Linux学习46 Linux网络相关属性配置进阶与实战
一、iproute2家族续
1、ip命令续
a、ip link
b、ip netns
c、ip address
(1)、ip address add :增加一个IP地址 (add new protocol address )
ip addr add IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名
[broadcast ADDRESS]:广播地址,会根据IP和NETMASK自动计算得到
[scope SCOPE_VALUE]:
global:全局可用
link:接口可用
host:仅本机可用
1)、现在我们首先用ifconfig命令删除网卡ens37的地址
[root@wohaoshuai1 ~]# ifconfig ens37 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.61 netmask 255.255.255.0 broadcast 192.168.10.255 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 65 bytes 5556 (5.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 199 bytes 34302 (33.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@wohaoshuai1 ~]# ifconfig ens37 0 [root@wohaoshuai1 ~]# ifconfig ens37 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 107 bytes 9524 (9.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 217 bytes 36566 (35.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2)、然后我们给网卡ens37配置IP地址
[root@wohaoshuai1 ~]# ifconfig ens37 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 107 bytes 9524 (9.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 217 bytes 36566 (35.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@wohaoshuai1 ~]# ip addr add 192.168.10.61/24 dev ens37 [root@wohaoshuai1 ~]# ifconfig ens37 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.61 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 117 bytes 10308 (10.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 224 bytes 37520 (36.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
其实我们可以再给ens37添加一个地址
[root@wohaoshuai1 ~]# ip addr add 192.168.10.62/24 dev ens37 [root@wohaoshuai1 ~]# ip add show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever
然后我们还可以再给ens37再添加一个地址
[root@wohaoshuai1 ~]# ip addr add 10.0.10.100/8 dev ens37 [root@wohaoshuai1 ~]# ip add show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.10.100/8 scope global ens37 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever
3)、我们可以看到现在ens37网卡上有两个地址,其中192.168.10.61和10.0.10.100俩个是global地址,另一个192.168.10.62是secondary(第二的)地址。为什么其它两个地址中有一个是global地址有一个是secondary地址呢?因为在同一个网段中我们的地址才分第一地址和第二地址。
4)、此时我们用ifconfig命令查看时我们的地址只会显示我们的地址192.168.10.61,如果要显示其它地址的话我们需要为额外添加的地址指明对应的接口别名;
[root@wohaoshuai1 ~]# ip addr add 1.1.10.100/8 dev ens37 label ens37:0 [root@wohaoshuai1 ~]# ip addr list ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.10.100/8 scope global ens37 valid_lft forever preferred_lft forever inet 1.1.10.100/8 scope global ens37:0 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever
5)、此时我们通过ifconfig命令就可以看到对应的接口别名和对应的IP
[root@wohaoshuai1 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.41 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::2af8:1ecb:eb2c:861f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:76:9f:f6 txqueuelen 1000 (Ethernet) RX packets 664 bytes 75801 (74.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 450 bytes 77010 (75.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.61 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 584 bytes 48720 (47.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 539 bytes 69880 (68.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 1.1.10.100 netmask 255.0.0.0 broadcast 0.0.0.0 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 208 bytes 14400 (14.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 208 bytes 14400 (14.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(2)、ip address delete :删除一个IP地址(delete protocol address)
ip addr delete IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名
[broadcast ADDRESS]:广播地址,会根据IP和NETMASK自动计算得到
[scope SCOPE_VALUE]:
global:全局可用
link:接口可用
host:仅本机可用
1)、现在我们来删除网卡ens37上的其中一个地址
