網絡屬性是Linux的重要管理對象,對網絡的管理配置項目較爲複雜。目前CentOS發行版中主要有命令配置,屬性文件配置和系統嚮導方式配置四種配置方式。
在網絡配置命令在CentOS中有兩個陣營的命令組:ifcfg家族和正在發展的ip家族,目前ifcfg家族逐漸被淘汰,而ip命令家族逐漸深入人心。
ifcfg命令家族: ifconfig, route, netstat
ifconfig命令:接口及地址查看和管理
ifconfig [options] [INTERFACE]
ifconfig -a:顯示所有接口,包括inactive狀態的接口;
ifconfig -s:顯示所有接口簡短信息列表,僅僅包括流量,不包括地址信息;
示例:
# ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 629199 0 314 0 62426 0 0 0 BMRU
eno33554 1500 134267 0 314 0 10 0 0 0 BMRU
lo 65536 16 0 0 0 16 0 0 0 LRU
ifconfig interface options | address ...
ifconfig IFACE IP/MASK [up|down]:配置網卡地址
ifconfig IFACE IP netmask NETMASK:配置網卡地址
options:[-]promisc [取消]啓用混雜模式;
注意:立即送往內核中的TCP/IP協議棧,並生效;
管理IPv6地址:
add addr/prefixlen
del addr/prefixlen
示例:
# ifconfig eno33554960 192.168.10.100/24 up
# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe32:aee2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:32:ae:e2 txqueuelen 1000 (Ethernet)
RX packets 131385 bytes 15129620 (14.4 MiB)
RX errors 0 dropped 314 overruns 0 frame 0
TX packets 9 bytes 698 (698.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route命令:路由查看及管理
路由條目類型:
主機路由:目標地址爲單個IP;
網絡路由:目標地址爲IP網絡;
默認路由:目標爲任意網絡,0.0.0.0/0.0.0.0
查看路由:
route -n
示例:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
說明:(第一個條目0.0.0.0指不需要路由本地網絡)
添加路由:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If] #下一跳地址
示例:
# route add -net 10.0.0.0/8 gw 192.168.10.1 dev eth1
# route add -net 0.0.0.0/0.0.0.0 gw 192.168.10.1
# route add default gw 192.168.10.1
注意:這裏的 -net 必須要符合掩碼的條件: 10.10.0.0/8 是不對的,10.10.0.0/16是對的。
刪除路由:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
示例:
# route del -net 10.0.0.0/8 gw 192.168.10.1
# route del default #刪除默認網關
netstat命令:
顯示網絡連接, 路由表, 網卡統計, 僞裝鏈接,多播關係;
顯示路由表:netstat -rn
-r:顯示內核路由表
-n:數字格式
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eno16777736
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eno16777736
顯示網絡連接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U]輕量級udp [--sctp|-S]高級流控鏈接 [--raw|-w]裸套接字鏈接 [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t:TCP協議的相關連接,連接均有其狀態;FSM(Finate State Machine);
-u:UDP相關的連接
-w:raw socket相關的連接
-l:處於監聽狀態的連接
-a:所有listening or 非listening的狀態,對於TCP 意味着顯示 established鏈接;
-n:以數字格式顯示IP和Port;
-e:擴展格式,會顯示用戶和socket的套接字文件的inode號碼
-p:顯示相關的進程及PID;
常用組合:
-tan:顯示tcp所有狀態連接,且不解析網絡主機名
-uan:顯示所有狀態udp連接,且不解析網絡主機名
-tnl:顯示tcp監聽狀態連接,且不解析網絡主機名
-unl:顯示udp監聽狀態連接,且不解析網絡主機名
-tunlp:顯示tcp、udp監聽狀態連接,且不解析網絡主機名,顯示對應程序
顯示接口的統計數據:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
所有接口:netstat -i #顯示所有端口
示例:
# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 907131 0 653 0 64269 0 0 0 BMRU
eno33554 1500 149827 0 328 0 20 0 0 0 BMRU
lo 65536 24 0 0 0 24 0 0 0 LRU
指定接口:netstat -I<IFace> #netstat -Ieno16777736 #不加空格。
示例:
# netstat -Ieno33554960
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno33554 1500 150411 0 328 0 20 0 0 0 BMRU
## ifup/ifdown命令:
注意:通過配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE來識別接口並完成配置;文件不存在就不能用該命令來啓動或關閉文件。
示例:
# ifup eno16777736
配置主機名:
hostname命令:
查看:hostname
配置:hostname HOSTNAME
說明:當前系統有效,重啓後無效;
hostnamectl命令(CentOS 7):
hostnamectl status:顯示當前主機名信息;
hostnamectl set-hostname:設定主機名,永久有效;
配置文件配置
/etc/sysconfig/network
HOSTNAME=<HOSTNAME>
注意:此方法的設置不會立即生效; 但以後會一直有效;
# hostnamectl status
Static hostname: centos7.1
Pretty hostname: CentOS7.1
Icon name: computer-vm
Chassis: vm
Machine ID: f64f1e109e764c4ba7f0e1142abb599d
Boot ID: edbdacdc65b142c1b142fb45f58cc47f
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
iproute家族
ip命令:show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns }
注意: OBJECT可簡寫,各OBJECT的子命令也可簡寫;
ip OBJECT:
1.ip link: network device configuration
ip link help - 顯示簡要使用幫助;
ip link [dev] NAME set [options] -設置網卡硬件二層屬性,用途不是很廣泛
[dev] NAME (default):指明要管理的設備,dev關鍵字可省略;
options:
up和down:開啓或關閉
multicast on或multicast off:啓用或禁用多播功能;
name NAME:重命名接口
mtu NUMBER:設置MTU的大小,默認爲1500;
示例:
# ip link set eth1 up # 設置硬件屬性啓動、關閉。
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:32:ae:e2 brd ff:ff:ff:ff:ff:ff
# ip link show # display device attributes 二層設備屬性,不顯示ip屬性
2.ip netns PID:
ip netns: - manage network namespaces.ns爲namespace,用於將接口移動到指定的網絡名稱空間,
ip netns list:列出所有的netns
ip netns add NAME:創建指定的netns
ip netns del NAME:刪除指定的netns
ip netns exec NAME COMMAND:在指定的netns中運行命令
示例:
# ip netns add myspace
# ip netns
3.ip address - protocol address management.
