目錄
- IP地址分類
- 如何將Linux主機接入到網絡中
- 網絡接口的命名方式
- ifcfg系列命令
- 如何配置主機名
- 如何配置DNS服務器指向
- iproute2系列命令
- Linux管理網絡服務
- 永久生效配置路由條目
- 如何為接口配置多個IP地址
19.1、IP地址分類
IP地址分為5類,A,B,C,D,E,其中D和E在工作中不會使用;
19.1.1、A類地址
第一段為網絡號,后三段為主機號;
有效的網絡號:0 000 0000 - 0 111 1111 = 1 -127
網絡數量:126個,127被用作回環地址;
每個網絡中的主機數量:2^24-2,減去全為0和全為1的;
默認子網掩碼:255.0.0.0, /8;子網掩碼用於與IP地址按位進行與運算,從而取出其網絡地址;
私網地址:10.0.0.0/255.0.0.0
19.1.2、B類地址
前兩段為網絡號,后兩段為主機號;
有效的網絡號:10 00 0000 - 10 11 1111 = 128-191
網絡數量:2^14
每個網絡中的主機數量:2^16-2
默認子網掩碼:255.255.0.0, /16;
私網地址:172.16.0.0 - 172.31.0.0
19.1.3、C類地址
前三段為網絡號,最后一段為主機號;
有效的網絡號:110 0 0000 - 110 1 1111 = 192-223;
網絡數量:2^21
每個網絡中的主機數量:2^8-2;
默認子網掩碼:255.255.255.0 , /24 ;
19.1.4、D類地址
1110 0000 - 1110 1111 = 224-239
19.1.5、E類地址
240-255
注意:IP地址中主機位全為1的表示廣播地址;主機位全為0的表示網絡地址;
19.2、配置Linux主機接入網絡
- 本地通信:配置IP/NETMASK
- 跨網絡通信:配置路由(網關);
- 基於主機名通信:配置DNS服務器地址,Linux系統可以配置三個DNS指向;
19.2.1、配置方式
靜態指定
命令方式:
- ifcfg系列:
ifconfig:配置IP,子網掩碼;
route:配置路由;
netstat:狀態及統計數據查看工具;
- iproute2系列:
ip OBJECT:
addr:地址和掩碼
route:路由
link:接口
-
Centos7專用:
nmcli(命令行工具)
nmtui(圖形化工具)
配置文件方式:redhat及相關發行版
# 網絡配置
/etc/sysconfig/network-scripts/ifcfg-NETCARD_NAME
# DNS配置
/etc/resolv.conf
# 主機名配置
hostname
配置文件:/etc/sysconfig/network
CentOS7系統:hostnamectl命令
動態分配
依賴於本地網絡中有DHCP服務。
19.3、網絡接口命名方式
19.3.1、傳統命名
以太網:ethX,例如:eth0, eth1, ...
ppp網絡:pptX,例如:ppp0, ppp1, ...
19.3.2、可預測命名方案(CentOS7)
支持多種不同命名機制,firmware拓撲結構;
(1)如果firmware或bios為主板上即成的設備提供的索引信息可用,則根據此索引進行命名,如,eno1,eno2, ...
(2)如果firmware或bios為PCI-E擴展槽所提供的索引信息可用,且可預測,則根據此信息進行命名,如ens1, ens2, ...
(3)如果硬件接口的物理位置信息可用,則根據此信息命名,如enp2s0,...
(4)如果用戶顯示定義,也可根據MAC地址命名,例如:enx122161ab2e10,...
