目录
- IP地址分类
- 如何将Linux主机接入到网络中
- 网络接口的命名方式
- ifcfg系列命令
- 如何配置主机名
- 如何配置DNS服务器指向
- iproute2系列命令
- Linux管理网络服务
- 永久生效配置路由条目
- 如何为接口配置多个IP地址
19.1、IP地址分类
IP地址分为5类,A,B,C,D,E,其中D和E在工作中不会使用;
19.1.1、A类地址
第一段为网络号,后三段为主机号;
有效的网络号:0 000 0000 - 0 111 1111 = 1 -127
网络数量:126个,127被用作回环地址;
每个网络中的主机数量:2^24-2,减去全为0和全为1的;
默认子网掩码:255.0.0.0, /8;子网掩码用于与IP地址按位进行与运算,从而取出其网络地址;
私网地址:10.0.0.0/255.0.0.0
19.1.2、B类地址
前两段为网络号,后两段为主机号;
有效的网络号:10 00 0000 - 10 11 1111 = 128-191
网络数量:2^14
每个网络中的主机数量:2^16-2
默认子网掩码:255.255.0.0, /16;
私网地址:172.16.0.0 - 172.31.0.0
19.1.3、C类地址
前三段为网络号,最后一段为主机号;
有效的网络号:110 0 0000 - 110 1 1111 = 192-223;
网络数量:2^21
每个网络中的主机数量:2^8-2;
默认子网掩码:255.255.255.0 , /24 ;
19.1.4、D类地址
1110 0000 - 1110 1111 = 224-239
19.1.5、E类地址
240-255
注意:IP地址中主机位全为1的表示广播地址;主机位全为0的表示网络地址;
19.2、配置Linux主机接入网络
- 本地通信:配置IP/NETMASK
- 跨网络通信:配置路由(网关);
- 基于主机名通信:配置DNS服务器地址,Linux系统可以配置三个DNS指向;
19.2.1、配置方式
静态指定
命令方式:
- ifcfg系列:
ifconfig:配置IP,子网掩码;
route:配置路由;
netstat:状态及统计数据查看工具;
- iproute2系列:
ip OBJECT:
addr:地址和掩码
route:路由
link:接口
-
Centos7专用:
nmcli(命令行工具)
nmtui(图形化工具)
配置文件方式:redhat及相关发行版
# 网络配置
/etc/sysconfig/network-scripts/ifcfg-NETCARD_NAME
# DNS配置
/etc/resolv.conf
# 主机名配置
hostname
配置文件:/etc/sysconfig/network
CentOS7系统:hostnamectl命令
动态分配
依赖于本地网络中有DHCP服务。
19.3、网络接口命名方式
19.3.1、传统命名
以太网:ethX,例如:eth0, eth1, ...
ppp网络:pptX,例如:ppp0, ppp1, ...
19.3.2、可预测命名方案(CentOS7)
支持多种不同命名机制,firmware拓扑结构;
(1)如果firmware或bios为主板上即成的设备提供的索引信息可用,则根据此索引进行命名,如,eno1,eno2, ...
(2)如果firmware或bios为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此信息进行命名,如ens1, ens2, ...
(3)如果硬件接口的物理位置信息可用,则根据此信息命名,如enp2s0,...
(4)如果用户显示定义,也可根据MAC地址命名,例如:enx122161ab2e10,...