ip address help - 查詢命令幫助
ip address add - add new protocol address
ip addr add IFADDR dev IFACE [label NAME] [broadcast ADDRESS] [scope SCOPE_VALUE]
[label NAME]:爲額外添加的地址指明接口別名;
[broadcast ADDRESS]:廣播地址;會根據IP和NETMASK自動計算得到;
[scope SCOPE_VALUE]:
SCOPE_VALUE global:全局可用;
link:接口可用;不用於通信,別人ping不通
host:僅本機可用;僅主機可用
對照: ifconfig 192.168.10.100/24 eno33554960 up
ip addr add 192.168.10.100/24 dev eno33594960
示例:
# ip addr add 192.168.10.100/24 dev eth1
ip addr add 192.168.10.101/24 dev eth1 #可以在同網段設置第二地址
# ip addr add 10.0.0.100/24 dev eth1 #還可以添加其他地址,還有同網段地址那麼還可以有該網段的第二地址,沒有設置別名那麼不會在ip a中顯示出來,也不能再配置
# ip add add 10.1.1.10/24 dev eth1 label eth1:0 # 在ip addr 裏面可以顯示並配置
ip address delete - delete protocol address
ip addr delete IFADDR dev IFACE #用法通add
示例:
# ip addr delete 192.168.10.100/24 dev eth1
# ip addr delete 192.168.10.100/24 dev eth1 label eth1:0
ip address list [IFACE]:顯示接口的地址;
# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
ip address flush - flush protocol addresses
ip addr flush dev IFACE
示例:
# ip addr flush dev eth1
4.ip route - routing table management
ip route add PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
# ip route add 10.0.0.0/8 via 192.168.10.1
# ip route list
default via 172.18.0.1 dev eno16777736
default via 172.18.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 via 192.168.10.1 dev eno33554960
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.10.0/24 dev eno33554960 proto kernel scope link src 192.168.10.100
# ip route add default via GWip route delete - delete route
# ip route delete 10.0.0.0/8
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ip route show - list routes
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ip route flush - flush routing tables
# ip route flush 10/8
# ip route flush
ip route get - get a single route
ip route get TYPE PRIFIX
示例:ip route get 192.168.0.0/24
# ip route flush 10.10/16
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ss命令:
ss [options] [ FILTER ]
選項:
-t:TCP協議的相關連接
-u:UDP相關的連接
-w:raw socket相關的連接
-l:監聽狀態的連接
-a:所有狀態的連接
-n:數字格式
-p:相關的程序及其PID
-e:擴展格式信息
-m:查看socket的內存用量
-o:計時器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常見狀態:
TCP FSM:TCP有限狀態機
LISTEN:監聽
ESTABLISEHD:建立的連接
FIN_WAIT_1:分手要照片階段
FIN_WAIT_2:分手等待確認
SYN_SENT:已發送同步
SYN_RECV:
CLOSED:
EXPRESSION:
dport =
sport =
示例:'( dport = :22 or sport = :22)'
# ss -tan '( dport = :22 or sport = :22 )'
# ss -tan state ESTABLISHED
# ss -tan state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.18.29.100:22 172.18.29.1:51904
# ss -tunp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 52 172.18.29.100:22 172.18.29.1:55291
修改配置文件
IP與二層屬性配置文件
IP/NETMASK/GW/DNS等屬性的配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE #IFACE:接口名稱;
路由的相關配置文件:/etc/sysconfig/network-scripts/route-IFACE
配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通過大量參數來定義接口的屬性;其可通過vim等文本編輯器直接修改,也可以使用專用的命令的進行修改(CentOS 6:system-config-network (更簡單的可以直接使用setup),CentOS 7: nmtui)
ifcfg-IFACE配置文件參數:
DEVICE:此配置文件對應的設備的名稱;與文件IFACE相同
ONBOOT:在系統引導過程中,是否激活此接口;
UUID:此設備的惟一標識;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口時使用什麼協議來配置接口屬性,常用的有dhcp、bootp、static、none;
TYPE:接口類型,常見的有Ethernet, Bridge;
DNS1:第一DNS服務器指向;