命名格式組成:
en: ethernet
wl: wlan
ww: wwan
# 名稱類型
o<index>:集成設備的設備索引號;
s<slot>:擴展槽的索引號;
x<MAC>:基於Mac地址的命名;
p<bus>s<slot>:基於總線及槽的拓撲結構進行命名;
19.4、ifconfig命令
19.4.1、查看接口地址
使用格式
ifconfig [INFACE]
[INFACE]:表示網卡接口名稱;
示例
[root@bj-1-141-enzhi ~]# ifconfig eno16777728
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.141 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7a1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:a1 txqueuelen 1000 (Ethernet)
RX packets 328657 bytes 68091806 (64.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 169435 bytes 22070755 (21.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
19.4.2、管理IP地址
使用格式
ifconfig INTERFACE IP/MASK [up]
ifconfig INTERFACE IP netmask NETMASK [up]
示例
[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.100/24 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7ab prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
RX packets 120 bytes 9113 (8.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 3302 (3.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.188 netmask 255.255.255.0 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.188 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fe68:7ab prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
RX packets 313 bytes 24954 (24.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 11674 (11.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
注意:ifconfig命令會立即將配置送往內核中,並立即生效;重啟后無效;
19.5、route命令
功用:路由查看和管理
19.5.1、路由條目類型
- 主機路由:目標地址為單個IP;
- 網絡路由:目標地址為IP網絡;
- 默認路由:目標為任意網絡,0.0.0.0/0.0.0.0;
19.5.2、查看路由條目
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
19.5.3、添加路由條目
使用格式
route add [-net | -host] target [netmask Nm] [gw Gw] [[dev] If]
示例
練習1、添加目標地址為172.16.100.7的主機路由;
[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7 dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 0.0.0.0 255.255.255.255 UH 0 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
# 或者
[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7 gw 192.168.1.122
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
練習2:添加目標地址網絡為10.0.0.0/8的網絡路由條目;
[root@bj-1-141-enzhi ~]# route add -net 10.0.0.0/8 gw 192.168.1.122 dev eno33554960
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 100 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
練習3、添加默認路由
[root@bj-1-141-enzhi ~]# route add default gw 192.168.1.141 dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
172.16.100.7 192.168.1.122 255.255.255.255 UGH 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
15.4、刪除路由條目
使用格式
route del [-net | -host] target [gw Gw] [netmask Nm] [[dev] If]
示例
# 刪除主機路由
[root@bj-1-141-enzhi ~]# route del -host 172.16.100.7
您在 /var/spool/mail/root 中有新郵件
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
10.0.0.0 192.168.1.122 255.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
# 刪除網絡路由
[root@bj-1-141-enzhi ~]# route del -net 10.0.0.0/8
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 101 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 eno33554960
19.6、netstat命令
netstat命令用於顯示網絡相關信息,如網絡連接,路由表,接口狀態等;
19.6.1、顯示路由信息
使用格式
netstat -rn
-r:顯示路由表
-n:數字格式顯示
示例
[root@bj-1-141-enzhi ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.141 0.0.0.0 UG 0 0 0 eno16777728
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno33554960
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eno33554960
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777728
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554960
19.6.2、顯示網絡連接
使用格式
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
常用選項
-t:顯示tcp協議相關的連接;
-u:顯示udp協議相關的連接;
-w:raw socket相關的連接;
-l:顯示處於監聽狀態的連接;
-a:顯示所有狀態的連接;
-n:以數字格式顯示ip和port;
-e:擴展格式;
-p:顯示相關進程PID;
示例
練習1、查看所有tcp協議處於監聽狀態的連接;
[root@bj-1-141-enzhi ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1055/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2153/master