命名格式组成:
en: ethernet
wl: wlan
ww: wwan
# 名称类型
o<index>:集成设备的设备索引号;
s<slot>:扩展槽的索引号;
x<MAC>:基于Mac地址的命名;
p<bus>s<slot>:基于总线及槽的拓扑结构进行命名;
19.4、ifconfig命令
19.4.1、查看接口地址
使用格式
ifconfig [INFACE]
[INFACE]:表示网卡接口名称;
示例
[root@bj-1-141-enzhi ~]# ifconfig eno16777728
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.141 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7a1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:a1 txqueuelen 1000 (Ethernet)
RX packets 328657 bytes 68091806 (64.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 169435 bytes 22070755 (21.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
19.4.2、管理IP地址
使用格式
ifconfig INTERFACE IP/MASK [up]
ifconfig INTERFACE IP netmask NETMASK [up]
示例
[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.100/24 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7ab prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
RX packets 120 bytes 9113 (8.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 3302 (3.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.188 netmask 255.255.255.0 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.188 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7ab prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
RX packets 313 bytes 24954 (24.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 11674 (11.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
注意:ifconfig命令会立即将配置送往内核中,并立即生效;重启后无效;
19.5、route命令
功用:路由查看和管理
19.5.1、路由条目类型
- 主机路由:目标地址为单个IP;
- 网络路由:目标地址为IP网络;
- 默认路由:目标为任意网络,0.0.0.0/0.0.0.0;
19.5.2、查看路由条目
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
19.5.3、添加路由条目
使用格式
route add [-net | -host] target [netmask Nm] [gw Gw] [[dev] If]
示例
练习1、添加目标地址为172.16.100.7的主机路由;
[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7 dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 0.0.0.0 255.255.255.255 UH 0 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
# 或者
[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7 gw 192.168.1.122
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
练习2:添加目标地址网络为10.0.0.0/8的网络路由条目;
[root@bj-1-141-enzhi ~]# route add -net 10.0.0.0/8 gw 192.168.1.122 dev eno33554960
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
练习3、添加默认路由
[root@bj-1-141-enzhi ~]# route add default gw 192.168.1.141 dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
15.4、删除路由条目
使用格式
route del [-net | -host] target [gw Gw] [netmask Nm] [[dev] If]
示例
# 删除主机路由
[root@bj-1-141-enzhi ~]# route del -host 172.16.100.7
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
# 删除网络路由
[root@bj-1-141-enzhi ~]# route del -net 10.0.0.0/8
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
19.6、netstat命令
netstat命令用于显示网络相关信息,如网络连接,路由表,接口状态等;
19.6.1、显示路由信息
使用格式
netstat -rn
-r:显示路由表
-n:数字格式显示
示例
[root@bj-1-141-enzhi ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554960
19.6.2、显示网络连接
使用格式
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
常用选项
-t:显示tcp协议相关的连接;
-u:显示udp协议相关的连接;
-w:raw socket相关的连接;
-l:显示处于监听状态的连接;
-a:显示所有状态的连接;
-n:以数字格式显示ip和port;
-e:扩展格式;
-p:显示相关进程PID;
示例
练习1、查看所有tcp协议处于监听状态的连接;
[root@bj-1-141-enzhi ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1055/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2153/master
tcp6 0 0 :::22 :::* LISTEN 1055/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2153/master
练习2、显示tcp协议相关所有状态的连接信息;
[root@bj-1-141-enzhi ~]# netstat -tanlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1055/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2153/master
