Linux网络基本配置
Linux网络基本配置
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.基本网络配置概述
将Linux主机接入到网络,需要配置网络相关设置。一般包括如下内容: 主机名 IP/netmask 路由:默认网关 DNS服务器 主DNS服务器 次DNS服务器 第三DNS服务器
1>.Linux操作戏他中DNS解析次序
[root@node101.yinzhengjie.org.cn ~]# grep hosts /etc/nsswitch.conf | grep -v ^# hosts: files dns myhostname [root@node101.yinzhengjie.org.cn ~]#
温馨提示:
files:
指定的是本地文件"/etc/hosts"。
dns:
指的是网络上的DNS服务器,一般情况会直接配置在网卡或是"/etc/resolv.conf"文件中。一般DNS会配置多个,以防DNS损坏故障。
myhostname:
顾名思义,如果上面2个都解析不了就用本地主机名来进行解析,最简单的办法就是使用网络层ICMP协议来ping当前主机名,你会发现尽管没有在"/etc/hosts"和DNS中有响应的解析,但的确会ping通,而且ping通的地址解析往往为当前主机IP地址。
2>.修改主机名
[root@node101.yinzhengjie.org.cn ~]# hostnamectl status #显示当前主机状态 Static hostname: node101.yinzhengjie.org.cn Icon name: computer-vm Chassis: vm Machine ID: 9ccdf621e5984f3b8626614f6fa15a48 Boot ID: c8b891684b394b2b88b9f06b91658368 Virtualization: kvm Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-957.el7.x86_64 Architecture: x86-64 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/hostname node101.yinzhengjie.org.cn [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# hostname node101.yinzhengjie.org.cn [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# hostnamectl set-hostname centos7.yinzhengjie.org.cn #改命令可以同时修改主机名和配置文件。 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# hostname centos7.yinzhengjie.org.cn [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/hostname centos7.yinzhengjie.org.cn [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# exec bash #当然我们得重新启用一个bash才能让主机名修改立即生效,或者退出当前终端重新登录也可以生效。 [root@centos7.yinzhengjie.org.cn ~]#
3>.CentOS 6.x 操作系统建议修改主机名后顺手添加本地解析文件,而CentOS 7.x则不用
[root@centos7.yinzhengjie.org.cn ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.30.1.101 node101.yinzhengjie.org.cn 172.30.1.102 node102.yinzhengjie.org.cn 172.30.1.103 node103.yinzhengjie.org.cn 172.30.1.104 node104.yinzhengjie.org.cn 172.30.1.105 node105.yinzhengjie.org.cn 172.30.1.106 node106.yinzhengjie.org.cn 172.30.1.107 node107.yinzhengjie.org.cn 172.30.1.108 node108.yinzhengjie.org.cn [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# vim /etc/hosts [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# cat /etc/hosts #在CentOS6.x版本的操作系统建议修改主机名后将对应的主机名加入"hosts"解析文件中。否则可能造成无法解析的情况。 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 centos7.yinzhengjie.org.cn ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.30.1.101 node101.yinzhengjie.org.cn 172.30.1.102 node102.yinzhengjie.org.cn 172.30.1.103 node103.yinzhengjie.org.cn 172.30.1.104 node104.yinzhengjie.org.cn 172.30.1.105 node105.yinzhengjie.org.cn 172.30.1.106 node106.yinzhengjie.org.cn 172.30.1.107 node107.yinzhengjie.org.cn 172.30.1.108 node108.yinzhengjie.org.cn [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>.CentOS 6.x 操作系统网卡名称修改
接口命名方式:CentOS 6 以太网:eth[0,1,2,...] ppp:ppp[0,1,2,...]
网络接口识别并命名相关的udev配置文件: /etc/udev/rules.d/70-persistent-net.rules
查看网卡: dmesg |grep –i eth ethtool -i eth0
卸载网卡驱动: modprobe -r e1000 rmmod e1000
装载网卡驱动: modprobe e1000
5>.网络配置概述
静态指定: ifconfig, route, netstat ip: object {link, addr, route}, ss, tc system-config-network-tui,setup 配置文件 动态分配: DHCP: Dynamic Host Configuration Protocol
二.ifconfig命令(配置网络接口)
1>.查看已经激活(启用)的网卡信息
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8321 bytes 11879353 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 968 bytes 63244 (61.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6433 bytes 533633 (521.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4271 bytes 492909 (481.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]#
2>.禁用(停用)指定网卡
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8321 bytes 11879353 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 968 bytes 63244 (61.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6433 bytes 533633 (521.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4271 bytes 492909 (481.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3 down [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6482 bytes 537613 (525.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4302 bytes 497507 (485.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
3>.查看所有网卡信息
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6520 bytes 540735 (528.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4325 bytes 501073 (489.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig -a enp0s3: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8321 bytes 11879353 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 968 bytes 63244 (61.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6531 bytes 541625 (528.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4332 bytes 502743 (490.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>. 启用(激活)指定网卡
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6560 bytes 543977 (531.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4351 bytes 506015 (494.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig -a enp0s3: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8321 bytes 11879353 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 968 bytes 63244 (61.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6572 bytes 544927 (532.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4359 bytes 507745 (495.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3 up [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8322 bytes 11879943 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 969 bytes 63586 (62.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6604 bytes 547537 (534.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4378 bytes 511153 (499.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]#
5>.临时修改IP地址(立即生效,只在内存中修改不修改配置文件)