tcp6 0 0 :::22 :::* LISTEN 1055/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2153/master
練習2、顯示tcp協議相關所有狀態的連接信息;
[root@bj-1-141-enzhi ~]# netstat -tanlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1055/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2153/master
tcp 0 0 192.168.1.141:22 192.168.1.106:2889 ESTABLISHED 2397/sshd: root@pts
tcp 0 0 192.168.1.141:22 192.168.1.106:2960 ESTABLISHED 3332/sshd: root@pts
tcp 0 0 192.168.1.141:22 192.168.1.121:50362 ESTABLISHED 2193/sshd: root@pts
tcp 0 36 192.168.1.141:22 192.168.1.121:50471 ESTABLISHED 2851/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1055/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2153/master
19.6.3、顯示接口的統計數據
使用格式
netstat -i:顯示所有接口的信息;
netstat -I<IFACE>:顯示指定接口的信息;
示例
[root@bj-1-141-enzhi ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9868 0 0 0 5115 0 0 0 BMRU
eno33554 1500 6283 0 0 0 411 0 0 0 BMRU
lo 65536 1292 0 0 0 1292 0 0 0 LRU
[root@bj-1-141-enzhi ~]# netstat -I
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9890 0 0 0 5127 0 0 0 BMRU
eno33554 1500 6284 0 0 0 411 0 0 0 BMRU
lo 65536 1292 0 0 0 1292 0 0 0 LRU
[root@bj-1-141-enzhi ~]# netstat -Ieno16777728
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777 1500 9914 0 0 0 5140 0 0 0 BMRU
19.7、ifup和ifdown命令
使用格式
ifup IFACE:啟用接口
ifdown IFACE:禁用接口
注意:通過配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE,來識別接口並完成配置;
示例
[root@bj-1-141-enzhi ~]# ifdown eno33554960
[root@bj-1-141-enzhi ~]# ifup eno33554960
19.8、Linux主機名配置
19.8.1、hostname命令
查看主機名
hostname
配置主機名
hostname HOSTNAME
# 當前有效,重啟無效;
示例
[root@bj-1-141-enzhi ~]# hostname
bj-1-141-enzhi.com
[root@bj-1-141-enzhi ~]# hostname node1.enzhi.com
[root@bj-1-141-enzhi ~]# hostname
node1.enzhi.com
19.8.2、hostnamectl命令
此命令僅使用於centos7系統;
使用格式
hostnamectl [OPTIONS...] {COMMAND}
常用選項
status:查看當前主機名設定
set-hostname HOSTNAME:設定主機名,永久有效;
查看當前主機名設定
[root@bj-1-141-enzhi ~]# hostnamectl status
Static hostname: bj-1-141-enzhi.com
Pretty hostname: BJ-1-141-enzhi.com
Transient hostname: node1.enzhi.com
Icon name: computer-vm
Chassis: vm
Machine ID: e8db53fed0a04615b1f91697eb5c58f0
Boot ID: 13ec2f519021428b881660f97fe6c766
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
設定主機名
[root@bj-1-141-enzhi ~]# hostnamectl set-hostname bj-1-141.enzhi.com
您在 /var/spool/mail/root 中有新郵件
[root@bj-1-141-enzhi ~]# hostnamectl status
Static hostname: bj-1-141.enzhi.com
Icon name: computer-vm
Chassis: vm
Machine ID: e8db53fed0a04615b1f91697eb5c58f0
Boot ID: 13ec2f519021428b881660f97fe6c766
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-327.el7.x86_64
Architecture: x86-64
19.8.3、配置文件修改主機名
配置文件:/etc/sysconfig/network
配置文件格式
HOSTNAME=bj-1-141.enzhi.com
注意:此方法不是立即生效,重啟后一直有效;
19.9、配置DNS服務器指向
配置文件:/etc/resolv.conf
文件格式
nameserver DNS_SERVER_IP
示例
[root@bj-1-141-enzhi ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search enzhi.com
nameserver 192.168.1.1
nameserver 8.8.8.8
如何測試
測試dns配置能否解析可使用:host, nslookup, dig三種命令的其中一種;如果系統沒有安裝三種命令,則使用yum -y install bind-utils,即可;
示例
[root@bj-1-141-enzhi ~]# yum -y install bind-utils
[root@bj-1-141-enzhi ~]# rpm -ql bind-utils
/etc/trusted-key.key
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
# 使用dig與nslookup解析百度域名
[root@bj-1-141-enzhi ~]# dig -t A www.baidu.com
; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30987
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 208 IN CNAME www.a.shifen.com.
www.a.shifen.com. 68 IN A 119.75.218.70
www.a.shifen.com. 68 IN A 119.75.217.109
;; AUTHORITY SECTION:
a.shifen.com. 361 IN NS ns1.a.shifen.com.
a.shifen.com. 361 IN NS ns3.a.shifen.com.
a.shifen.com. 361 IN NS ns5.a.shifen.com.
a.shifen.com. 361 IN NS ns4.a.shifen.com.
a.shifen.com. 361 IN NS ns2.a.shifen.com.