tcp 0 0 192.168.1.141:22 192.168.1.106:2889 ESTABLISHED 2397/sshd: root@pts
tcp 0 0 192.168.1.141:22 192.168.1.106:2960 ESTABLISHED 3332/sshd: root@pts
tcp 0 0 192.168.1.141:22 192.168.1.121:50362 ESTABLISHED 2193/sshd: root@pts
tcp 0 36 192.168.1.141:22 192.168.1.121:50471 ESTABLISHED 2851/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1055/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2153/master
19.6.3、显示接口的统计数据
使用格式
netstat -i:显示所有接口的信息;
netstat -I<IFACE>:显示指定接口的信息;
示例
[root@bj-1-141-enzhi ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9868 0 0 0 5115 0 0 0 BMRU
eno33554 1500 6283 0 0 0 411 0 0 0 BMRU
lo 65536 1292 0 0 0 1292 0 0 0 LRU
[root@bj-1-141-enzhi ~]# netstat -I
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9890 0 0 0 5127 0 0 0 BMRU
eno33554 1500 6284 0 0 0 411 0 0 0 BMRU
lo 65536 1292 0 0 0 1292 0 0 0 LRU
[root@bj-1-141-enzhi ~]# netstat -Ieno16777728
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9914 0 0 0 5140 0 0 0 BMRU
19.7、ifup和ifdown命令
使用格式
ifup IFACE:启用接口
ifdown IFACE:禁用接口
注意:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE,来识别接口并完成配置;
示例
[root@bj-1-141-enzhi ~]# ifdown eno33554960
[root@bj-1-141-enzhi ~]# ifup eno33554960
19.8、Linux主机名配置
19.8.1、hostname命令
查看主机名
hostname
配置主机名
hostname HOSTNAME
# 当前有效,重启无效;
示例
[root@bj-1-141-enzhi ~]# hostname
bj-1-141-enzhi.com
[root@bj-1-141-enzhi ~]# hostname node1.enzhi.com
[root@bj-1-141-enzhi ~]# hostname
node1.enzhi.com
19.8.2、hostnamectl命令
此命令仅使用于centos7系统;
使用格式
hostnamectl [OPTIONS...] {COMMAND}
常用选项
status:查看当前主机名设定
set-hostname HOSTNAME:设定主机名,永久有效;
查看当前主机名设定
[root@bj-1-141-enzhi ~]# hostnamectl status
Static hostname: bj-1-141-enzhi.com
Pretty hostname: BJ-1-141-enzhi.com
Transient hostname: node1.enzhi.com
Icon name: computer-vm
Chassis: vm
Machine ID: e8db53fed0a04615b1f91697eb5c58f0
Boot ID: 13ec2f519021428b881660f97fe6c766
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
设定主机名
[root@bj-1-141-enzhi ~]# hostnamectl set-hostname bj-1-141.enzhi.com
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141-enzhi ~]# hostnamectl status
Static hostname: bj-1-141.enzhi.com
Icon name: computer-vm
Chassis: vm
Machine ID: e8db53fed0a04615b1f91697eb5c58f0
Boot ID: 13ec2f519021428b881660f97fe6c766
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
19.8.3、配置文件修改主机名
配置文件:/etc/sysconfig/network
配置文件格式
HOSTNAME=bj-1-141.enzhi.com
注意:此方法不是立即生效,重启后一直有效;
19.9、配置DNS服务器指向
配置文件:/etc/resolv.conf
文件格式
nameserver DNS_SERVER_IP
示例
[root@bj-1-141-enzhi ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search enzhi.com
nameserver 192.168.1.1
nameserver 8.8.8.8
如何测试
测试dns配置能否解析可使用:host, nslookup, dig三种命令的其中一种;如果系统没有安装三种命令,则使用yum -y install bind-utils,即可;
示例
[root@bj-1-141-enzhi ~]# yum -y install bind-utils
[root@bj-1-141-enzhi ~]# rpm -ql bind-utils
/etc/trusted-key.key
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
# 使用dig与nslookup解析百度域名
[root@bj-1-141-enzhi ~]# dig -t A www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30987
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 208 IN CNAME www.a.shifen.com.
www.a.shifen.com. 68 IN A 119.75.218.70
www.a.shifen.com. 68 IN A 119.75.217.109
;; AUTHORITY SECTION:
a.shifen.com. 361 IN NS ns1.a.shifen.com.
a.shifen.com. 361 IN NS ns3.a.shifen.com.
a.shifen.com. 361 IN NS ns5.a.shifen.com.
a.shifen.com. 361 IN NS ns4.a.shifen.com.