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 8323 bytes 11880533 (11.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 970 bytes 63928 (62.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 6770 bytes 561169 (548.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4482 bytes 526365 (514.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 36 bytes 3024 (2.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 3024 (2.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s8 192.168.30.100/24 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 1 bytes 590 (590.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1 bytes 342 (342.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.30.100 netmask 255.255.255.0 broadcast 192.168.30.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 83 bytes 8097 (7.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 59 bytes 10173 (9.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]#
6>.配置物理网卡子接口地址
[root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 1 bytes 590 (590.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1 bytes 342 (342.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 54 bytes 5621 (5.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 44 bytes 7299 (7.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s8:1 192.168.30.100/24 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 1 bytes 590 (590.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1 bytes 342 (342.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 131 bytes 11989 (11.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 86 bytes 13225 (12.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s8:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.30.100 netmask 255.255.255.0 broadcast 192.168.30.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]#
7>.显示接口统计数据
[root@centos7.yinzhengjie.org.cn ~]# ifconfig -s enp0s8 Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg enp0s8 1500 11910 0 0 0 17310 0 0 0 BMRU [root@centos7.yinzhengjie.org.cn ~]#
三.route命令(管理路由表)
1>.查看路由表
[root@centos7.yinzhengjie.org.cn ~]# route #我们发现不加选项描述会有文字的转换 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default localhost 0.0.0.0 UG 100 0 0 enp0s3 default localhost 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n #添加"-n"选项后会以数字方式显示 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
2>.添加主机路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route add -host 1.1.1.1 gw 172.30.1.100 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 1.1.1.1 172.30.1.100 255.255.255.255 UGH 0 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
3>.删除主机路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 1.1.1.1 172.30.1.100 255.255.255.255 UGH 0 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route del -host 1.1.1.1 gw 172.30.1.100 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>.添加网络路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route add -net 192.168.32.0/24 gw 172.30.1.200 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 192.168.32.0 172.30.1.200 255.255.255.0 UG 0 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
5>.删除网络路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 192.168.32.0 172.30.1.200 255.255.255.0 UG 0 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route del -net 192.168.32.0/24 gw 172.30.1.200 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
6>.添加默认路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route add default gw 172.30.1.200 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.200 0.0.0.0 UG 0 0 0 enp0s8 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route add default gw 172.30.1.200 metric 200 #添加默认路由并指定metric,该值越小路由的优先级越高,相反,该值越大则路由的优先级越小。 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 0.0.0.0 172.30.1.200 0.0.0.0 UG 200 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
7>.删除默认路由
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.200 0.0.0.0 UG 0 0 0 enp0s8 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route del default gw 172.30.1.200 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
8>.若想要将Linux作为路由器,需要开启路由功能
出于安全考虑,Linux系统默认是禁止数据包转发的。所谓转发即当主机拥有多于一块的网卡时,其中一块收到数据包,根据数据包的目的ip地址将包发往本机另一网卡,该网卡根据路由表继续发送数据包。这通常就是路由器所要实现的功能。 将命令echo "1" > /proc/sys/net/ipv4/ip_forward 写入脚本/etc/rc.d/rc.local 或者 在/etc/sysconfig/network脚本中添加 FORWARD_IPV4="YES"就可以让操作系统开机就自动开启路由转发功能。
[root@centos7.yinzhengjie.org.cn ~]# cat /proc/sys/net/ipv4/ip_forward 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@centos7.yinzhengjie.org.cn ~]#
9>.跟踪路由过程的相关命令
[root@centos7.yinzhengjie.org.cn ~]# traceroute www.baidu.com #查看经过的路由
[root@centos7.yinzhengjie.org.cn ~]# mtr www.baidu.com #也是查看经过的路由,还可以查看丢包情况。
10>.网络抓包常用到的命令
[root@centos7.yinzhengjie.org.cn ~]# tcpdump -i eth0 -e -nn -s0 #抓包并显示MAC地址。
[root@centos7.yinzhengjie.org.cn ~]# tcpdump -i eth0 -nn icmp #只抓取ICMP协议。
11>.配置动态路由
通过守护进程获取动态路由
安装quagga包
支持多种路由协议:RIP、OSPF和BGP
执行命令vtysh配置(会进入一个思科命令行的模式,感兴趣的小伙伴可以尝试一下~前提是你得对思科设备配置熟悉哟~)
[root@centos7.yinzhengjie.org.cn ~]# yum info quagga Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.tuna.tsinghua.edu.cn * updates: mirrors.tuna.tsinghua.edu.cn Available Packages Name : quagga Arch : i686 Version : 0.99.22.4 Release : 5.el7_4 Size : 1.2 M Repo : base/7/x86_64 Summary : Routing daemon URL : http://www.quagga.net License : GPLv2+ Description : Quagga is free software that operates TCP/IP-based routing protocols. It takes : a multi-server and multi-threaded approach to resolving the current complexity : of the Internet. : : Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, : OSPFv3, RIPv1, RIPv2, and RIPng. : : Quagga is intended to be used as a Route Server and a Route Reflector. It is : not a toolkit; it provides full routing power under a new architecture. : Quagga by design has a process for each protocol. : : Quagga is a fork of GNU Zebra. Name : quagga Arch : x86_64 Version : 0.99.22.4 Release : 5.el7_4 Size : 1.2 M Repo : base/7/x86_64 Summary : Routing daemon URL : http://www.quagga.net License : GPLv2+ Description : Quagga is free software that operates TCP/IP-based routing protocols. It takes : a multi-server and multi-threaded approach to resolving the current complexity : of the Internet. : : Quagga supports Babel, BGP4, BGP4+, BGP4-, IS-IS (experimental), OSPFv2, : OSPFv3, RIPv1, RIPv2, and RIPng. : : Quagga is intended to be used as a Route Server and a Route Reflector. It is : not a toolkit; it provides full routing power under a new architecture. : Quagga by design has a process for each protocol. : : Quagga is a fork of GNU Zebra. [root@centos7.yinzhengjie.org.cn ~]#