[root@wohaoshuai1 ~]# ip addr show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.10.100/8 scope global ens37 valid_lft forever preferred_lft forever inet 1.1.10.100/8 scope global ens37:0 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever [root@wohaoshuai1 ~]# ip addr del 10.0.10.100/8 dev ens37 [root@wohaoshuai1 ~]# ip addr show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 1.1.10.100/8 scope global ens37:0 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever
(3)、ip address show :查看一个IP地址(look at protocol addresses)
ip addr list/show
[IFACE]:显示指定接口的信息
[root@wohaoshuai1 ~]# ip add show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:f6 brd ff:ff:ff:ff:ff:ff inet 192.168.10.41/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2af8:1ecb:eb2c:861f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet6 fe80::ab38:1308:dcd7:37ec/64 scope link noprefixroute valid_lft forever preferred_lft forever
也可以写作 ip add list
(4)、ip address flush:清空接口所有的IP地址,假如一个接口配了多个IP那么所有的IP都会被删除掉
ip addr slush dev IFACE
1)、现在我们来清空我们设备ens37上的所有IP
[root@wohaoshuai1 ~]# ip addr show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.61/24 scope global ens37 valid_lft forever preferred_lft forever inet 1.1.10.100/8 scope global ens37:0 valid_lft forever preferred_lft forever inet 192.168.10.62/24 scope global secondary ens37 valid_lft forever preferred_lft forever [root@wohaoshuai1 ~]# ip addr flush dev ens37 [root@wohaoshuai1 ~]# ip addr show ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff
d、ip route
(1)、ip route add:添加路由
(2)、ip route change:修改路由
(3)、ip route replace:替换路由,有老的路由就替换掉,没有老的路由就添加进去
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
#via字段是指经由的意思
1)、我们来添加一个网络路由:到192.168.0.0/24这个网络的数据包下一跳要经过10.0.10.2(这个IP要和网卡的某个IP在同一地址段中),要经过的网卡是ens37
[root@wohaoshuai1 ~]# ip addr list ens37 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 10.0.10.100/8 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.20.100/8 scope global secondary ens37 valid_lft forever preferred_lft forever [root@wohaoshuai1 ~]# ip route add 192.168.0.0/24 via 10.0.10.2 dev ens37 [root@wohaoshuai1 ~]# ip route show default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100
2)、我们再添加一条路由,这次我们指定src为ens37上的第二地址,即我们包的源IP地址为ens37上的第二地址
[root@wohaoshuai1 ~]# ip route add 192.168.1.0/24 via 10.0.0.1 dev ens37 src 10.0.20.100 [root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.1.0/24 via 10.0.0.1 dev ens37 src 10.0.20.100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100
此时我们可以看到这条路由条目中就有了src(源IP地址)为我们指定的10.0.20.100了。如果我们不加src参数,数据报文出去的时候默认就是带着我们ens37的第一地址10.0.10.100,也就是出去的源IP地址为10.0.10.100
3)、现在我们来添加一个默认网关:默认出去的网络下一跳跳到192.168.10.2这个地址上(注意主机上要有和这个网络在同一网段的地址),并且从网卡ens33出去
[root@wohaoshuai1 ~]# ip route add default via 192.168.10.2 dev ens33 [root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.1.0/24 via 10.0.0.1 dev ens37 src 10.0.20.100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100
(4)、ip route delete:删除路由
ip route del TYPE PRIFIX
1)、现在我们来删除一条路由
[root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.1.0/24 via 10.0.0.1 dev ens37 src 10.0.20.100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 [root@wohaoshuai1 ~]# ip route delete 192.168.1.0/24 [root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100
(5)、ip route show/list:显示路由
(6)、ip route flush:清空路由表
TYPE PRIFIX
我们只需要指定相应的网络地址即可,接下来我们来删除一条路由(注意,本机上的路由是没法删掉的)
[root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 [root@wohaoshuai1 ~]# ip route flush 192.168/24 [root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100
(7)、ip route get :获取一个路由信息
ip route get TYPE PRIFIX
[root@wohaoshuai1 ~]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 10.0.0.0/8 dev ens37 proto kernel scope link src 10.0.10.100 192.168.0.0/24 via 10.0.10.2 dev ens37 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 [root@wohaoshuai1 ~]# ip route get 192.168.10.0/24 broadcast 192.168.10.0 dev ens33 src 192.168.10.41 cache <local,brd> [root@wohaoshuai1 ~]# ip route get 192.168.0.0/24 192.168.0.0 via 10.0.10.2 dev ens37 src 10.0.10.100 cache [root@wohaoshuai1 ~]# ip route get 10.0.0.0/8 broadcast 10.0.0.0 dev ens37 src 10.0.10.100 cache <local,brd> [root@wohaoshuai1 ~]# ip add list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:f6 brd ff:ff:ff:ff:ff:ff inet 192.168.10.41/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2af8:1ecb:eb2c:861f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 10.0.10.100/8 scope global ens37 valid_lft forever preferred_lft forever inet 10.0.20.100/8 scope global secondary ens37 valid_lft forever preferred_lft forever