;; ADDITIONAL SECTION:
ns1.a.shifen.com. 395 IN A 61.135.165.224
ns2.a.shifen.com. 416 IN A 180.149.133.241
ns3.a.shifen.com. 395 IN A 61.135.162.215
ns4.a.shifen.com. 368 IN A 115.239.210.176
ns5.a.shifen.com. 67 IN A 119.75.222.17
;; Query time: 22 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: 日 1月 01 21:54:46 CST 2017
;; MSG SIZE rcvd: 271
[root@bj-1-141-enzhi ~]# nslookup www.baidu.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 119.75.217.109
Name: www.a.shifen.com
Address: 119.75.218.70
19.10、ip命令
功用:顯示或控制路由設備,策略路由和隧道
使用格式
ip [ OPTIONS ] OBJECT { COMMAND | help }
常用OBJECT
OBJECT={link | addr | route | netns}
19.10.1、ip link
功用:網絡設備配置
使用格式
ip link set
dev NAME(default):指明要管理的設備,dev關鍵字可省略;
up and down:啟用或禁用設備;
multicast on or molticast off:啟用或禁用多播功能;
name NAME:重命名接口;需要停止網絡服務;
mtu NUMBER:設置MTU大小,默認1500;
使用示例
練習1、禁用設備或啟用設備
# centos7
[root@bj-1-141-enzhi ~]# ip link set eno33554960 down
[root@bj-1-141-enzhi ~]# ip link set eno33554960 up
# centos6
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 up
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 down
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
練習2、禁用eth1網卡多播功能;
[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi ~]# ip link set eth1 multicast off
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe18:ec42/64 scope link
valid_lft forever preferred_lft forever
練習3、重命名接口名稱
[root@bj-1-141 ~]# systemctl stop network.service
[root@bj-1-141 ~]# ip link set eno33554960 name eno33557788
[root@bj-1-141 ~]# systemctl start network.service
[root@bj-1-141 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.141/24 brd 192.168.1.255 scope global eno16777728
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe68:7a1/64 scope link
valid_lft forever preferred_lft forever
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
19.10.2、ip netns
使用格式
ip netns list:列出所有的netns;
ip netns add NAME:添加一個名稱空間;
ip link set INTERFACE netns netns_NAME:將指定的接口移動至指定名稱空間中;
ip netns exec netns_NAME ip link show:查看名稱空間中的設備信息;
ip netns del netns_NAME:刪除指定名稱空間;
示例
練習1、在eno33557788接口添加一個名稱空間,名為mynetns;
[root@bj-1-141 ~]# ip netns add mynetns
[root@bj-1-141 ~]# ip netns list
mynetns
練習2、將eno33557788接口移動至mynetns名稱空間;
[root@bj-1-141 ~]# ip link set eno33557788 netns mynetns
練習3、查看mynetns名稱空間中的設備信息;
[root@bj-1-141 ~]# ip netns exec mynetns ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
練習4、刪除mynetns名稱空間
[root@bj-1-141 ~]# ip netns del mynetns
19.10.3、ip address
添加接口IP地址
ip addr add IFADDR dev IFACE [label NAME] [broadcast ADDRESS]
[label NAME]:為額外添加的地址指明接口名;例如:eno33554960:0, eth0:0
[broadcast ADDRESS]:廣播地址;會根據ip和netmask自動計算得出;
示例:添加eno33554960:0接口地址為192.168.1.123/24
[root@bj-1-141 ~]# ip addr add 192.168.1.123/24 dev eno33554960 label eno33554960:0
您在 /var/spool/mail/root 中有新郵件
[root@bj-1-141 ~]# ifconfig eno33554960:0
eno33554960:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.123 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:68:07:ab txqueuelen 1000 (Ethernet)
刪除接口IP地址
ip addr del IFADDR dev IFACE
示例:刪除192.168.1.123/24,接口為eno33554960:0
[root@bj-1-141 ~]# ip addr del 192.168.1.123/24 dev eno33554960:0
顯示接口信息
使用格式:
ip addr show [IFACE]
[IFACE]:顯示指定接口的IP地址;例如:ip addr show eno33554960
# 注意:默認顯示所有接口信息
示例:顯示eno33554960的詳細信息;
[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic eno33554960
valid_lft 5990sec preferred_lft 5990sec
inet6 fe80::20c:29ff:fe68:7ab/64 scope link
valid_lft forever preferred_lft forever
清空接口上所有地址
使用格式:
ip addr flush dev IFACE
示例:清空eno33554960接口所有地址;