四.netstat命令
1>.查看当前正处于TCP协议连接状态 (ESTABLISHED)
[root@centos7.yinzhengjie.org.cn ~]# netstat -nt Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 172.30.1.101:22 172.30.1.254:50899 ESTABLISHED tcp 0 52 172.30.1.101:22 172.30.1.254:50728 ESTABLISHED [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
2>.查看TCP协议及监听状态 (LISTEN)
[root@centos7.yinzhengjie.org.cn ~]# netstat -ntl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::3306 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN [root@centos7.yinzhengjie.org.cn ~]#
3>.查看包含UDP的状态
[root@centos7.yinzhengjie.org.cn ~]# netstat -ntlu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::3306 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>.查看所有的状态
[root@centos7.yinzhengjie.org.cn ~]# netstat -ntlua Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 172.30.1.101:22 172.30.1.254:50899 ESTABLISHED tcp 0 52 172.30.1.101:22 172.30.1.254:50728 ESTABLISHED tcp6 0 0 :::3306 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* [root@centos7.yinzhengjie.org.cn ~]#
5>.对当前服务器的各种连接状态进行统计排名
[root@centos7.yinzhengjie.org.cn ~]# netstat -ntlua | sed -nr '/^tcp/s/.* ([^ ]+) ?/\1/p' | sort | uniq -c 2 ESTABLISHED 3 LISTEN [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ss -nta | sed -nr '1!s/([^ ]+).*/\1/p' | sort | uniq -c 2 ESTAB 3 LISTEN [root@centos7.yinzhengjie.org.cn ~]#
6>.显示路由表
[root@centos7.yinzhengjie.org.cn ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 0 0 0 enp0s8 0.0.0.0 172.30.1.200 0.0.0.0 UG 0 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 0.0.0.0 172.30.1.200 0.0.0.0 UG 200 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]#
7>.显示接口统计数据
[root@centos7.yinzhengjie.org.cn ~]# netstat -i Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg enp0s3 1500 2820 0 0 0 1226 0 0 0 BMRU enp0s8 1500 4356 0 0 0 2865 0 0 0 BMRU lo 65536 6 0 0 0 6 0 0 0 LRU [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# netstat -Ienp0s8 Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg enp0s8 1500 7616 0 0 0 8961 0 0 0 BMRU [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ping -f 172.30.1.101 -s 65507 PING 172.30.1.101 (172.30.1.101) 65507(65535) bytes of data. .^ --- 172.30.1.101 ping statistics --- 1149925 packets transmitted, 1149925 received, 0% packet loss, time 58825ms rtt min/avg/max/mdev = 0.011/0.012/13.692/0.029 ms, pipe 2, ipg/ewma 0.051/0.012 ms [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# netstat -I=enp0s8 Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg enp0s8 1500 11947 0 0 0 17332 0 0 0 BMRU [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
8>.更多选项可查看帮助信息或者man帮助
[root@centos7.yinzhengjie.org.cn ~]# netstat --help usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help} netstat [-vWnNcaeol] [<Socket> ...] netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay] -r, --route display routing table -I, --interfaces=<Iface> display interface table for <Iface> -i, --interfaces display interface table -g, --groups display multicast group memberships -s, --statistics display networking statistics (like SNMP) -M, --masquerade display masqueraded connections -v, --verbose be verbose -W, --wide don't truncate IP addresses -n, --numeric don't resolve names --numeric-hosts don't resolve host names --numeric-ports don't resolve port names --numeric-users don't resolve user names -N, --symbolic resolve hardware names -e, --extend display other/more information -p, --programs display PID/Program name for sockets -o, --timers display timers -c, --continuous continuous listing -l, --listening display listening server sockets -a, --all display all sockets (default: connected) -F, --fib display Forwarding Information Base (default) -C, --cache display routing cache instead of FIB -Z, --context display SELinux security context for sockets <Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet List of possible address families (which support routing): inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) x25 (CCITT X.25) [root@centos7.yinzhengjie.org.cn ~]#
五.ip命令
1>.查看帮助信息
[root@centos7.yinzhengjie.org.cn ~]# ip --help Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | vrf } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]} [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# man ip IP(8) Linux IP(8) NAME ip - show / manipulate routing, devices, policy routing and tunnels SYNOPSIS ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filename OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddress | mroute | mrule | moni‐ tor | xfrm | netns | l2tp | tcp_metrics | token | macsec } OPTIONS := { -V[ersion] | -h[uman-readable] | -s[tatistics] | -d[etails] | -r[esolve] | -iec | -f[amily] { inet | inet6 | ipx | dnet | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -rc[vbuf] [size] | -t[imestamp] | -ts[hort] | -n[etns] name | -a[ll] | -c[olor] } OPTIONS -V, -Version Print the version of the ip utility and exit. -h, -human, -human-readable output statistics with human readable values followed by suffix. -b, -batch <FILENAME> Read commands from provided file or standard input and invoke them. First failure will cause termination of ip. -force Don't terminate ip on errors in batch mode. If there were any errors during execution of the commands, the applica‐ tion return code will be non zero. -s, -stats, -statistics Output more information. If the option appears twice or more, the amount of information increases. As a rule, the information is statistics or some time values. -d, -details Output more detailed information. -l, -loops <COUNT> Specify maximum number of loops the 'ip address flush' logic will attempt before giving up. The default is 10. Zero (0) means loop until all addresses are removed. -f, -family <FAMILY> Specifies the protocol family to use. The protocol family identifier can be one of inet, inet6, bridge, ipx, dnet, mpls or link. If this option is not present, the protocol family is guessed from other arguments. If the rest of the command line does not give enough information to guess the family, ip falls back to the default one, usually inet or