Linux网络属性配置

目录

  • IP地址分类
  • 如何将Linux主机接入到网络中
  • 网络接口的命名方式
  • ifcfg系列命令
  • 如何配置主机名
  • 如何配置DNS服务器指向
  • iproute2系列命令
  • Linux管理网络服务
  • 永久生效配置路由条目
  • 如何为接口配置多个IP地址

19.1、IP地址分类

IP地址分为5类,A,B,C,D,E,其中D和E在工作中不会使用;

19.1.1、A类地址

第一段为网络号,后三段为主机号;

有效的网络号:0 000 0000 - 0 111 1111 = 1 -127

网络数量:126个,127被用作回环地址;

每个网络中的主机数量:2^24-2,减去全为0和全为1的;

默认子网掩码:255.0.0.0, /8;子网掩码用于与IP地址按位进行与运算,从而取出其网络地址;

私网地址:10.0.0.0/255.0.0.0

19.1.2、B类地址

前两段为网络号,后两段为主机号;

有效的网络号:10 00 0000 - 10 11 1111 = 128-191

网络数量:2^14

每个网络中的主机数量:2^16-2

默认子网掩码:255.255.0.0, /16;

私网地址:172.16.0.0 - 172.31.0.0

19.1.3、C类地址

前三段为网络号,最后一段为主机号;

有效的网络号:110 0 0000 - 110 1 1111 = 192-223;

网络数量:2^21

每个网络中的主机数量:2^8-2;

默认子网掩码:255.255.255.0 , /24 ;

19.1.4、D类地址

1110 0000 - 1110 1111 = 224-239

19.1.5、E类地址

240-255

注意:IP地址中主机位全为1的表示广播地址;主机位全为0的表示网络地址;

19.2、配置Linux主机接入网络

  1. 本地通信:配置IP/NETMASK
  2. 跨网络通信:配置路由(网关);
  3. 基于主机名通信:配置DNS服务器地址,Linux系统可以配置三个DNS指向;

19.2.1、配置方式

静态指定

命令方式:

  • ifcfg系列:
ifconfig:配置IP,子网掩码;
route:配置路由;
netstat:状态及统计数据查看工具;
  • iproute2系列:
ip OBJECT:
	addr:地址和掩码
	route:路由
	link:接口
  • Centos7专用:

    nmcli(命令行工具)

    nmtui(图形化工具)

配置文件方式:redhat及相关发行版

# 网络配置
/etc/sysconfig/network-scripts/ifcfg-NETCARD_NAME
# DNS配置
/etc/resolv.conf
# 主机名配置
hostname
配置文件:/etc/sysconfig/network
CentOS7系统:hostnamectl命令

动态分配

依赖于本地网络中有DHCP服务。

19.3、网络接口命名方式

19.3.1、传统命名

以太网:ethX,例如:eth0, eth1, ...

ppp网络:pptX,例如:ppp0, ppp1, ...

19.3.2、可预测命名方案(CentOS7)

支持多种不同命名机制,firmware拓扑结构;

(1)如果firmware或bios为主板上即成的设备提供的索引信息可用,则根据此索引进行命名,如,eno1,eno2, ...
(2)如果firmware或bios为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此信息进行命名,如ens1, ens2, ...
(3)如果硬件接口的物理位置信息可用,则根据此信息命名,如enp2s0,...
(4)如果用户显示定义,也可根据MAC地址命名,例如:enx122161ab2e10,...

命名格式组成:

en: ethernet
wl: wlan
ww: wwan
# 名称类型
	o<index>:集成设备的设备索引号;
	s<slot>:扩展槽的索引号;
	x<MAC>:基于Mac地址的命名;
	p<bus>s<slot>:基于总线及槽的拓扑结构进行命名;

19.4、ifconfig命令

19.4.1、查看接口地址

使用格式

ifconfig [INFACE]
	[INFACE]:表示网卡接口名称;

示例

[root@bj-1-141-enzhi ~]# ifconfig eno16777728
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.141  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:fe68:7a1  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:68:07:a1  txqueuelen 1000  (Ethernet)
        RX packets 328657  bytes 68091806 (64.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 169435  bytes 22070755 (21.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

19.4.2、管理IP地址

使用格式

ifconfig  INTERFACE  IP/MASK [up]
ifconfig INTERFACE IP netmask NETMASK [up]

