网络属性是Linux的重要管理对象,对网络的管理配置项目较为复杂。目前CentOS发行版中主要有命令配置,属性文件配置和系统向导方式配置四种配置方式。
在网络配置命令在CentOS中有两个阵营的命令组:ifcfg家族和正在发展的ip家族,目前ifcfg家族逐渐被淘汰,而ip命令家族逐渐深入人心。
ifcfg命令家族: ifconfig, route, netstat
ifconfig命令:接口及地址查看和管理
ifconfig [options] [INTERFACE]
ifconfig -a:显示所有接口,包括inactive状态的接口;
ifconfig -s:显示所有接口简短信息列表,仅仅包括流量,不包括地址信息;
示例:
# ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 629199 0 314 0 62426 0 0 0 BMRU
eno33554 1500 134267 0 314 0 10 0 0 0 BMRU
lo 65536 16 0 0 0 16 0 0 0 LRU
ifconfig interface options | address ...
ifconfig IFACE IP/MASK [up|down]:配置网卡地址
ifconfig IFACE IP netmask NETMASK:配置网卡地址
options:[-]promisc [取消]启用混杂模式;
注意:立即送往内核中的TCP/IP协议栈,并生效;
管理IPv6地址:
add addr/prefixlen
del addr/prefixlen
示例:
# ifconfig eno33554960 192.168.10.100/24 up
# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe32:aee2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:32:ae:e2 txqueuelen 1000 (Ethernet)
RX packets 131385 bytes 15129620 (14.4 MiB)
RX errors 0 dropped 314 overruns 0 frame 0
TX packets 9 bytes 698 (698.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
route命令:路由查看及管理
路由条目类型:
主机路由:目标地址为单个IP;
网络路由:目标地址为IP网络;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0
查看路由:
route -n
示例:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0
说明:(第一个条目0.0.0.0指不需要路由本地网络)
添加路由:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If] #下一跳地址
示例:
# route add -net 10.0.0.0/8 gw 192.168.10.1 dev eth1
# route add -net 0.0.0.0/0.0.0.0 gw 192.168.10.1
# route add default gw 192.168.10.1
注意:这里的 -net 必须要符合掩码的条件: 10.10.0.0/8 是不对的,10.10.0.0/16是对的。
删除路由:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
示例:
# route del -net 10.0.0.0/8 gw 192.168.10.1
# route del default #删除默认网关
netstat命令:
显示网络连接, 路由表, 网卡统计, 伪装链接,多播关系;
显示路由表:netstat -rn
-r:显示内核路由表
-n:数字格式
# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eno16777736
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eno16777736
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U]轻量级udp [--sctp|-S]高级流控链接 [--raw|-w]裸套接字链接 [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t:TCP协议的相关连接,连接均有其状态;FSM(Finate State Machine);
-u:UDP相关的连接
-w:raw socket相关的连接
-l:处于监听状态的连接
-a:所有listening or 非listening的状态,对于TCP 意味着显示 established链接;
-n:以数字格式显示IP和Port;
-e:扩展格式,会显示用户和socket的套接字文件的inode号码
-p:显示相关的进程及PID;
常用组合:
-tan:显示tcp所有状态连接,且不解析网络主机名
-uan:显示所有状态udp连接,且不解析网络主机名
-tnl:显示tcp监听状态连接,且不解析网络主机名
-unl:显示udp监听状态连接,且不解析网络主机名
-tunlp:显示tcp、udp监听状态连接,且不解析网络主机名,显示对应程序
显示接口的统计数据:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
所有接口:netstat -i #显示所有端口
示例:
# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 907131 0 653 0 64269 0 0 0 BMRU
eno33554 1500 149827 0 328 0 20 0 0 0 BMRU
lo 65536 24 0 0 0 24 0 0 0 LRU
指定接口:netstat -I<IFace> #netstat -Ieno16777736 #不加空格。
示例:
# netstat -Ieno33554960
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno33554 1500 150411 0 328 0 20 0 0 0 BMRU
## ifup/ifdown命令:
注意:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;文件不存在就不能用该命令来启动或关闭文件。
示例:
# ifup eno16777736
配置主机名:
hostname命令:
查看:hostname
配置:hostname HOSTNAME
说明:当前系统有效,重启后无效;
hostnamectl命令(CentOS 7):
hostnamectl status:显示当前主机名信息;
hostnamectl set-hostname:设定主机名,永久有效;
配置文件配置
/etc/sysconfig/network
HOSTNAME=<HOSTNAME>
注意:此方法的设置不会立即生效; 但以后会一直有效;
# hostnamectl status
Static hostname: centos7.1
Pretty hostname: CentOS7.1
Icon name: computer-vm
Chassis: vm
Machine ID: f64f1e109e764c4ba7f0e1142abb599d
Boot ID: edbdacdc65b142c1b142fb45f58cc47f
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
iproute家族
ip命令:show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns }
注意: OBJECT可简写,各OBJECT的子命令也可简写;
ip OBJECT:
1.ip link: network device configuration
ip link help - 显示简要使用帮助;
ip link [dev] NAME set [options] -设置网卡硬件二层属性,用途不是很广泛
[dev] NAME (default):指明要管理的设备,dev关键字可省略;
options:
up和down:开启或关闭
multicast on或multicast off:启用或禁用多播功能;
name NAME:重命名接口
mtu NUMBER:设置MTU的大小,默认为1500;
示例:
# ip link set eth1 up # 设置硬件属性启动、关闭。
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:32:ae:e2 brd ff:ff:ff:ff:ff:ff
# ip link show # display device attributes 二层设备属性,不显示ip属性
2.ip netns PID:
ip netns: - manage network namespaces.ns为namespace,用于将接口移动到指定的网络名称空间,
ip netns list:列出所有的netns
ip netns add NAME:创建指定的netns
ip netns del NAME:删除指定的netns
ip netns exec NAME COMMAND:在指定的netns中运行命令
示例:
# ip netns add myspace
# ip netns
3.ip address - protocol address management.