any. link is a special family identifier meaning that no networking protocol is involved. -4 shortcut for -family inet. -6 shortcut for -family inet6. -B shortcut for -family bridge. -D shortcut for -family decnet. -I shortcut for -family ipx. -M shortcut for -family mpls. -0 shortcut for -family link. -o, -oneline output each record on a single line, replacing line feeds with the '\' character. This is convenient when you want to count records with wc(1) or to grep(1) the output. -r, -resolve use the system's name resolver to print DNS names instead of host addresses. -n, -netns <NETNS> switches ip to the specified network namespace NETNS. Actually it just simplifies executing of: ip netns exec NETNS ip [ OPTIONS ] OBJECT { COMMAND | help } to ip -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help } -a, -all executes specified command over all objects, it depends if command supports this option. -c, -color Use color output. -t, -timestamp display current time when using monitor option. -ts, -tshort Like -timestamp, but use shorter format. -rc, -rcvbuf<SIZE> Set the netlink socket receive buffer size, defaults to 1MB. -iec print human readable rates in IEC units (e.g. 1Ki = 1024). IP - COMMAND SYNTAX OBJECT address - protocol (IP or IPv6) address on a device. addrlabel - label configuration for protocol address selection. l2tp - tunnel ethernet over IP (L2TPv3). link - network device. maddress - multicast address. monitor - watch for netlink messages. mroute - multicast routing cache entry. mrule - rule in multicast routing policy database. neighbour - manage ARP or NDISC cache entries. netns - manage network namespaces. ntable - manage the neighbor cache's operation. route - routing table entry. rule - rule in routing policy database. tcp_metrics/tcpmetrics - manage TCP Metrics token - manage tokenized interface identifiers. tunnel - tunnel over IP. tuntap - manage TUN/TAP devices. xfrm - manage IPSec policies. The names of all objects may be written in full or abbreviated form, for example address can be abbreviated as addr or just a. COMMAND Specifies the action to perform on the object. The set of possible actions depends on the object type. As a rule, it is possible to add, delete and show (or list ) objects, but some objects do not allow all of these operations or have some additional commands. The help command is available for all objects. It prints out a list of available commands and argument syntax conventions. If no command is given, some default command is assumed. Usually it is list or, if the objects of this class cannot be listed, help. EXIT STATUS Exit status is 0 if command was successful, and 1 if there is a syntax error. If an error was reported by the kernel exit status is 2. EXAMPLES ip addr Shows addresses assigned to all network interfaces. ip neigh Shows the current neighbour table in kernel. ip link set x up Bring up interface x. ip link set x down Bring down interface x. ip route Show table routes. HISTORY ip was written by Alexey N. Kuznetsov and added in Linux 2.2. SEE ALSO ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip- netns(8), ip-ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-token(8), ip-tunnel(8), ip-xfrm(8) IP Command reference ip-cref.ps REPORTING BUGS Report any bugs to the Network Developers mailing list <netdev@vger.kernel.org> where the development and maintenance is primarily done. You do not have to be subscribed to the list to send a message there. AUTHOR Original Manpage by Michail Litvak <mci@owl.openwall.com> iproute2 20 Dec 2011 IP(8)
2>.ip link(数据链路层)常用配置
[root@centos7.yinzhengjie.org.cn ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip link set enp0s3 down [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip link set enp0s3 up [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
3>.ip addr(网络层)常用配置
[root@centos7.yinzhengjie.org.cn ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 86095sec preferred_lft 86095sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 86055sec preferred_lft 86055sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 86055sec preferred_lft 86055sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr add 1.1.1.1/24 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85999sec preferred_lft 85999sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever inet 1.1.1.1/24 scope global enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n #会自动生成路由信息哟 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 0.0.0.0 10.0.2.2 0.0.0.0 UG 102 0 0 enp0s3 0.0.0.0 172.30.1.200 0.0.0.0 UG 200 0 0 enp0s8 1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 102 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 0.0.0.0 10.0.2.2 0.0.0.0 UG 102 0 0 enp0s3 0.0.0.0 172.30.1.200 0.0.0.0 UG 200 0 0 enp0s8 1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 102 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85742sec preferred_lft 85742sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever inet 1.1.1.1/24 scope global enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr del 1.1.1.1/24 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 0.0.0.0 10.0.2.2 0.0.0.0 UG 102 0 0 enp0s3 0.0.0.0 172.30.1.200 0.0.0.0 UG 200 0 0 enp0s8 10.0.2.0 0.0.0.0 255.255.255.0 U 102 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85729sec preferred_lft 85729sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85663sec preferred_lft 85663sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr add 1.1.1.1/24 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr add 1.1.1.2/24 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr add 1.1.1.3/24 dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85647sec preferred_lft 85647sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever inet 1.1.1.1/24 scope global enp0s8 valid_lft forever preferred_lft forever inet 1.1.1.2/24 scope global secondary enp0s8 valid_lft forever preferred_lft forever inet 1.1.1.3/24 scope global secondary enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr flush dev enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 85663sec preferred_lft 85663sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 86135sec preferred_lft 86135sec 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip a add 1.1.1.100/24 dev enp0s3 label enp0s3:2 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e0:bb:66 brd ff:ff:ff:ff:ff:ff inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3 valid_lft 86105sec preferred_lft 86105sec inet 1.1.1.100/24 scope global enp0s3:2 valid_lft forever preferred_lft forever 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:c1:c7:46 brd ff:ff:ff:ff:ff:ff inet 172.30.1.101/24 brd 172.30.1.255 scope global noprefixroute enp0s8 valid_lft forever preferred_lft forever [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) RX packets 1 bytes 590 (590.