示例

[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.100/24 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.100  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:fe68:7ab  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:68:07:ab  txqueuelen 1000  (Ethernet)
        RX packets 120  bytes 9113 (8.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 30  bytes 3302 (3.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
[root@bj-1-141-enzhi ~]# ifconfig eno33554960 192.168.1.188 netmask 255.255.255.0 up
[root@bj-1-141-enzhi ~]# ifconfig eno33554960
eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.188  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::20c:29ff:fe68:7ab  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:68:07:ab  txqueuelen 1000  (Ethernet)
        RX packets 313  bytes 24954 (24.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 107  bytes 11674 (11.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

注意:ifconfig命令会立即将配置送往内核中,并立即生效;重启后无效;

19.5、route命令

功用:路由查看和管理

19.5.1、路由条目类型

  1. 主机路由:目标地址为单个IP;
  2. 网络路由:目标地址为IP网络;
  3. 默认路由:目标为任意网络,0.0.0.0/0.0.0.0;

19.5.2、查看路由条目

[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.2.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728

19.5.3、添加路由条目

使用格式

route add [-net | -host] target  [netmask Nm] [gw Gw] [[dev] If]

示例

练习1、添加目标地址为172.16.100.7的主机路由;

[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7  dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
172.16.100.7    0.0.0.0         255.255.255.255 UH    0      0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960
# 或者
[root@bj-1-141-enzhi ~]# route add -host 172.16.100.7 gw 192.168.1.122
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
172.16.100.7    192.168.1.122   255.255.255.255 UGH   0      0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960

练习2:添加目标地址网络为10.0.0.0/8的网络路由条目;

[root@bj-1-141-enzhi ~]# route add -net 10.0.0.0/8 gw 192.168.1.122 dev eno33554960
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
10.0.0.0        192.168.1.122   255.0.0.0       UG    0      0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
172.16.100.7    192.168.1.122   255.255.255.255 UGH   0      0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960

练习3、添加默认路由

[root@bj-1-141-enzhi ~]# route add default gw 192.168.1.141 dev eno16777728
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.141   0.0.0.0         UG    0      0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
10.0.0.0        192.168.1.122   255.0.0.0       UG    0      0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
172.16.100.7    192.168.1.122   255.255.255.255 UGH   0      0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960

15.4、删除路由条目

使用格式

route del [-net | -host] target [gw Gw] [netmask Nm] [[dev] If]

示例

# 删除主机路由
[root@bj-1-141-enzhi ~]# route del -host 172.16.100.7
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.141   0.0.0.0         UG    0      0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
10.0.0.0        192.168.1.122   255.0.0.0       UG    0      0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960
# 删除网络路由
[root@bj-1-141-enzhi ~]# route  del -net 10.0.0.0/8
[root@bj-1-141-enzhi ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.141   0.0.0.0         UG    0      0        0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG    101    0        0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U     101    0        0 eno33554960

19.6、netstat命令

netstat命令用于显示网络相关信息,如网络连接,路由表,接口状态等;

19.6.1、显示路由信息

使用格式

netstat -rn
-r:显示路由表
-n:数字格式显示

示例

[root@bj-1-141-enzhi ~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.141   0.0.0.0         UG        0 0          0 eno16777728
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eno33554960
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eno33554960
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eno16777728
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eno33554960

19.6.2、显示网络连接

使用格式

netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]

常用选项

-t:显示tcp协议相关的连接;
-u:显示udp协议相关的连接;
-w:raw socket相关的连接;
-l:显示处于监听状态的连接;
-a:显示所有状态的连接;
-n:以数字格式显示ip和port;
-e:扩展格式;
-p:显示相关进程PID;

示例

练习1、查看所有tcp协议处于监听状态的连接;

[root@bj-1-141-enzhi ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1055/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2153/master
tcp6       0      0 :::22                   :::*                    LISTEN      1055/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2153/master

练习2、显示tcp协议相关所有状态的连接信息;

[root@bj-1-141-enzhi ~]# netstat -tanlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1055/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2153/master
tcp        0      0 192.168.1.141:22        192.168.1.106:2889      ESTABLISHED 2397/sshd: root@pts
tcp        0      0 192.168.1.141:22        192.168.1.106:2960      ESTABLISHED 3332/sshd: root@pts
tcp        0      0 192.168.1.141:22        192.168.1.121:50362     ESTABLISHED 2193/sshd: root@pts
tcp        0     36 192.168.1.141:22        192.168.1.121:50471     ESTABLISHED 2851/sshd: root@pts
tcp6       0      0 :::22                   :::*                    LISTEN      1055/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2153/master