DNS2:備用DNS服務器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子網掩碼;CentOS 7支持使用PREFIX以長度方式指明子網掩碼;
GATEWAY:默認網關;
USERCTL:是否允許普通用戶控制此設備;
PEERDNS:如果BOOTPROTO的值爲“dhcp”,是否允許dhcp server分配的dns服務器指向覆蓋本地手動指定的DNS服務器指向;默認爲允許;
HWADDR:設備的MAC地址;複製的就刪除就可以了
NM_CONTROLLED:是否使用NetworkManager服務來控制接口;centOS6因爲該軟件不完善會影響業務所以建議no。
網絡服務:
network
NetworkManager
管理網絡服務:
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之後,如果要生效,需要重啓網絡服務;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
路由配置文件
用到非默認網關路由:/etc/sysconfig/network-scripts/route-IFACE
支持兩種配置方式,但不可混用;
1.每行一個路由條目:
TARGET via GW
# cat /etc/sysconfig/network-scripts/route-eno33554960
10.0.0.0/8 via 192.168.100.1
# service network restart
Restarting network (via systemctl): [ 確定 ]
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 100 0 0 eno16777736
0.0.0.0 192.168.100.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.100.1 255.0.0.0 UG 100 0 0 eno33554960
172.18.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
172.18.0.0 0.0.0.0 255.255.0.0 U 101 0 0 eno33554960 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554960
2.每三行一個路由條目:
ADDRESS#=TARGET # “#”爲號碼
NETMASK#=MASK
GATEWAY#=NEXTHOP
# cat /etc/sysconfig/network-scripts/route-eno33554960
ADDRESS0=10.0.0.0
NETMASK0=255.0.0.0
GATEWAY0=192.168.100.1
ADDRESS1=20.0.0.0
NETMASK1=255.0.0.0
GATEWAY1=192.168.100.2
給接口配置多個地址:ip addr之外,ifconfig或配置文件都可以;
(1) ifconfig IFACE_LABEL IPADDR/NETMASK
IFACE_LABEL: eth0:0, eth0:1, ...
(2) 爲別名添加配置文件;
DEVICE=IFACE_LABEL
BOOTPROTO:網上別名不支持DHCP/bootp協議;
static, none
# cat /etc/sysconfig/network-scripts/ifcfg-eno33554960:0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eno33554960
UUID=d14954ef-3b01-4118-92a2-e71d8dc796c6
DEVICE=eno33554960:0
ONBOOT=yes
IPADDR=192.168.20.100
NETMASK=255.255.255.0
GATEWAY=192.168.20.1
# ifconfig eno33554960:0
eno33554960:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.100 netmask 255.255.255.0 broadcast 192.168.20.255
ether 00:0c:29:32:ae:e2 txqueuelen 1000 (Ethernet)
其他網絡命令
nmcli命令
nmcli [ OPTIONS ] OBJECT { COMMAND | help } device - show and manage network interfaces
OBJECT:device/connection
device COMMAND := { status | show | connect | disconnect | delete | wifi | wimax}connection - start, stop, and manage network connections
connection COMMAND := { show | up | down | add | edit | modify | delete | reload | load } modify [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
如何修改IP地址等屬性:
nmcli conn modify IFACE [+|-]setting.property value
ipv4.address
ipv4.gateway
ipv4.dns1
ipv4.method
# nmcli device status eno33554960 未知參數:eno33554960 設備 類型 狀態 CONNECTION eno16777736 ethernet 連接的 eno16777736 eno33554960 ethernet 連接的 eno33554960 lo loopback 未管理 --
# nmcli connection show eno33554960 connection.id: eno33554960 connection.uuid: 626a0ba4-ddf0-4ddf-a06d-2892a779aec9 connection.interface-name: eno33554960 connection.type: 802-3-ethernet connection.autoconnect: no connection.autoconnect-priority: 0 connection.timestamp: 1459117894
# nmcli conn modify eno33554960 -ipv4.address 192.168.10.100/24 # ip addr list eno33554960 3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:32:ae:e2 brd ff:ff:ff:ff:ff:ff inet 192.168.10.100/24 scope global eno33554960 valid_lft forever preferred_lft forever
最後還有CentOS6中配置命令setup 等文字圖形界面要重啓服務,配置與window近似,不做計較。