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1 bytes 342 (342.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp0s3:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 1.1.1.100 netmask 255.255.255.0 broadcast 0.0.0.0 ether 08:00:27:e0:bb:66 txqueuelen 1000 (Ethernet) enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.30.1.101 netmask 255.255.255.0 broadcast 172.30.1.255 ether 08:00:27:c1:c7:46 txqueuelen 1000 (Ethernet) RX packets 239 bytes 21902 (21.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 165 bytes 25238 (24.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>.ip route(路由)常用配置
[root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route add 3.3.3.0/24 via 1.1.1.254 dev enp0s3 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 3.3.3.0/24 via 1.1.1.254 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 3.3.3.0/24 via 1.1.1.254 dev enp0s3 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route del 3.3.3.0/24 via 1.1.1.254 dev enp0s3 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
[root@centos7.yinzhengjie.org.cn ~]# ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 default via 172.30.1.254 dev enp0s8 proto static metric 101 1.1.1.0/24 dev enp0s3 proto kernel scope link src 1.1.1.100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route flush dev enp0s3 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ip route default via 172.30.1.254 dev enp0s8 proto static metric 101 172.30.1.0/24 dev enp0s8 proto kernel scope link src 172.30.1.101 metric 101 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.30.1.254 0.0.0.0 UG 101 0 0 enp0s8 172.30.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp0s8 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
六.ss命令
格式:
ss [OPTION]... [FILTER]
对比netstat和ss命令的工作方式:
netstat通过遍历proc来获取socket信息,ss使用netlink与内核tcp_diag模块通信获取socket信息。
选项: -t: tcp协议相关 -u: udp协议相关 -w: 裸套接字相关 -x:unix sock相关 -l: listen状态的连接 -a: 所有 -n: 数字格式 -p: 相关的程序及PID -e: 扩展的信息 -m:内存用量 -o:计时器信息
1>.显示本地打开的所有端口
[root@centos7.yinzhengjie.org.cn ~]# ss -l Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:NetworkManager/3044 * nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:NetworkManager/3044 * nl UNCONN 768 0 tcpdiag:kernel * nl UNCONN 4352 0 tcpdiag:ss/3828 * nl UNCONN 0 0 xfrm:kernel * nl UNCONN 0 0 selinux:kernel * nl UNCONN 0 0 audit:kernel * nl UNCONN 0 0 audit:auditd/3018 * nl UNCONN 0 0 audit:systemd/1 * nl UNCONN 0 0 fiblookup:kernel * nl UNCONN 0 0 connector:kernel * nl UNCONN 0 0 uevent:-4129 * nl UNCONN 0 0 uevent:NetworkManager/3044 * nl UNCONN 0 0 uevent:-4131 * nl UNCONN 0 0 uevent:tuned/3331 * nl UNCONN 0 0 uevent:systemd-udevd/1660 * nl UNCONN 0 0 uevent:kernel * nl UNCONN 0 0 uevent:-4130 * nl UNCONN 0 0 uevent:-4113 * nl UNCONN 0 0 uevent:systemd-logind/3049 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 uevent:-4132 * nl UNCONN 0 0 uevent:tuned/3331 * nl UNCONN 0 0 uevent:-4132 * nl UNCONN 0 0 uevent:NetworkManager/3044 * nl UNCONN 0 0 uevent:-4131 * nl UNCONN 0 0 uevent:-4130 * nl UNCONN 0 0 uevent:-4129 * nl UNCONN 0 0 uevent:systemd-logind/3049 * nl UNCONN 0 0 uevent:-4113 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 genl:kernel * nl UNCONN 0 0 scsi-trans:kernel * p_raw UNCONN 0 0 *:enp0s3 * p_dgr UNCONN 0 0 arp:enp0s8 * u_str LISTEN 0 10 /var/run/NetworkManager/private-dhcp 25090 * 0 u_seq LISTEN 0 128 /run/udev/control 17414 * 0 u_str LISTEN 0 128 /run/dbus/system_bus_socket 21840 * 0 u_dgr UNCONN 0 0 /run/systemd/notify 1396 * 0 u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 1398 * 0 u_str LISTEN 0 128 /run/systemd/journal/stdout 1415 * 0 u_dgr UNCONN 0 0 /run/systemd/journal/socket 1418 * 0 u_dgr UNCONN 0 0 /dev/log 1420 * 0 u_str LISTEN 0 128 /run/systemd/private 12197 * 0 u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 12213 * 0 u_str LISTEN 0 128 /run/lvm/lvmetad.socket 12238 * 0 u_dgr UNCONN 0 0 /run/systemd/shutdownd 12276 * 0 u_dgr UNCONN 0 0 * 13903 * 1418 u_dgr UNCONN 0 0 * 23809 * 1420 u_dgr UNCONN 0 0 * 14062 * 14061 u_dgr UNCONN 0 0 * 14061 * 14062 u_dgr UNCONN 0 0 * 24094 * 1420 u_dgr UNCONN 0 0 * 23243 * 1420 u_dgr UNCONN 0 0 * 14044 * 1418 u_dgr UNCONN 0 0 * 22002 * 1420 u_dgr UNCONN 0 0 * 16868 * 1396 u_dgr UNCONN 0 0 * 20431 * 1420 u_dgr UNCONN 0 0 * 25854 * 1420 u_dgr UNCONN 0 0 * 22752 * 1420 u_dgr UNCONN 0 0 * 23626 * 1420 u_dgr UNCONN 0 0 * 23676 * 1420 u_dgr UNCONN 0 0 * 22731 * 1418 udp UNCONN 0 0 *:bootpc *:* tcp LISTEN 0 128 *:ssh *:* tcp LISTEN 0 128 :::ssh :::* [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ss -l | wc -l 66 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
2>.显示每个进程具体打开的socket