[root@bj-1-141 ~]# ip addr flush dev eno33554960
[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
19.10.4、ip route
功用:路由管理
添加路由條目
使用格式:
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
TYPE PREFIX:表示目標地址;
via:關鍵字;后面跟上下一跳地址;
GW:表示網關地址;
[dev IFACE]:指定接口;例如:dev eno33554960, dev eth0
[src SOURCE_IP]:當接口上有多個IP地址時,指定到達目標網絡從哪個IP地址發數據;
示例:
練習1、添加目標地址為172.16.100.7的主機路由,網關地址為192.168.1.141;接口為eno16777728;
[root@bj-1-141 ~]# ip route add 172.16.100.7 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
練習2、添加目標網絡地址為10.0.0.0/8的網絡路由,下一跳為192.168.1.141,接口為eno16777728;
[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
10.0.0.0/8 via 192.168.1.141 dev eno16777728
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
刪除路由條目
使用格式:
ip route del TYPE PREFIX
示例:刪除主機路由172.16.100.7;刪除目標網絡為10.0.0.8/8的網絡路由條目;
[root@bj-1-141 ~]# ip route del 172.16.100.7 dev eno16777728
[root@bj-1-141 ~]# ip route del 10.0.0.0/8 dev eno16777728
獲取路由條目創建信息
使用格式:
ip route get TYPE PREFIX
示例:添加一個網絡路由,並獲取詳細信息;
[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route get 10.0.0.0/8
10.0.0.0 dev eno16777728 src 192.168.1.141
cache
19.11、ss命令
功用:與netstat命令類似,都是獲取其網絡連接狀態信息;可使用FILTER過濾其指定的信息;
使用格式
ss [OPTIONS] [FILTER]
常用選項
-t:tcp協議相關的連接;
-u:udp協議相關的連接;
-w:raw socket相關的連接;
-l:監聽狀態的連接;
-a:所有狀態的連接;
-n:數字格式顯示;
-p:相關的程序及PID;
-e:擴展格式信息;
-m:內存用量;
-o:計時器信息;
[FILTER]= [ state TCP-STATE ] [EXPRESSION]
EXPRESSION:
dport=
sport=
TCP的常見狀態
LISTEN
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
示例:
練習1、顯示所有tcp協議相關的信息;
[root@bj-1-141 ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1055,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=2153,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1055,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=2153,fd=14))
練習2、顯示tcp協議相關的所有狀態信息;
[root@bj-1-141 ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 36 192.168.1.141:22 192.168.1.121:49896
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
練習3、顯示tcp協議相關的所有信息,但只顯示原端口與目標端口為22的連接狀態;
[root@bj-1-160-enzhi ~]# ss -tan '( dport = :22 or sport = :22 )'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
ESTAB 0 0 192.168.1.160:22 192.168.1.121:49824
練習4、查看tcp協議相關的連接信息中狀態為ESTABLISHED的所有信息;
[root@bj-1-160-enzhi ~]# ss -tanl state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 40 192.168.1.160:22 192.168.1.121:49824
0 0 192.168.1.160:22 192.168.1.121:50398
19.12、通過配置文件配置網絡屬性
-
IP/DNS/GATEWAY相關等配置文件;
/etc/sysconfig/network-scripts/ifcfg-IFACE -
路由相關的配置文件
/etc/sysconfig/network-scripts/route-IFACE
19.12.1、文件配置IP/DNS/GATEWAY等信息
配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE;通過大量參數來定義接口的屬性,其可通過vim等文本編輯器直接修改,也可以使用專用的命令進行修改;centos6:setup命令,centos7:nmtui命令;
Ifcfg-IFACE配置文件參數
DEVICE=:此配置文件對應的設備的名稱;
ONBOOT=:在系統引導過程中是否激活此接口;
UUID=:此設備的唯一標識,可不寫;
BOOTPROTO=:激活此接口時使用什么協議來配置接口屬性,常用的有dhcp,bootp,static,none;
TYPE=Ethernet:指明接口類型,常見的有,Ethernet;
DNS1=:主DNS服務器指向;
DNS2=:備用DNS服務器指向;
DOMAIN=:搜索域;
IPADDR=:本機的IP地址;
NETMASK=:子網掩碼,
GATEWAY=:默認網關地址;
USERCTL=:是否允許普通用戶控制此設備;
PEERDNS=:如果BOOTPROTO的值為dhcp,是否允許dhcp server,分配的dns服務器指向覆蓋本地手動指向的dns服務器,默認允許;
HWADDR=:硬件設備的Mac地址;可以不寫;
NM_CONTROLLED=yes:是否使用network manager 服務來控制接口;
配置示例
[root@bj-1-160-enzhi network-scripts]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.161
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# 保存退出並重啟網絡服務
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.161 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:932 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:96196 (93.9 KiB) TX bytes:1764 (1.7 KiB)