a.shifen.com. 361 IN NS ns2.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 395 IN A 61.135.165.224
ns2.a.shifen.com. 416 IN A 180.149.133.241
ns3.a.shifen.com. 395 IN A 61.135.162.215
ns4.a.shifen.com. 368 IN A 115.239.210.176
ns5.a.shifen.com. 67 IN A 119.75.222.17
;; Query time: 22 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: 日 1月 01 21:54:46 CST 2017
;; MSG SIZE rcvd: 271
[root@bj-1-141-enzhi ~]# nslookup www.baidu.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 119.75.217.109
Name: www.a.shifen.com
Address: 119.75.218.70
19.10、ip命令
功用:显示或控制路由设备,策略路由和隧道
使用格式
ip [ OPTIONS ] OBJECT { COMMAND | help }
常用OBJECT
OBJECT={link | addr | route | netns}
19.10.1、ip link
功用:网络设备配置
使用格式
ip link set
dev NAME(default):指明要管理的设备,dev关键字可省略;
up and down:启用或禁用设备;
multicast on or molticast off:启用或禁用多播功能;
name NAME:重命名接口;需要停止网络服务;
mtu NUMBER:设置MTU大小,默认1500;
使用示例
练习1、禁用设备或启用设备
# centos7
[root@bj-1-141-enzhi ~]# ip link set eno33554960 down
[root@bj-1-141-enzhi ~]# ip link set eno33554960 up
# centos6
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 up
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 down
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
练习2、禁用eth1网卡多播功能;
[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi ~]# ip link set eth1 multicast off
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
练习3、重命名接口名称
[root@bj-1-141 ~]# systemctl stop network.service
[root@bj-1-141 ~]# ip link set eno33554960 name eno33557788
[root@bj-1-141 ~]# systemctl start network.service
[root@bj-1-141 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.141/24 brd 192.168.1.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe68:7a1/64 scope link
valid_lft forever preferred_lft forever
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
19.10.2、ip netns
使用格式
ip netns list:列出所有的netns;
ip netns add NAME:添加一个名称空间;
ip link set INTERFACE netns netns_NAME:将指定的接口移动至指定名称空间中;
ip netns exec netns_NAME ip link show:查看名称空间中的设备信息;
ip netns del netns_NAME:删除指定名称空间;
示例
练习1、在eno33557788接口添加一个名称空间,名为mynetns;
[root@bj-1-141 ~]# ip netns add mynetns
[root@bj-1-141 ~]# ip netns list
mynetns
练习2、将eno33557788接口移动至mynetns名称空间;
[root@bj-1-141 ~]# ip link set eno33557788 netns mynetns
练习3、查看mynetns名称空间中的设备信息;
[root@bj-1-141 ~]# ip netns exec mynetns ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
练习4、删除mynetns名称空间
[root@bj-1-141 ~]# ip netns del mynetns
19.10.3、ip address
添加接口IP地址
ip addr add IFADDR dev IFACE [label NAME] [broadcast ADDRESS]
[label NAME]:为额外添加的地址指明接口名;例如:eno33554960:0, eth0:0
[broadcast ADDRESS]:广播地址;会根据ip和netmask自动计算得出;
示例:添加eno33554960:0接口地址为192.168.1.123/24
[root@bj-1-141 ~]# ip addr add 192.168.1.123/24 dev eno33554960 label eno33554960:0
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141 ~]# ifconfig eno33554960:0
eno33554960:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.123 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
删除接口IP地址
ip addr del IFADDR dev IFACE
示例:删除192.168.1.123/24,接口为eno33554960:0
[root@bj-1-141 ~]# ip addr del 192.168.1.123/24 dev eno33554960:0
显示接口信息
使用格式:
ip addr show [IFACE]
[IFACE]:显示指定接口的IP地址;例如:ip addr show eno33554960
# 注意:默认显示所有接口信息
示例:显示eno33554960的详细信息;
[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic eno33554960
valid_lft 5990sec preferred_lft 5990sec
inet6 fe80::20c:29ff:fe68:7ab/64 scope link