2、ss命令
a、命令
ss [options] [ FILTER ]
(1)选项:
-t:TCP协议相关的连接
-u:UDP相关的连接
-w:raw socket(裸套接字)相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
(2)TCP的常见状态
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_EAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
(3)、FILTER := [ state STATE-FILTER ] [ EXPRESSION ]中的EXPRESSION
EXPRESSION:
dport= 源端口
sport=
示例:’( dport = :22 or sport = :22 )‘
[root@wohaoshuai1 ~]# ss -ant state ESTABLISHED Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.10.41:22 192.168.10.1:49940
[root@wohaoshuai1 ~]# ss -ant state ESTABLISHED '( dport = :22 or sport = :22 )' Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 192.168.10.41:22 192.168.10.1:49940
二、通过修改配置文件配置网络属性
1、配置文件为 /etc/sysconfig/network-scripts/ifcfg-IFACE,IP/NETMASK/GW/DNS等属性的配置文件都在此文件中配置
2、路由相关的配置文件为/etc/sysconfig/network
3、配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通过大量参数来定义接口的属性,其可通过vim等文本编辑器直接修改,也可以使用专用的命令进行修改(CentOS6:system-config-network[setup],CentOS7:nmtui)
4、ifcfg-IFACE配置文件参数
a、相应参数(CentOS7)
DEVICE:此配置文件对应的设备的名称,此设备名称必须要和文件名ifcfg-IFACE中的IFACE保持一致。
ONBOOT:在系统引导过程中是否激活此接口
UUID:此设备的唯一标识
IPV6INIT:是否初始化IPV6协议栈
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp,bootp,static,none
TYPE:接口类型,常见的有ethernet,Bridge
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向
DOMAIN:DNS搜索域;
IPADDR:IP地址
NETMASK:子网掩码;CentOS7支持使用PREFIX以长度方式指明子网掩码
GATEWAY:默认网关
USERCTL:是否允许普通用户控制此设备
PEERDNS:如果BOOTPROTO的值为dhcp,是否允许dhcp server分配的dns服务器指向覆盖本地手动指定的DNS服务器指向,默认为YES,即允许
HWADDR:设备的MAC地址,如果给的话一定是复制的网卡的MAC,或者直接删掉该选项
NM_CONTROLLED:对CentOS来讲很有用,表示是否使用NetworkManager服务来控制接口。我们操作系统开机以后为什么会读取这个配置文件来配置网络接口相关属性之类呢?是因为我们主机开机时有一个服务程序会读取这个配置文件并通过这个配置文件中加载各种参数的值然后用命令把他配置到接口上,所以在内核才能生效。此网络服务对CentOS6来讲有两个,一个叫做network,另一个叫做NetworkManager,对CentOS6来讲NetworkManager还处于不够完善阶段,因此我们建议都使用network,并且我们做集群或者虚拟化的桥接接口时我们都只能使用network,第二种都不支持。因此此选项选择yes的话很多网络的高级功能都不支持了,因此我们一般都设置为no,并且禁掉NetworkManager这个服务即可。
b、配置文件修改之后,需要重启网络服务
CentOS6:service network restart
CentOS7: systemctl restart network.service
5、网络服务
a、网络服务名称
network
NetworkManager
b、管理网络服务
(1)、CentOS 6: service SERVICE {start|stop|restart|status}
(2)、CentOS 7:systemctl {start|stop|restart|status} SERVICE{.service}
6、用到非默认网关路由,我们想永久有效可用编辑:/etc/sysconfig/network-scripts/route-IFACE支持两种配置方式,但是不可混用
a、每行一个路由条目:
TARGET via GW
[root@wohaoshuai1 /]# cat /etc/sysconfig/network-scripts/route-ens33 10.0.0.0/24 via 192.168.10.2 192.168.20.0/24 via 192.168.10.2 [root@wohaoshuai1 /]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 default via 192.168.10.2 dev ens37 proto static metric 101 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 192.168.10.0/24 dev ens37 proto kernel scope link src 192.168.10.51 metric 101 [root@wohaoshuai1 /]# systemctl restart network [root@wohaoshuai1 /]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 default via 192.168.10.2 dev ens37 proto static metric 101 10.0.0.0/24 via 192.168.10.2 dev ens33 proto static metric 100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 192.168.10.0/24 dev ens37 proto kernel scope link src 192.168.10.51 metric 101 192.168.20.0/24 via 192.168.10.2 dev ens33 proto static metric 100
b、每三行一个路由条目
ADDRESS#=TARGET
NETMASK#=MASK
GATEWAY#=NEXTHOP