19.12.2、網絡服務管理
使用格式
CentOS6:service SERVICE {start|stop|restart|status|reload}
CentOS7:systemctl {start|stop|restart|status|reload} SERVICE.service
注意:使用配置文件方式修改網絡屬性后,如果要生效,需要重啟網絡服務;
CentOS6:service restart network
CentOS7:systemctl restart network.service
19.12.3、配置文件定義永久生效路由
配置文件
/etc/sysconfig/network-scripts/route-IFACE
配置文件格式
支持兩種配置方式,但是不可以混用;
第一種方式:每行一個路由條目
TARGET via GW
TARGET:目標地址;
via:關鍵字
GW:下一跳地址;
示例:
練習1、添加一條主機路由條目,目標主機地址為172.16.100.7,下一跳地址為192.168.1.141;
# CentOS7 配置方式
[root@bj-1-141 network-scripts]# vim route-eno16777728
172.16.100.7 via 192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
default via 192.168.1.1 dev eno33554960 proto static metric 101
169.254.0.0/16 dev eno33554960 scope link metric 1003
172.16.100.7 via 192.168.1.141 dev eno16777728 proto static metric 100
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
192.168.1.0/24 dev eno33554960 proto kernel scope link src 192.168.1.122 metric 101
# CentOS6配置方式
[root@bj-1-160-enzhi network-scripts]# cat route-eth1
10.0.0.0/8 via 192.168.1.161
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ip route show
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.160
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.161
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
10.0.0.0/8 via 192.168.1.161 dev eth1
default via 192.168.1.1 dev eth0
第二種方式:每三行一個路由條目
ADDRESS#=TARGET(目標地址)
NETMASK#=MASK(子網掩碼)
GATEWAY#=NEXTHOP(下一跳)
示例:
練習1、添加一條網絡路由,目標網絡地址為172.16.0.0/16,下一跳為192.168.1.141;
[root@bj-1-141 network-scripts]# cat route-eno16777728
ADDRESS0=172.16.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728 proto static metric 100
default via 192.168.1.1 dev eno33554960 proto static metric 101
169.254.0.0/16 dev eno33554960 scope link metric 1003
172.16.0.0/16 via 192.168.1.141 dev eno16777728 proto static metric 100
192.168.1.0/24 dev eno16777728 proto kernel scope link src 192.168.1.141 metric 100
192.168.1.0/24 dev eno33554960 proto kernel scope link src 192.168.1.122 metric 101
19.12.4、配置文件給接口配置多個IP地址永久生效
注意:網卡別名不支持動態獲取地址;
配置方式
復制要添加多個接口的網卡配置文件;而后修改其DEVICE名稱及刪除UUID;
示例
練習1、為eth1接口配置網卡別名為eth1:0,其IP地址為192.168.1.188/24,網關為192.168.1.1;
# 第一步:復制eth1到eth1:0
[root@bj-1-160-enzhi network-scripts]# cp ifcfg-eth1 ifcfg-eth1:0
# 第二步:修改其內容
[root@bj-1-160-enzhi network-scripts]# vim ifcfg-eth1:0
DEVICE=eth1:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.188
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# 第三步:重啟網絡服務查看eth1:0信息
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 192.168.1.160 is already in use for device eth0...
[ OK ]
Bringing up interface eth1: Determining if ip address 192.168.1.161 is already in use for device eth1...
Determining if ip address 192.168.1.188 is already in use for device eth1...
[ OK ]
[root@bj-1-160-enzhi network-scripts]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:18:EC:38
inet addr:192.168.1.160 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec38/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4041 errors:0 dropped:0 overruns:0 frame:0
TX packets:2376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:404252 (394.7 KiB) TX bytes:284678 (278.0 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.161 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:1168 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:130676 (127.6 KiB) TX bytes:4020 (3.9 KiB)
eth1:0 Link encap:Ethernet HWaddr 00:0C:29:18:EC:42
inet addr:192.168.1.188 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1500 Metric:1