valid_lft forever preferred_lft forever
清空接口上所有地址
使用格式:
ip addr flush dev IFACE
示例:清空eno33554960接口所有地址;
[root@bj-1-141 ~]# ip addr flush dev eno33554960
[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
19.10.4、ip route
功用:路由管理
添加路由条目
使用格式:
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
TYPE PREFIX:表示目标地址;
via:关键字;后面跟上下一跳地址;
GW:表示网关地址;
[dev IFACE]:指定接口;例如:dev eno33554960, dev eth0
[src SOURCE_IP]:当接口上有多个IP地址时,指定到达目标网络从哪个IP地址发数据;
示例:
练习1、添加目标地址为172.16.100.7的主机路由,网关地址为192.168.1.141;接口为eno16777728;
[root@bj-1-141 ~]# ip route add 172.16.100.7 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
练习2、添加目标网络地址为10.0.0.0/8的网络路由,下一跳为192.168.1.141,接口为eno16777728;
[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
10.0.0.0/8 via 192.168.1.141 dev eno16777728
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
删除路由条目
使用格式:
ip route del TYPE PREFIX
示例:删除主机路由172.16.100.7;删除目标网络为10.0.0.8/8的网络路由条目;
[root@bj-1-141 ~]# ip route del 172.16.100.7 dev eno16777728
[root@bj-1-141 ~]# ip route del 10.0.0.0/8 dev eno16777728
获取路由条目创建信息
使用格式:
ip route get TYPE PREFIX
示例:添加一个网络路由,并获取详细信息;
[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route get 10.0.0.0/8
10.0.0.0 dev eno16777728 src 192.168.1.141
cache
19.11、ss命令
功用:与netstat命令类似,都是获取其网络连接状态信息;可使用FILTER过滤其指定的信息;
使用格式
ss [OPTIONS] [FILTER]
常用选项
-t:tcp协议相关的连接;
-u:udp协议相关的连接;
-w:raw socket相关的连接;
-l:监听状态的连接;
-a:所有状态的连接;
-n:数字格式显示;
-p:相关的程序及PID;
-e:扩展格式信息;
-m:内存用量;
-o:计时器信息;
[FILTER]= [ state TCP-STATE ] [EXPRESSION]
EXPRESSION:
dport=
sport=
TCP的常见状态
LISTEN
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
示例:
练习1、显示所有tcp协议相关的信息;
[root@bj-1-141 ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1055,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=2153,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1055,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=2153,fd=14))
练习2、显示tcp协议相关的所有状态信息;
[root@bj-1-141 ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 36 192.168.1.141:22 192.168.1.121:49896
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
练习3、显示tcp协议相关的所有信息,但只显示原端口与目标端口为22的连接状态;
[root@bj-1-160-enzhi ~]# ss -tan '( dport = :22 or sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
ESTAB 0 0 192.168.1.160:22 192.168.1.121:49824
练习4、查看tcp协议相关的连接信息中状态为ESTABLISHED的所有信息;
[root@bj-1-160-enzhi ~]# ss -tanl state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 40 192.168.1.160:22 192.168.1.121:49824
0 0 192.168.1.160:22 192.168.1.121:50398
19.12、通过配置文件配置网络属性
-
IP/DNS/GATEWAY相关等配置文件;
/etc/sysconfig/network-scripts/ifcfg-IFACE -
路由相关的配置文件
/etc/sysconfig/network-scripts/route-IFACE
19.12.1、文件配置IP/DNS/GATEWAY等信息
配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE;通过大量参数来定义接口的属性,其可通过vim等文本编辑器直接修改,也可以使用专用的命令进行修改;centos6:setup命令,centos7:nmtui命令;
Ifcfg-IFACE配置文件参数
DEVICE=:此配置文件对应的设备的名称;
ONBOOT=:在系统引导过程中是否激活此接口;
UUID=:此设备的唯一标识,可不写;
BOOTPROTO=:激活此接口时使用什么协议来配置接口属性,常用的有dhcp,bootp,static,none;
TYPE=Ethernet:指明接口类型,常见的有,Ethernet;
DNS1=:主DNS服务器指向;
DNS2=:备用DNS服务器指向;
DOMAIN=:搜索域;
IPADDR=:本机的IP地址;
NETMASK=:子网掩码,
GATEWAY=:默认网关地址;
USERCTL=:是否允许普通用户控制此设备;
PEERDNS=:如果BOOTPROTO的值为dhcp,是否允许dhcp server,分配的dns服务器指向覆盖本地手动指向的dns服务器,默认允许;
HWADDR=:硬件设备的Mac地址;可以不写;
NM_CONTROLLED=yes:是否使用network manager 服务来控制接口;
配置示例
[root@bj-1-160-enzhi network-scripts]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.161
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# 保存退出并重启网络服务