[root@wohaoshuai1 network-scripts]# vim route-ens33 [root@wohaoshuai1 network-scripts]# systemctl restart network [root@wohaoshuai1 network-scripts]# ip route list default via 192.168.10.2 dev ens33 proto static metric 100 default via 192.168.10.2 dev ens37 proto static metric 101 20.0.0.0/8 via 192.168.10.2 dev ens33 proto static metric 100 30.0.0.0/8 via 192.168.10.2 dev ens33 proto static metric 100 192.168.10.0/24 dev ens33 proto kernel scope link src 192.168.10.41 metric 100 192.168.10.0/24 dev ens37 proto kernel scope link src 192.168.10.51 metric 101 [root@wohaoshuai1 network-scripts]# cat /etc/sysconfig/network-scripts/route-ens33 ADDRESS0=20.0.0.0 #0表示第0组 NETMASK0=255.0.0.0 GATEWAY0=192.168.10.2 ADDRESS1=30.0.0.0 #1表示第一组 NETMASK1=255.0.0.0 GATEWAY1=192.168.10.2
7、给接口配置多个地址
a、ip addr命令
b、ifconfig命令(配置后重启network服务就没了)
ifconfig IFACE_LABEL IPADDR/NETMASK
IFACE_LABEL:eth0:0,eth0:1
[root@wohaoshuai1 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:f6 brd ff:ff:ff:ff:ff:ff inet 192.168.10.41/24 brd 192.168.10.255 scope global noprefixroute ens33 valid_lft forever preferred_lft forever inet6 fe80::2af8:1ecb:eb2c:861f/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:76:9f:00 brd ff:ff:ff:ff:ff:ff inet 192.168.10.51/24 brd 192.168.10.255 scope global noprefixroute ens37 valid_lft forever preferred_lft forever inet6 fe80::6385:1e32:23c6:6257/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@wohaoshuai1 /]# ifconfig ens37:0 192.168.10.52/24 [root@wohaoshuai1 /]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.41 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::2af8:1ecb:eb2c:861f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:76:9f:f6 txqueuelen 1000 (Ethernet) RX packets 3897 bytes 393994 (384.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2553 bytes 760771 (742.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.51 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::6385:1e32:23c6:6257 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 14 bytes 840 (840.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 704 bytes 120788 (117.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.52 netmask 255.255.255.0 broadcast 192.168.10.255 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 508 bytes 41388 (40.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 508 bytes 41388 (40.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
c、配置文件
DEVICE=IFACE_LABEL
BOOTPROTO:网卡别名不支持动态获取地址,因此只能为static或者none
[root@wohaoshuai1 /]# cat /etc/sysconfig/network-scripts/ifcfg-ens37:0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens37:0 DEVICE=ens37:0 ONBOOT=yes IPADDR=192.168.10.52 NETMASK=255.255.255.0 GATEWAY=192.168.10.2 DNS1=114.114.114.114 [root@wohaoshuai1 /]# systemctl restart network [root@wohaoshuai1 /]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.41 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::2af8:1ecb:eb2c:861f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:76:9f:f6 txqueuelen 1000 (Ethernet) RX packets 4273 bytes 425230 (415.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2782 bytes 806973 (788.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.51 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::6385:1e32:23c6:6257 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) RX packets 17 bytes 1020 (1020.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 715 bytes 121598 (118.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.52 netmask 255.255.255.0 broadcast 192.168.10.255 ether 00:0c:29:76:9f:00 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 586 bytes 49482 (48.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 586 bytes 49482 (48.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
8、nmcli命令
nmcli [OPTIONS...] OBJECT {COMMAND | help}
a、device - show and manage network interfaces
COMMAND := {status | show | connect | disconnect | delete | wifi | winax}
(1)、查看设备信息
[root@wohaoshuai1 ~]# nmcli device show