[root@centos7.yinzhengjie.org.cn ~]# ss -pl Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port nl UNCONN 0 0 rtnl:NetworkManager/3044 * nl UNCONN 0 0 rtnl:kernel * nl UNCONN 0 0 rtnl:NetworkManager/3044 * nl UNCONN 4352 0 tcpdiag:ss/3862 * nl UNCONN 768 0 tcpdiag:kernel * nl UNCONN 0 0 xfrm:kernel * nl UNCONN 0 0 selinux:kernel * nl UNCONN 0 0 audit:kernel * nl UNCONN 0 0 audit:auditd/3018 * nl UNCONN 0 0 audit:systemd/1 * nl UNCONN 0 0 fiblookup:kernel * nl UNCONN 0 0 connector:kernel * nl UNCONN 0 0 uevent:-4129 * nl UNCONN 0 0 uevent:NetworkManager/3044 * nl UNCONN 0 0 uevent:-4131 * nl UNCONN 0 0 uevent:tuned/3331 * nl UNCONN 0 0 uevent:kernel * nl UNCONN 0 0 uevent:-4130 * nl UNCONN 0 0 uevent:-4113 * nl UNCONN 0 0 uevent:systemd-logind/3049 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 uevent:-4132 * nl UNCONN 0 0 uevent:tuned/3331 * nl UNCONN 0 0 uevent:-4132 * nl UNCONN 0 0 uevent:NetworkManager/3044 * nl UNCONN 0 0 uevent:-4131 * nl UNCONN 0 0 uevent:-4130 * nl UNCONN 0 0 uevent:-4129 * nl UNCONN 0 0 uevent:systemd-logind/3049 * nl UNCONN 0 0 uevent:-4113 * nl UNCONN 0 0 uevent:systemd/1 * nl UNCONN 0 0 genl:kernel * nl UNCONN 0 0 scsi-trans:kernel * p_raw UNCONN 0 0 *:enp0s3 * users:(("dhclient",pid=3107,fd=5))p_dgr UNCONN 0 0 arp:enp0s8 * users:(("NetworkManager",pid=3044,fd=19))u_str LISTEN 0 10 /var/run/NetworkManager/private-dhcp 25090 * 0 users:(("NetworkManager",pid=3044,fd=16))u_seq LISTEN 0 128 /run/udev/control 17414 * 0 users:(("systemd-udevd",pid=1660,fd=3),("systemd",pid=1,fd=35))u_str LISTEN 0 128 /run/dbus/system_bus_socket 21840 * 0 users:(("dbus-daemon",pid=3042,fd=3),("systemd",pid=1,fd=37))u_dgr UNCONN 0 0 /run/systemd/notify 1396 * 0 users:(("systemd",pid=1,fd=23))u_dgr UNCONN 0 0 /run/systemd/cgroups-agent 1398 * 0 users:(("systemd",pid=1,fd=24))u_str LISTEN 0 128 /run/systemd/journal/stdout 1415 * 0 users:(("systemd-journal",pid=1635,fd=3),("systemd",pid=1,fd=27))u_dgr UNCONN 0 0 /run/systemd/journal/socket 1418 * 0 users:(("systemd-journal",pid=1635,fd=4),("systemd",pid=1,fd=28))u_dgr UNCONN 0 0 /dev/log 1420 * 0 users:(("systemd-journal",pid=1635,fd=5),("systemd",pid=1,fd=29))u_str LISTEN 0 128 /run/systemd/private 12197 * 0 users:(("systemd",pid=1,fd=12))u_str LISTEN 0 128 /run/lvm/lvmpolld.socket 12213 * 0 users:(("systemd",pid=1,fd=20))u_str LISTEN 0 128 /run/lvm/lvmetad.socket 12238 * 0 users:(("lvmetad",pid=1659,fd=3),("systemd",pid=1,fd=21))u_dgr UNCONN 0 0 /run/systemd/shutdownd 12276 * 0 users:(("systemd",pid=1,fd=26))u_dgr UNCONN 0 0 * 13903 * 1418 users:(("systemd",pid=1,fd=36))u_dgr UNCONN 0 0 * 23809 * 1420 users:(("dhclient",pid=3107,fd=3))u_dgr UNCONN 0 0 * 14062 * 14061 users:(("systemd-udevd",pid=1660,fd=10))u_dgr UNCONN 0 0 * 14061 * 14062 users:(("systemd-udevd",pid=1660,fd=9))u_dgr UNCONN 0 0 * 24094 * 1420 users:(("rsyslogd",pid=3333,fd=4))u_dgr UNCONN 0 0 * 23243 * 1420 users:(("sshd",pid=3629,fd=4))u_dgr UNCONN 0 0 * 14044 * 1418 users:(("systemd-udevd",pid=1660,fd=5))u_dgr UNCONN 0 0 * 22002 * 1420 users:(("polkitd",pid=3041,fd=11))u_dgr UNCONN 0 0 * 16868 * 1396 users:(("systemd-journal",pid=1635,fd=11))u_dgr UNCONN 0 0 * 20431 * 1420 users:(("auditd",pid=3018,fd=8))u_dgr UNCONN 0 0 * 25854 * 1420 users:(("sshd",pid=3772,fd=4))u_dgr UNCONN 0 0 * 22752 * 1420 users:(("NetworkManager",pid=3044,fd=5))u_dgr UNCONN 0 0 * 23626 * 1420 users:(("crond",pid=3051,fd=4))u_dgr UNCONN 0 0 * 23676 * 1420 users:(("dbus-daemon",pid=3042,fd=13))u_dgr UNCONN 0 0 * 22731 * 1418 users:(("systemd-logind",pid=3049,fd=3))udp UNCONN 0 0 *:bootpc *:* users:(("dhclient",pid=3107,fd=6))tcp LISTEN 0 128 *:ssh *:* users:(("sshd",pid=3328,fd=3))tcp LISTEN 0 128 :::ssh :::* users:(("sshd",pid=3328,fd=4))[root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]# ss -pl | wc -l 66 [root@centos7.yinzhengjie.org.cn ~]#
3>.显示所有tcp socket
[root@centos7.yinzhengjie.org.cn ~]# ss -t -a State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:ssh *:* ESTAB 0 52 172.30.1.101:ssh 172.30.1.254:51870 ESTAB 0 0 172.30.1.101:ssh 172.30.1.254:51873 LISTEN 0 128 :::ssh :::* [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
4>.显示所有的UDP Socekt
[root@centos7.yinzhengjie.org.cn ~]# ss -u -a State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:bootpc *:* [root@centos7.yinzhengjie.org.cn ~]#
5>.显示所有已建立的ssh连接
[root@centos7.yinzhengjie.org.cn ~]# ss -o state established '( dport = :ssh or sport = :ssh )' Netid Recv-Q Send-Q Local Address:Port Peer Address:Port tcp 0 52 172.30.1.101:ssh 172.30.1.254:51870 timer:(on,236ms,0)tcp 0 0 172.30.1.101:ssh 172.30.1.254:51873 timer:(keepalive,98min,0)[root@centos7.yinzhengjie.org.cn ~]#
6>.显示所有已建立的HTTP连接(需要安装http相关应用软件并启动运行)
[root@centos7.yinzhengjie.org.cn ~]# ss -o state established '( dport = :http or sport = :http )'
7>.列出当前socket详细信息
[root@centos7.yinzhengjie.org.cn ~]# ss -s Total: 121 (kernel 250) TCP: 4 (estab 2, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0 Transport Total IP IPv6 * 250 - - RAW 0 0 0 UDP 13 13 0 TCP 4 3 1 INET 17 16 1 FRAG 0 0 0 [root@centos7.yinzhengjie.org.cn ~]# [root@centos7.yinzhengjie.org.cn ~]#
七.网络配置文件
1>.IP、MASK、GW、DNS相关配置文件
"/etc/sysconfig/network-scripts/ifcfg-IFACE" 常见配置参数参考如下: DEVICE:此配置文件应用到的设备 HWADDR:对应的设备的MAC地址 BOOTPROTO:激活此设备时使用的地址配置协议,常用的dhcp, static, none, bootp NM_CONTROLLED:NM是NetworkManager的简写,此网卡是否接受NM控制;建议CentOS6为“no” ONBOOT:在系统引导时是否激活此设备 TYPE:接口类型;常见有的Ethernet, Bridge UUID:设备的惟一标识 IPADDR:指明IP地址 NETMASK:子网掩码 GATEWAY: 默认网关 DNS1:第一个DNS服务器指向 DNS2:第二个DNS服务器指向 USERCTL:普通用户是否可控制此设备 PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向信息直接覆盖至/etc/resolv.conf文件中
[root@node101.yinzhengjie.org.cn ~]# cat /usr/share/doc/initscripts-9.49.46/sysconfig.txt | wc -l 1062 [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# more /usr/share/doc/initscripts-9.49.46/sysconfig.txt ======================= Generic options: /etc/sysconfig/* CGROUP_DAEMON= List of control groups that the daemon will be run in. For example, CGROUP_DAEMON="cpu:daemons cpuacct:/" will run it in the daemons group for the CPU controller, and the '/' group for the CPU accounting controller. /etc/sysconfig/authconfig used by authconfig to store information about the system's user information and authentication setup; changes made to this file have no effect until the next time authconfig is run USEHESIOD=no Whether or not the hesiod naming service is in use. If not set, authconfig examines the passwd setting in /etc/nsswitch.conf. USELDAP=no Whether or not LDAP is used as a naming service. If not set, authconfig examines the passwd setting in /etc/nsswitch.conf. USENIS=no Whether or not NIS is in use. If not set, authconfig examines the passwd setting in /etc/nsswitch.conf. USEKERBEROS=no Whether or not Kerberos is in use. If not set, authconfig examines the settings in /etc/pam.d/system-auth. USELDAPAUTH=no Whether or not LDAP is being used for authentication. If not