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.161 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:932 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:96196 (93.9 KiB) TX bytes:1764 (1.7 KiB)
19.12.2、网络服务管理
使用格式
CentOS6:service SERVICE {start|stop|restart|status|reload}
CentOS7:systemctl {start|stop|restart|status|reload} SERVICE.service
注意:使用配置文件方式修改网络属性后,如果要生效,需要重启网络服务;
CentOS6:service restart network
CentOS7:systemctl restart network.service
19.12.3、配置文件定义永久生效路由
配置文件
/etc/sysconfig/network-scripts/route-IFACE
配置文件格式
支持两种配置方式,但是不可以混用;
第一种方式:每行一个路由条目
TARGET via GW
TARGET:目标地址;
via:关键字
GW:下一跳地址;
示例:
练习1、添加一条主机路由条目,目标主机地址为172.16.100.7,下一跳地址为192.168.1.141;
# CentOS7 配置方式
[root@bj-1-141 network-scripts]# vim route-eno16777728
172.16.100.7 via 192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
default via 192.168.1.1 dev eno33554960 proto static metric 101
169.254.0.0/16 dev eno33554960 scope link metric 1003
172.16.100.7 via 192.168.1.141 dev eno16777728 proto static metric 100
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
192.168.1.0/24 dev eno33554960 proto kernel scope link src 192.168.1.122 metric 101
# CentOS6配置方式
[root@bj-1-160-enzhi network-scripts]# cat route-eth1
10.0.0.0/8 via 192.168.1.161
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ip route show
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.160
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.161
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
10.0.0.0/8 via 192.168.1.161 dev eth1
default via 192.168.1.1 dev eth0
第二种方式:每三行一个路由条目
ADDRESS#=TARGET(目标地址)
NETMASK#=MASK(子网掩码)
GATEWAY#=NEXTHOP(下一跳)
示例:
练习1、添加一条网络路由,目标网络地址为172.16.0.0/16,下一跳为192.168.1.141;
[root@bj-1-141 network-scripts]# cat route-eno16777728
ADDRESS0=172.16.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
default via 192.168.1.1 dev eno33554960 proto static metric 101
169.254.0.0/16 dev eno33554960 scope link metric 1003
172.16.0.0/16 via 192.168.1.141 dev eno16777728 proto static metric 100
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
192.168.1.0/24 dev eno33554960 proto kernel scope link src 192.168.1.122 metric 101
19.12.4、配置文件给接口配置多个IP地址永久生效
注意:网卡别名不支持动态获取地址;
配置方式
复制要添加多个接口的网卡配置文件;而后修改其DEVICE名称及删除UUID;
示例
练习1、为eth1接口配置网卡别名为eth1:0,其IP地址为192.168.1.188/24,网关为192.168.1.1;
# 第一步:复制eth1到eth1:0
[root@bj-1-160-enzhi network-scripts]# cp ifcfg-eth1 ifcfg-eth1:0
# 第二步:修改其内容
[root@bj-1-160-enzhi network-scripts]# vim ifcfg-eth1:0
DEVICE=eth1:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.188
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# 第三步:重启网络服务查看eth1:0信息
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
Determining if ip address 192.168.1.188 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:18:EC:38
inet addr:192.168.1.160 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4041 errors:0 dropped:0 overruns:0 frame:0
TX packets:2376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:404252 (394.7 KiB) TX bytes:284678 (278.0 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.161 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:1168 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:130676 (127.6 KiB) TX bytes:4020 (3.9 KiB)
eth1:0 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.188 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1500 Metric:1