[root@wohaoshuai1 ~]# nmcli device show GENERAL.DEVICE: ens33 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:76:9F:F6 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens33 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.10.41/24 IP4.GATEWAY: 192.168.10.2 IP4.ROUTE[1]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.10.2, mt = 100 IP4.ROUTE[3]: dst = 20.0.0.0/8, nh = 192.168.10.2, mt = 100 IP4.ROUTE[4]: dst = 30.0.0.0/8, nh = 192.168.10.2, mt = 100 IP4.DNS[1]: 114.114.114.114 IP6.ADDRESS[1]: fe80::2af8:1ecb:eb2c:861f/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 100 GENERAL.DEVICE: ens37 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:76:9F:00 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens37 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/4 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.10.51/24 IP4.ADDRESS[2]: 192.168.10.52/24 IP4.GATEWAY: 192.168.10.2 IP4.ROUTE[1]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 101 IP4.ROUTE[2]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 101 IP4.ROUTE[3]: dst = 0.0.0.0/0, nh = 192.168.10.2, mt = 101 IP4.DNS[1]: 114.114.114.114 IP6.ADDRESS[1]: fe80::6385:1e32:23c6:6257/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 101 GENERAL.DEVICE: lo GENERAL.TYPE: loopback GENERAL.HWADDR: 00:00:00:00:00:00 GENERAL.MTU: 65536 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- IP4.ADDRESS[1]: 127.0.0.1/8 IP4.GATEWAY: -- IP6.ADDRESS[1]: ::1/128 IP6.GATEWAY: --
(2)、查看设备状态
[root@wohaoshuai1 ~]# nmcli device status
DEVICE TYPE STATE CONNECTION
ens33 ethernet connected ens33
ens37 ethernet connected ens37
lo loopback unmanaged --
(3)、从状态可以看出ens33和ens37都是启用的,现在我们来禁用或启用ens37
[root@wohaoshuai1 ~]# nmcli device disconnect ens37 Device 'ens37' successfully disconnected. [root@wohaoshuai1 ~]# nmcli device status DEVICE TYPE STATE CONNECTION ens33 ethernet connected ens33 ens37 ethernet disconnected -- lo loopback unmanaged -- [root@wohaoshuai1 ~]# nmcli device connect ens37 Device 'ens37' successfully activated with '4a5516a4-dfa4-24af-b1c4-e843e312e2fd'. [root@wohaoshuai1 ~]# nmcli device status DEVICE TYPE STATE CONNECTION ens33 ethernet connected ens33 ens37 ethernet connected ens37 lo loopback unmanaged --
b、conntion
(1)、查看接口信息
[root@wohaoshuai1 ~]# nmcli connection show NAME UUID TYPE DEVICE ens33 344cff30-6811-4c0a-9b89-b4b14937a350 ethernet ens33 ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet ens37
(2)、我们来禁用一个接口
[root@wohaoshuai1 ~]# nmcli connection down ens37 Connection 'ens37' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3) [root@wohaoshuai1 ~]# nmcli connection show NAME UUID TYPE DEVICE ens33 344cff30-6811-4c0a-9b89-b4b14937a350 ethernet ens33 ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet --
(3)、我们现在来给某个网卡设置一个地址
[root@wohaoshuai1 ~]# nmcli connection down ens37 Connection 'ens37' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4) [root@wohaoshuai1 ~]# nmcli connection show NAME UUID TYPE DEVICE ens33 344cff30-6811-4c0a-9b89-b4b14937a350 ethernet ens33 ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet -- [root@wohaoshuai1 ~]# nmcli connection modify ens37 +ipv4.address 192.168.10.53 [root@wohaoshuai1 ~]# nmcli connection up ens37 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) [root@wohaoshuai1 ~]# nmcli device show ens37 GENERAL.DEVICE: ens37 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:76:9F:00 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens37 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/6 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.10.51/24 IP4.ADDRESS[2]: 192.168.10.53/32 IP4.ADDRESS[3]: 192.168.10.52/24 IP4.GATEWAY: 192.168.10.2 IP4.ROUTE[1]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 101 IP4.ROUTE[2]: dst = 192.168.10.53/32, nh = 0.0.0.0, mt = 101 IP4.ROUTE[3]: dst = 192.168.10.0/24, nh = 0.0.0.0, mt = 101 IP4.ROUTE[4]: dst = 0.0.0.0/0, nh = 192.168.10.2, mt = 101 IP4.DNS[1]: 114.114.114.114 IP6.ADDRESS[1]: fe80::6385:1e32:23c6:6257/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[3]: dst = fe80::/64, nh = ::, mt = 101
c、ethtool