ip address help - 查询命令帮助
ip address add - add new protocol address
ip addr add IFADDR dev IFACE [label NAME] [broadcast ADDRESS] [scope SCOPE_VALUE]
[label NAME]:为额外添加的地址指明接口别名;
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
SCOPE_VALUE global:全局可用;
link:接口可用;不用于通信,别人ping不通
host:仅本机可用;仅主机可用
对照: ifconfig 192.168.10.100/24 eno33554960 up
ip addr add 192.168.10.100/24 dev eno33594960
示例:
# ip addr add 192.168.10.100/24 dev eth1
ip addr add 192.168.10.101/24 dev eth1 #可以在同网段设置第二地址
# ip addr add 10.0.0.100/24 dev eth1 #还可以添加其他地址,还有同网段地址那么还可以有该网段的第二地址,没有设置别名那么不会在ip a中显示出来,也不能再配置
# ip add add 10.1.1.10/24 dev eth1 label eth1:0 # 在ip addr 里面可以显示并配置
ip address delete - delete protocol address
ip addr delete IFADDR dev IFACE #用法通add
示例:
# ip addr delete 192.168.10.100/24 dev eth1
# ip addr delete 192.168.10.100/24 dev eth1 label eth1:0
ip address list [IFACE]:显示接口的地址;
# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
ip address flush - flush protocol addresses
ip addr flush dev IFACE
示例:
# ip addr flush dev eth1
4.ip route - routing table management
ip route add PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
# ip route add 10.0.0.0/8 via 192.168.10.1
# ip route list
default via 172.18.0.1 dev eno16777736
default via 172.18.0.1 dev eno16777736 proto static metric 100
10.0.0.0/8 via 192.168.10.1 dev eno33554960
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.10.0/24 dev eno33554960 proto kernel scope link src 192.168.10.100
# ip route add default via GWip route delete - delete route
# ip route delete 10.0.0.0/8
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ip route show - list routes
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ip route flush - flush routing tables
# ip route flush 10/8
# ip route flush
ip route get - get a single route
ip route get TYPE PRIFIX
示例:ip route get 192.168.0.0/24
# ip route flush 10.10/16
# ip route show
default via 172.18.0.1 dev eno16777736 proto static metric 100
172.18.0.0/16 dev eno16777736 proto kernel scope link src 172.18.29.100 metric 100
192.168.100.0/24 dev eno33554960 proto kernel scope link src 192.168.100.100
ss命令:
ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:查看socket的内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
TCP FSM:TCP有限状态机
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:分手要照片阶段
FIN_WAIT_2:分手等待确认
SYN_SENT:已发送同步
SYN_RECV:
CLOSED:
EXPRESSION:
dport =
sport =
示例:'( dport = :22 or sport = :22)'
# ss -tan '( dport = :22 or sport = :22 )'
# ss -tan state ESTABLISHED
# ss -tan state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 172.18.29.100:22 172.18.29.1:51904
# ss -tunp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp ESTAB 0 52 172.18.29.100:22 172.18.29.1:55291
修改配置文件
IP与二层属性配置文件
IP/NETMASK/GW/DNS等属性的配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE #IFACE:接口名称;
路由的相关配置文件:/etc/sysconfig/network-scripts/route-IFACE
配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通过大量参数来定义接口的属性;其可通过vim等文本编辑器直接修改,也可以使用专用的命令的进行修改(CentOS 6:system-config-network (更简单的可以直接使用setup),CentOS 7: nmtui)
ifcfg-IFACE配置文件参数:
DEVICE:此配置文件对应的设备的名称;与文件IFACE相同
ONBOOT:在系统引导过程中,是否激活此接口;
UUID:此设备的惟一标识;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp、bootp、static、none;
TYPE:接口类型,常见的有Ethernet, Bridge;