19.6.3、显示接口的统计数据

使用格式

netstat -i:显示所有接口的信息;
netstat -I<IFACE>:显示指定接口的信息;

示例

[root@bj-1-141-enzhi ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777  1500     9868      0      0 0          5115      0      0      0 BMRU
eno33554  1500     6283      0      0 0           411      0      0      0 BMRU
lo       65536     1292      0      0 0          1292      0      0      0 LRU
[root@bj-1-141-enzhi ~]# netstat -I
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777  1500     9890      0      0 0          5127      0      0      0 BMRU
eno33554  1500     6284      0      0 0           411      0      0      0 BMRU
lo       65536     1292      0      0 0          1292      0      0      0 LRU
[root@bj-1-141-enzhi ~]# netstat -Ieno16777728
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eno16777  1500     9914      0      0 0          5140      0      0      0 BMRU

19.7、ifup和ifdown命令

使用格式

ifup IFACE:启用接口
ifdown IFACE:禁用接口

注意:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE,来识别接口并完成配置;

示例

[root@bj-1-141-enzhi ~]# ifdown eno33554960
[root@bj-1-141-enzhi ~]# ifup  eno33554960

19.8、Linux主机名配置

19.8.1、hostname命令

查看主机名

hostname

配置主机名

hostname HOSTNAME
# 当前有效,重启无效;

示例

[root@bj-1-141-enzhi ~]# hostname
bj-1-141-enzhi.com
[root@bj-1-141-enzhi ~]# hostname node1.enzhi.com
[root@bj-1-141-enzhi ~]# hostname
node1.enzhi.com

19.8.2、hostnamectl命令

此命令仅使用于centos7系统;

使用格式

hostnamectl [OPTIONS...] {COMMAND}

常用选项

status:查看当前主机名设定
set-hostname HOSTNAME:设定主机名,永久有效;

查看当前主机名设定

[root@bj-1-141-enzhi ~]# hostnamectl status
   Static hostname: bj-1-141-enzhi.com
   Pretty hostname: BJ-1-141-enzhi.com
Transient hostname: node1.enzhi.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: e8db53fed0a04615b1f91697eb5c58f0
           Boot ID: 13ec2f519021428b881660f97fe6c766
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-327.el7.x86_64
      Architecture: x86-64

设定主机名

[root@bj-1-141-enzhi ~]# hostnamectl set-hostname bj-1-141.enzhi.com
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141-enzhi ~]# hostnamectl status
   Static hostname: bj-1-141.enzhi.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: e8db53fed0a04615b1f91697eb5c58f0
           Boot ID: 13ec2f519021428b881660f97fe6c766
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-327.el7.x86_64
      Architecture: x86-64

19.8.3、配置文件修改主机名

配置文件:/etc/sysconfig/network

配置文件格式

HOSTNAME=bj-1-141.enzhi.com

注意:此方法不是立即生效,重启后一直有效;

19.9、配置DNS服务器指向

配置文件:/etc/resolv.conf

文件格式

nameserver DNS_SERVER_IP

示例

[root@bj-1-141-enzhi ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search enzhi.com
nameserver 192.168.1.1
nameserver 8.8.8.8

如何测试

测试dns配置能否解析可使用:host, nslookup, dig三种命令的其中一种;如果系统没有安装三种命令,则使用yum -y install bind-utils,即可;

示例

[root@bj-1-141-enzhi ~]# yum -y install bind-utils
[root@bj-1-141-enzhi ~]# rpm -ql bind-utils
/etc/trusted-key.key
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz

# 使用dig与nslookup解析百度域名
[root@bj-1-141-enzhi ~]# dig -t A www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3 <<>> -t A www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30987
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com.			IN	A

;; ANSWER SECTION:
www.baidu.com.		208	IN	CNAME	www.a.shifen.com.
www.a.shifen.com.	68	IN	A	119.75.218.70
www.a.shifen.com.	68	IN	A	119.75.217.109

;; AUTHORITY SECTION:
a.shifen.com.		361	IN	NS	ns1.a.shifen.com.
a.shifen.com.		361	IN	NS	ns3.a.shifen.com.
a.shifen.com.		361	IN	NS	ns5.a.shifen.com.
a.shifen.com.		361	IN	NS	ns4.a.shifen.com.
a.shifen.com.		361	IN	NS	ns2.a.shifen.com.

