager服務來控制接口
/etc/sysconfig/network-scripts/route-IFACE:針對每個接口都有其對應的路由配置文件,有兩種配置方式,但是不可以混用:
(1)每行配置一條路由:
target/prefix via GW
(2)每三行配置一條路由:
ADDRESS#=target NETWORK#=mask GATEWAY#=NEXTHOP #爲數字0.1.2.3....
舉例:
[root@frankhost ~]# vim /etc/sysconfig/network-scripts/route-eth0 100.100.100.0/24 via 192.168.172.136 [root@frankhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 100.100.100.0 192.168.172.136 255.255.255.0 UG 0 0 0 eth0 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 [root@frankhost ~]# vim /etc/sysconfig/network-scripts/route-eth0 ADDRESS0=192.168.1.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.172.136 [root@frankhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 192.168.172.136 255.255.255.0 UG 0 0 0 eth0 192.168.172.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 0.0.0.0 192.168.172.2 0.0.0.0 UG 0 0 0 eth0
圖像化的方式配置網絡屬性
在centos6中:
執行system-config-network或者setup命令:
安裝:yum -y install system-config-network-tui
安裝:yum -y install setuptool
setup界面:
該怎麼用就不多說了,畢竟是傻瓜式的配置,永久有效。
在centos7中有一個很強大也很複雜的網絡配置管理命令:nmcli,這裏暫時就不做介紹了,以後有機會單獨寫一篇博客,nmcli參考鏈接:http://www.linuxidc.com/Linux/2015-09/123179.htm,或者請看man手冊。