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子网掩码;CentOS 7支持使用PREFIX以长度方式指明子网掩码;
GATEWAY:默认网关;
USERCTL:是否允许普通用户控制此设备;
PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向覆盖本地手动指定的DNS服务器指向;默认为允许;
HWADDR:设备的MAC地址;复制的就删除就可以了
NM_CONTROLLED:是否使用NetworkManager服务来控制接口;centOS6因为该软件不完善会影响业务所以建议no。
网络服务:
network
NetworkManager
管理网络服务:
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之后,如果要生效,需要重启网络服务;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
路由配置文件
用到非默认网关路由:/etc/sysconfig/network-scripts/route-IFACE
支持两种配置方式,但不可混用;
1.每行一个路由条目:
TARGET via GW
# cat /etc/sysconfig/network-scripts/route-eno33554960
10.0.0.0/8 via 192.168.100.1
# service network restart
Restarting network (via systemctl): [ 确定 ]
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.18.0.1 0.0.0.0 UG 100 0 0 eno16777736
0.0.0.0 192.168.100.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.100.1 255.0.0.0 UG 100 0 0 eno33554960
172.18.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736
172.18.0.0 0.0.0.0 255.255.0.0 U 101 0 0 eno33554960 192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554960
2.每三行一个路由条目:
ADDRESS#=TARGET # “#”为号码
NETMASK#=MASK
GATEWAY#=NEXTHOP
# cat /etc/sysconfig/network-scripts/route-eno33554960
ADDRESS0=10.0.0.0
NETMASK0=255.0.0.0
GATEWAY0=192.168.100.1
ADDRESS1=20.0.0.0
NETMASK1=255.0.0.0
GATEWAY1=192.168.100.2
给接口配置多个地址:ip addr之外,ifconfig或配置文件都可以;
(1) ifconfig IFACE_LABEL IPADDR/NETMASK
IFACE_LABEL: eth0:0, eth0:1, ...
(2) 为别名添加配置文件;
DEVICE=IFACE_LABEL
BOOTPROTO:网上别名不支持DHCP/bootp协议;
static, none
# cat /etc/sysconfig/network-scripts/ifcfg-eno33554960:0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eno33554960
UUID=d14954ef-3b01-4118-92a2-e71d8dc796c6
DEVICE=eno33554960:0
ONBOOT=yes
IPADDR=192.168.20.100
NETMASK=255.255.255.0
GATEWAY=192.168.20.1
# ifconfig eno33554960:0
eno33554960:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.100 netmask 255.255.255.0 broadcast 192.168.20.255
ether 00:0c:29:32:ae:e2 txqueuelen 1000 (Ethernet)
其他网络命令
nmcli命令
nmcli [ OPTIONS ] OBJECT { COMMAND | help } device - show and manage network interfaces
OBJECT:device/connection
device COMMAND := { status | show | connect | disconnect | delete | wifi | wimax}connection - start, stop, and manage network connections
connection COMMAND := { show | up | down | add | edit | modify | delete | reload | load } modify [ id | uuid | path ] <ID> [+|-]<setting>.<property> <value>
如何修改IP地址等属性:
nmcli conn modify IFACE [+|-]setting.property value
ipv4.address
ipv4.gateway
ipv4.dns1
ipv4.method
# nmcli device status eno33554960 未知参数:eno33554960 设备 类型 状态 CONNECTION eno16777736 ethernet 连接的 eno16777736 eno33554960 ethernet 连接的 eno33554960 lo loopback 未管理 --
# nmcli connection show eno33554960 connection.id: eno33554960 connection.uuid: 626a0ba4-ddf0-4ddf-a06d-2892a779aec9 connection.interface-name: eno33554960 connection.type: 802-3-ethernet connection.autoconnect: no connection.autoconnect-priority: 0 connection.timestamp: 1459117894
# nmcli conn modify eno33554960 -ipv4.address 192.168.10.100/24 # ip addr list eno33554960 3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:32:ae:e2 brd ff:ff:ff:ff:ff:ff inet 192.168.10.100/24 scope global eno33554960 valid_lft forever preferred_lft forever
最后还有CentOS6中配置命令setup 等文字图形界面要重启服务,配置与window近似,不做计较。