;; ADDITIONAL SECTION:
ns1.a.shifen.com.	395	IN	A	61.135.165.224
ns2.a.shifen.com.	416	IN	A	180.149.133.241
ns3.a.shifen.com.	395	IN	A	61.135.162.215
ns4.a.shifen.com.	368	IN	A	115.239.210.176
ns5.a.shifen.com.	67	IN	A	119.75.222.17

;; Query time: 22 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: 日 1月 01 21:54:46 CST 2017
;; MSG SIZE  rcvd: 271

[root@bj-1-141-enzhi ~]# nslookup www.baidu.com
Server:		192.168.1.1
Address:	192.168.1.1#53

Non-authoritative answer:
www.baidu.com	canonical name = www.a.shifen.com.
Name:	www.a.shifen.com
Address: 119.75.217.109
Name:	www.a.shifen.com
Address: 119.75.218.70

19.10、ip命令

功用:显示或控制路由设备,策略路由和隧道

使用格式

 ip [ OPTIONS ] OBJECT { COMMAND | help }

常用OBJECT

OBJECT={link | addr | route | netns}

功用:网络设备配置

使用格式

ip link set 
	dev NAME(default):指明要管理的设备,dev关键字可省略;
	up and down:启用或禁用设备;
	multicast on or molticast off:启用或禁用多播功能;
	name NAME:重命名接口;需要停止网络服务;
	mtu NUMBER:设置MTU大小,默认1500;

使用示例

练习1、禁用设备或启用设备

# centos7
[root@bj-1-141-enzhi ~]# ip link set eno33554960 down
[root@bj-1-141-enzhi ~]# ip link set eno33554960 up
# centos6
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 up
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe18:ec42/64 scope link
       valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi network-scripts]# ip link set eth1 down
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff

练习2、禁用eth1网卡多播功能;

[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe18:ec42/64 scope link
       valid_lft forever preferred_lft forever
[root@bj-1-160-enzhi ~]# ip link set eth1 multicast off
You have new mail in /var/spool/mail/root
[root@bj-1-160-enzhi ~]# ip addr show eth1
3: eth1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:18:ec:42 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe18:ec42/64 scope link
       valid_lft forever preferred_lft forever

练习3、重命名接口名称

[root@bj-1-141 ~]# systemctl stop  network.service
[root@bj-1-141 ~]# ip link set eno33554960 name eno33557788
[root@bj-1-141 ~]# systemctl start  network.service
[root@bj-1-141 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:68:07:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.141/24 brd 192.168.1.255 scope global eno16777728
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe68:7a1/64 scope link
       valid_lft forever preferred_lft forever
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff

19.10.2、ip netns

使用格式

ip netns list:列出所有的netns;
ip netns add NAME:添加一个名称空间;
ip link set INTERFACE netns netns_NAME:将指定的接口移动至指定名称空间中;
ip netns exec netns_NAME ip link show:查看名称空间中的设备信息;
ip netns del netns_NAME:删除指定名称空间;

示例

练习1、在eno33557788接口添加一个名称空间,名为mynetns;

[root@bj-1-141 ~]# ip netns add mynetns
[root@bj-1-141 ~]# ip netns list
mynetns

练习2、将eno33557788接口移动至mynetns名称空间;

[root@bj-1-141 ~]# ip link set eno33557788 netns mynetns

练习3、查看mynetns名称空间中的设备信息;

[root@bj-1-141 ~]# ip netns exec mynetns ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eno33557788: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
    link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff

练习4、删除mynetns名称空间

[root@bj-1-141 ~]# ip netns del mynetns

19.10.3、ip address

添加接口IP地址

ip addr add IFADDR dev IFACE  [label NAME] [broadcast ADDRESS]
	[label NAME]:为额外添加的地址指明接口名;例如:eno33554960:0, eth0:0
	[broadcast ADDRESS]:广播地址;会根据ip和netmask自动计算得出;

示例:添加eno33554960:0接口地址为192.168.1.123/24

[root@bj-1-141 ~]# ip addr add 192.168.1.123/24 dev eno33554960 label eno33554960:0
您在 /var/spool/mail/root 中有新邮件
[root@bj-1-141 ~]# ifconfig eno33554960:0
eno33554960:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.123  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 00:0c:29:68:07:ab  txqueuelen 1000  (Ethernet)

删除接口IP地址

ip addr del IFADDR dev IFACE

示例:删除192.168.1.123/24,接口为eno33554960:0

[root@bj-1-141 ~]# ip addr del 192.168.1.123/24 dev eno33554960:0

显示接口信息

使用格式:

ip addr show [IFACE]
	[IFACE]:显示指定接口的IP地址;例如:ip addr show eno33554960
# 注意:默认显示所有接口信息

示例:显示eno33554960的详细信息;

[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.122/24 brd 192.168.1.255 scope global dynamic eno33554960
       valid_lft 5990sec preferred_lft 5990sec
    inet6 fe80::20c:29ff:fe68:7ab/64 scope link
       valid_lft forever preferred_lft forever

清空接口上所有地址

使用格式:

ip addr flush dev IFACE

示例:清空eno33554960接口所有地址;

[root@bj-1-141 ~]# ip addr flush dev eno33554960
[root@bj-1-141 ~]# ip addr show eno33554960
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:68:07:ab brd ff:ff:ff:ff:ff:ff

19.10.4、ip route

功用:路由管理

添加路由条目

使用格式:

ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
	TYPE PREFIX:表示目标地址;
	via:关键字;后面跟上下一跳地址;
	GW:表示网关地址;
	[dev IFACE]:指定接口;例如:dev eno33554960, dev eth0
	[src SOURCE_IP]:当接口上有多个IP地址时,指定到达目标网络从哪个IP地址发数据;

示例:

练习1、添加目标地址为172.16.100.7的主机路由,网关地址为192.168.1.141;接口为eno16777728;

[root@bj-1-141 ~]# ip route add 172.16.100.7  via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728  proto static  metric 100
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728  proto kernel  scope link  src 192.168.1.141  metric 100

练习2、添加目标网络地址为10.0.0.0/8的网络路由,下一跳为192.168.1.141,接口为eno16777728;

[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route show
default via 192.168.1.1 dev eno16777728  proto static  metric 100
10.0.0.0/8 via 192.168.1.141 dev eno16777728
172.16.100.7 via 192.168.1.141 dev eno16777728
192.168.1.0/24 dev eno16777728  proto kernel  scope link  src 192.168.1.141  metric 100

删除路由条目

使用格式:

ip route del TYPE PREFIX

示例:删除主机路由172.16.100.7;删除目标网络为10.0.0.8/8的网络路由条目;

[root@bj-1-141 ~]# ip route del 172.16.100.7 dev eno16777728
[root@bj-1-141 ~]# ip route del 10.0.0.0/8 dev eno16777728

获取路由条目创建信息

使用格式:

ip route get TYPE PREFIX

示例:添加一个网络路由,并获取详细信息;

[root@bj-1-141 ~]# ip route add 10.0.0.0/8 via 192.168.1.141 dev eno16777728
[root@bj-1-141 ~]# ip route get 10.0.0.0/8
10.0.0.0 dev eno16777728  src 192.168.1.141
    cache

19.11、ss命令

功用:与netstat命令类似,都是获取其网络连接状态信息;可使用FILTER过滤其指定的信息;

使用格式

ss [OPTIONS] [FILTER]

常用选项

-t:tcp协议相关的连接;
-u:udp协议相关的连接;
-w:raw socket相关的连接;
-l:监听状态的连接;
-a:所有状态的连接;
-n:数字格式显示;
-p:相关的程序及PID;
-e:扩展格式信息;
-m:内存用量;
-o:计时器信息;

[FILTER]= [ state TCP-STATE ] [EXPRESSION]
	EXPRESSION:
		dport=
		sport=

TCP的常见状态

LISTEN
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED

示例:

练习1、显示所有tcp协议相关的信息;

[root@bj-1-141 ~]# ss -tnlp
State      Recv-Q Send-Q                    Local Address:Port                                   Peer Address:Port
LISTEN     0      128                                   *:22                                                *:*                   users:(("sshd",pid=1055,fd=3))
LISTEN     0      100                           127.0.0.1:25                                                *:*                   users:(("master",pid=2153,fd=13))
LISTEN     0      128                                  :::22                                               :::*                   users:(("sshd",pid=1055,fd=4))
LISTEN     0      100                                 ::1:25                                               :::*                   users:(("master",pid=2153,fd=14))

练习2、显示tcp协议相关的所有状态信息;

[root@bj-1-141 ~]# ss -tan
State      Recv-Q Send-Q                    Local Address:Port                                   Peer Address:Port
LISTEN     0      128                                   *:22                                                *:*
LISTEN     0      100                           127.0.0.1:25                                                *:*
ESTAB      0      36                        192.168.1.141:22                                    192.168.1.121:49896
LISTEN     0      128                                  :::22                                               :::*
LISTEN     0      100                                 ::1:25                                               :::*

练习3、显示tcp协议相关的所有信息,但只显示原端口与目标端口为22的连接状态;

[root@bj-1-160-enzhi ~]# ss -tan '( dport = :22 or sport = :22 )'
State      Recv-Q Send-Q                                 Local Address:Port                                   Peer Address:Port
LISTEN     0      128                                               :::22                                               :::*
LISTEN     0      128                                                *:22                                                *:*
ESTAB      0      0                                      192.168.1.160:22                                    192.168.1.121:49824

练习4、查看tcp协议相关的连接信息中状态为ESTABLISHED的所有信息;

[root@bj-1-160-enzhi ~]# ss -tanl state ESTABLISHED
Recv-Q Send-Q                                      Local Address:Port                                        Peer Address:Port
0      40                                          192.168.1.160:22                                         192.168.1.121:49824
0      0                                           192.168.1.160:22                                         192.168.1.121:50398

19.12、通过配置文件配置网络属性

  1. IP/DNS/GATEWAY相关等配置文件;

    /etc/sysconfig/network-scripts/ifcfg-IFACE
    
  2. 路由相关的配置文件

    /etc/sysconfig/network-scripts/route-IFACE
    

19.12.1、文件配置IP/DNS/GATEWAY等信息

配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE;通过大量参数来定义接口的属性,其可通过vim等文本编辑器直接修改,也可以使用专用的命令进行修改;centos6:setup命令,centos7:nmtui命令;

Ifcfg-IFACE配置文件参数

DEVICE=:此配置文件对应的设备的名称;
ONBOOT=:在系统引导过程中是否激活此接口;
UUID=:此设备的唯一标识,可不写;
BOOTPROTO=:激活此接口时使用什么协议来配置接口属性,常用的有dhcp,bootp,static,none;
TYPE=Ethernet:指明接口类型,常见的有,Ethernet;
DNS1=:主DNS服务器指向;
DNS2=:备用DNS服务器指向;
DOMAIN=:搜索域;
IPADDR=:本机的IP地址;
NETMASK=:子网掩码,
GATEWAY=:默认网关地址;
USERCTL=:是否允许普通用户控制此设备;
PEERDNS=:如果BOOTPROTO的值为dhcp,是否允许dhcp server,分配的dns服务器指向覆盖本地手动指向的dns服务器,默认允许;
HWADDR=:硬件设备的Mac地址;可以不写;
NM_CONTROLLED=yes:是否使用network manager 服务来控制接口;

配置示例

[root@bj-1-160-enzhi network-scripts]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.161
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
# 保存退出并重启网络服务
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.1.160 is already in use for device eth0...
                                                           [  OK  ]
Bringing up interface eth1:  Determining if ip address 192.168.1.161 is already in use for device eth1...
                                                           [  OK  ]
[root@bj-1-160-enzhi network-scripts]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0C:29:18:EC:42
          inet addr:192.168.1.161  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:932 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:96196 (93.9 KiB)  TX bytes:1764 (1.7 KiB)

19.12.2、网络服务管理

使用格式

CentOS6:service SERVICE {start|stop|restart|status|reload}
CentOS7:systemctl {start|stop|restart|status|reload} SERVICE.service

注意:使用配置文件方式修改网络属性后,如果要生效,需要重启网络服务;

CentOS6:service restart network
CentOS7:systemctl restart network.service

19.12.3、配置文件定义永久生效路由

配置文件

/etc/sysconfig/network-scripts/route-IFACE

配置文件格式

支持两种配置方式,但是不可以混用;

第一种方式:每行一个路由条目

TARGET   via  GW
  TARGET:目标地址;
  via:关键字
  GW:下一跳地址;

示例:

练习1、添加一条主机路由条目,目标主机地址为172.16.100.7,下一跳地址为192.168.1.141;

# CentOS7 配置方式
[root@bj-1-141 network-scripts]# vim route-eno16777728
172.16.100.7 via 192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728  proto static  metric 100
default via 192.168.1.1 dev eno33554960  proto static  metric 101
169.254.0.0/16 dev eno33554960  scope link  metric 1003
172.16.100.7 via 192.168.1.141 dev eno16777728  proto static  metric 100
192.168.1.0/24 dev eno16777728  proto kernel  scope link  src 192.168.1.141  metric 100
192.168.1.0/24 dev eno33554960  proto kernel  scope link  src 192.168.1.122  metric 101

# CentOS6配置方式
[root@bj-1-160-enzhi network-scripts]# cat route-eth1
10.0.0.0/8 via 192.168.1.161

[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.1.160 is already in use for device eth0...
                                                           [  OK  ]
Bringing up interface eth1:  Determining if ip address 192.168.1.161 is already in use for device eth1...
                                                           [  OK  ]
[root@bj-1-160-enzhi network-scripts]# ip route show
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.160
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.161
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
10.0.0.0/8 via 192.168.1.161 dev eth1
default via 192.168.1.1 dev eth0

第二种方式:每三行一个路由条目

ADDRESS#=TARGET(目标地址)
NETMASK#=MASK(子网掩码)
GATEWAY#=NEXTHOP(下一跳)

示例:

练习1、添加一条网络路由,目标网络地址为172.16.0.0/16,下一跳为192.168.1.141;

[root@bj-1-141 network-scripts]# cat route-eno16777728
ADDRESS0=172.16.0.0
NETMASK0=255.255.0.0
GATEWAY0=192.168.1.141
[root@bj-1-141 network-scripts]# systemctl restart network.service
[root@bj-1-141 network-scripts]# ip route show
default via 192.168.1.1 dev eno16777728  proto static  metric 100
default via 192.168.1.1 dev eno33554960  proto static  metric 101
169.254.0.0/16 dev eno33554960  scope link  metric 1003
172.16.0.0/16 via 192.168.1.141 dev eno16777728  proto static  metric 100
192.168.1.0/24 dev eno16777728  proto kernel  scope link  src 192.168.1.141  metric 100
192.168.1.0/24 dev eno33554960  proto kernel  scope link  src 192.168.1.122  metric 101

19.12.4、配置文件给接口配置多个IP地址永久生效

注意:网卡别名不支持动态获取地址;

配置方式

复制要添加多个接口的网卡配置文件;而后修改其DEVICE名称及删除UUID;

示例

练习1、为eth1接口配置网卡别名为eth1:0,其IP地址为192.168.1.188/24,网关为192.168.1.1;

# 第一步:复制eth1到eth1:0
[root@bj-1-160-enzhi network-scripts]# cp ifcfg-eth1 ifcfg-eth1:0

# 第二步:修改其内容
[root@bj-1-160-enzhi network-scripts]# vim ifcfg-eth1:0
DEVICE=eth1:0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.1.188
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1

# 第三步:重启网络服务查看eth1:0信息
[root@bj-1-160-enzhi network-scripts]# service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Determining if ip address 192.168.1.160 is already in use for device eth0...
                                                           [  OK  ]
Bringing up interface eth1:  Determining if ip address 192.168.1.161 is already in use for device eth1...
Determining if ip address 192.168.1.188 is already in use for device eth1...
                                                           [  OK  ]
[root@bj-1-160-enzhi network-scripts]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:18:EC:38
          inet addr:192.168.1.160  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe18:ec38/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4041 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2376 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:404252 (394.7 KiB)  TX bytes:284678 (278.0 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:18:EC:42
          inet addr:192.168.1.161  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe18:ec42/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:1168 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:130676 (127.6 KiB)  TX bytes:4020 (3.9 KiB)

eth1:0    Link encap:Ethernet  HWaddr 00:0C:29:18:EC:42
          inet addr:192.168.1.188  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING  MTU:1500  Metric:1
posted @ 2017-01-03 13:15  EnZhiWang  阅读(2456)  评论(0编辑  收藏  举报