set, authconfig examines the settings in /etc/pam.d/system-auth. Note that this option is separate from USELDAP, and that neither implies the other. USEMD5=no Whether or not MD5-based hashing should be used when setting passwords. If not set, authconfig examines the settings in /etc/pam.d/system-auth. This option affects authentication using both local files and LDAP. USESHADOW=no Whether or not shadow passwords are in use. If not set, authconfig checks for the existence of /etc/shadow. USESMBAUTH=no Whether or not SMB authentication is in use. If not set, authconfig examines the settings in /etc/pam.d/system-auth. /etc/sysconfig/autofsck does not normally exist; if it does, it can influence a choice whether or not to fsck after a crash AUTOFSCK_DEF_CHECK=no If the user does not respond, choose whether or not to fsck AUTOFSCK_SINGLEUSER= If this is set, drop to single user mode before fsck. /etc/sysconfig/clock: Current releases use the third parameter in the /etc/adjtime file (either 'UTC' or 'LOCAL') to determine whether the hwclock is in UTC or localtime. ZONE="filename" indicates the zonefile under /usr/share/zoneinfo that /etc/localtime is a copy of, for example: ZONE="US/Eastern" deprecated values from earlier releases: CLOCKMODE=GMT indicates that the clock is set to UTC CLOCKMODE=ARC on alpha only indicates the ARC console's 42-year time offset is in effect UTC=true,yes Indicates that the hardware clock is set to UTC. UTC=no,false Indicates that the hardware clock is set to Local Time. ARC=true on alpha only indicates the ARC console's 42-year time offset is in effect; otherwise the normal Unix epoch is assumed. SRM=true on alpha only indicates the SRM 1900 epoch is in effect; otherwise the normal Unix epoch is assumed. /etc/sysconfig/init: BOOTUP=<some bootup mode> BOOTUP=graphical means use X Windows graphical boot up BOOTUP=color means colorized text mode boot display. BOOTUP=verbose means old style display Anything else means simplified display, but without color or ANSI-formatting LOGLEVEL=<a number> Sets the initial console logging level for the kernel. The default is 7. 8 means everything (including debugging); 1 means nothing except kernel panics. syslogd will override this once it starts. RES_COL=<a number> Column of the screen to start status labels at. Defaults to 60 MOVE_TO_COL=<a command> A command to move the cursor to $RES_COL. Defaults to nasty ANSI sequences output by echo -e. SETCOLOR_SUCCESS=<a command> A command to set the color to a color indicating success. Defaults to nasty ANSI sequences output by echo -e setting the color to green. SETCOLOR_FAILURE=<a command> A command to set the color to a color indicating failure. Defaults to nasty ANSI sequences output by echo -e setting the color to red. SETCOLOR_WARNING=<a command> A command to set the color to a color indicating warning. Defaults to nasty ANSI sequences output by echo -e setting the color to yellow. SETCOLOR_NORMAL=<a command> A command to set the color to 'normal'. Defaults to nasty ANSI sequences output by echo -e. PROMPT=yes|no Set to 'yes' to enable the key check for interactive mode as well as asking if a filesystem check should be done. Default is 'no' and the kernel command line option "forcefsck" can be used to check the filesystems and "confirm" can be used to enable interactive startup questions. obsoleted values from earlier releases: MAGIC_SYSRQ=yes|no Setting this to 'no' used to disable the magic sysrq key and Stop-A (break on serial console) on SPARC. This setting has been moved into kernel.sysrq and kernel.stop-a settings respectively in /etc/sysctl.conf. Setting either of them there to 0 disables it, setting it to 1 enables it. STOP_A=yes|no Setting this to 'no' used to disable the Stop-A (break on serial console) key on SPARC. This setting has been moved into kernel.stop-a setting in /etc/sysctl.conf. Setting it there to 0 disables it, setting it to 1 enables it. The setting should be present on SPARC only. /etc/sysconfig/keyboard: KEYTABLE=<keytable file> for example: KEYTABLE="/usr/lib/kbd/keytables/us.map" If you dump a keymap (using 'dumpkeys') to /etc/sysconfig/console/default.kmap it will be loaded on bootup before filesystems are mounted/checked. This could be useful if you need to emergency type the root password. This has to be a dumped keymap, as opposed to copying the shipped keymap files, as the shipped files include other maps from the /usr/lib/kbd/keytables directory. KEYBOARDTYPE=sun|pc on SPARC only, sun means a sun keyboard is attached on /dev/kbd, pc means a PS/2 keyboard is on ps/2 port. /etc/sysconfig/mouse: MOUSETYPE=microsoft|mouseman|mousesystems|ps/2|msbm|logibm|atibm| logitech|mmseries|mmhittab XEMU3=yes|no (emulate three buttons with two buttons whenever necessary, most notably in X) DEVICE=<a device node> (the device of the mouse) In addition, /dev/mouse points to the mouse device. /etc/sysconfig/network: NETWORKING=yes|no GATEWAY=<gateway IP> GATEWAYDEV=<gateway device to use, when multiple devices have GATEWAY=> (e.g. eth0) NISDOMAIN=<nis domain name> NOZEROCONF= Set this to not set a route for dynamic link-local addresses. NETWORKDELAY=<delay in seconds> Delay in seconds after all network interfaces are initialized. Useful if network has spanning tree running and must wait for STP convergence. Default: 0 (no delay) IFDOWN_ON_SHUTDOWN=yes|no If yes, do bring interfaces down during system shutdown. If no, leave them in their current state (this is only supported on hosts using systemd). Default: yes (bring interfaces down) IPV6FORWARDING=yes|no Enable or disable global forwarding of incoming IPv6 packets on all interfaces. Note: Actual packet forwarding cannot be controlled per-device, use netfilter6 for such issues Default: no IPV6_AUTOCONF=yes|no Sets the default for device-based autoconfiguration. Default: yes if IPV6FORWARDING=no, no if IPV6FORWARDING=yes IPV6_ROUTER=yes|no Sets the default for device-based Host/Router behaviour. Default: yes if IPV6FORWARDING=yes, no if IPV6FORWARDING=no IPV6_AUTOTUNNEL=yes|no Controls automatic IPv6 tunneling. Default: no IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional) Add a default route through specified gateway An interface can be specified: required for link-local addresses Examples: IPV6_DEFAULTGW="3ffe:ffff:1234:5678::1" Add default route through 3ffe:ffff:1234:5678::1 IPV6_DEFAULTGW="3ffe:ffff:1234:5678::1%eth0" Add default route through 3ffe:ffff:1234:5678::1 and device eth0 IPV6_DEFAULTGW="fe80::1%eth0" Add default route through fe80::1 and device eth0 Note: if IPV6_DEFAULTGW is specified with %interface scope and it doesn't match IPV6_DEFAULTDEV, IPV6_DEFAULTDEV is ignored. Note: it's preferred to use %interface for all addresses, not just link-local if you have multiple IPv6-enabled interfaces. IPV6_DEFAULTDEV=<interface> (optional) Add a default route through specified interface without specifying next hop Type of interface will be tested whether this is allowed Examples: IPV6_DEFAULTDEV="eth0" INVALID example! IPV6_DEFAULTDEV="ppp0" IPV6_DEFAULTDEV="sit1" Examples for 6to4 IPV6_DEFAULTDEV="tun6to4" Add default route through dedicated 6to4 tunnel device "tun6to4", if configured Note: "tun6to4" does not support an additional IPV6_DEFAULTGW. Other interfaces prefer IPV6_DEFAULTGW, if specified. IPV6_RADVD_PIDFILE=<pid-file> (optional) Location of PID file for controlling radvd, see IPV6_CONTROL_RADVD Default: "/var/run/radvd/radvd.pid" Example: IPV6_RADVD_PIDFILE="/some/other/location/radvd.pid" IPV6TO4_RADVD_PIDFILE=<pid-file> (obsolete) As above, still supported for a while for backward compatibility. IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional) How to trigger radvd in case of 6to4 or PPP action startstop: radvd starts if interface goes up and stops if interface goes down using initscript call of radvd with related parameter reload|restart: initscript of radvd is called with this parameter SIGHUP: signal HUP is sent to radvd, pidfile must be specified, if not the default Default: SIGHUP IPv6 options above can be overridden in interface-specific configuration. obsoleted values from earlier releases: FORWARD_IPV4=yes|no This setting has been moved into net.ipv4.ip_forward setting in /etc/sysctl.conf. Setting it to 1 there enables IP forwarding, setting it to 0 disables it (which is the default for RFC compliance). NETWORKWAIT=yes|no This is not used with the move to systemd. HOSTNAME=<fqdn by default, but whatever hostname you want> This is now configured in /etc/hostname. /etc/sysconfig/static-routes-ipv6: Contains lines of the form: <device> IPv6-network IPv6-gateway <tunneldevice> IPv6-network <device> must be a device name to have the route brought up and down with the device For example: eth0 fec0:0:0:2::/64 fec0:0:0:1:0:0:0:20 adds a route for IPv6 network fec0:0:0:2::/64 through fec0:0:0:1:0:0:0:20 eth0 2000::/3 3ffe:ffff:0:1::1 so-called "default" routes for clients sit1 2000::/3 adds routes through dedicated tunnel interface sit1 tun6to4 3ffe:ffff:1234::/56 adds routes through hardwired 6to4 tunnel interface tun6to4 tun6to4 3ffe:ffff:5678::/56 ::5.6.7.8 adds routes through hardwired 6to4 tunnel interface tun6to4, specifying next hop Notes: * default routes (such as the "2000::/3" shown above) should be set with IPV6_DEFAULTGW and IPV6_DEFAULTDEV, see more above. * tunnel device "sit0" is not supported here, routes will never be applied /etc/sysconfig/routed: SILENT=yes|no EXPORT_GATEWAY=yes|no /etc/sysconfig/rawdevices: This is used for setting up raw device to block device mappings. It has the format: <rawdev> <major> <minor> <rawdev> <blockdev> For example: /dev/raw/raw1 /dev/sda1 /dev/raw/raw2 8 5 /etc/sysconfig/pcmcia: PCMCIA=yes|no PCIC=i82365|tcic PCIC_OPTS=<socket driver (i82365 or tcic) timing parameters> CORE_OPTS=<pcmcia_core options> CARDMGR_OPTS=<cardmgr options> /etc/sysconfig/amd: ADIR=/.automount (normally never changed) MOUNTPTS='/net /etc/amd.conf' (standard automount stuff) AMDOPTS= (extra options for AMD) /etc/sysconfig/tape: DEV=/dev/nst0 Tape device. Use the non-rewinding one for these scripts. For SCSI tapes this is /dev/nst#, where # is the number of the tape drive you want to use. If you only have one then use nst0. For IDE tapes you use /dev/ht#, where # is the number of the tape drive you want to use (usually ht0). For floppy tape drives use /dev/ftape. ADMIN=root Person to mail to if the backup fails for any reason SLEEP=5 Time to sleep between tape operations. Some drives need a bit more than others, but 5 seems to work for 8mm, 4mm, and DLT BLOCKSIZE=32768 This worked fine for 8mm, then 4mm, and now DLT. An optimal setting is probably however much data your drive writes at one time. SHORTDATE=$(date +%y:%m:%d:%H:%M) A short date string, used in backup log filenames. DAY=$(date +log-%y:%m:%d) This is used for the log file directory. DATE=$(date) Regular date string, used in log files. LOGROOT=/var/log/backup Root of the logging directory LIST=$LOGROOT/incremental-list This is the file name the incremental backup will use to store the incremental list. It will be $LIST-{some number}. ......
2>.路由相关的配置文件
"/etc/sysconfig/network-scripts/route-IFACE" 注意:需service network restart生效,有两种风格: (1)TARGET via GW 如:10.0.0.0/8 via 172.16.0.1 (2)每三行定义一条路由 ADDRESS#=TARGET NETMASK#=mask GATEWAY#=GW
3>.设备配置被保存在文本文件中
/etc/sysconfig/network-scripts/ifcfg-<name>
帮助文档列出完整选项列表:/usr/share/doc/initcripts-*/sysconfig.txt
4>.主机名和本地解析器
配置当前主机的主机名: hostname [HOSTNAME] /etc/sysconfig/network #centos 6.x保存主机名路径 /etc/hostname #centos 7.x建议写入该配置文件即可 解析器执行正向和逆向查询 /etc/hosts 本地主机名数据库和IP地址的映像 对小型独立网络有用 通常,在使用DNS前检查 getent hosts 查看/etc/hosts 内容
5>. dns名字解析
/etc/resolv.conf nameserver DNS_SERVER_IP1 nameserver DNS_SERVER_IP2 nameserver DNS_SERVER_IP3 search magedu.com /etc/nsswitch.conf 与/etc/hosts相比优先于DNS 正向解析:FQDN-->IP dig -t A FQDN host -t A FQDN 反向解析:IP-->FQDN dig -x IP host -t PTR IP
6>.网卡别名
网卡别名对虚拟主机有用,将多个IP地址绑定到一个NIC上 eth0:1 、eth0:2、eth0:3 ifconfig命令: ifconfig eth0:0 192.168.1.100/24 up ifconfig eth0:0 down ip命令: ip addr add 172.16.1.2/16 dev eth0 ip addr add 172.16.1.1/16 dev eth0 label eth0:0 ip addr add 172.16.1.2/16 dev eth0 label eth0:0 ip addr del 172.16.1.1/16 dev eth0 label eth0:0 ip addr flush dev eth0 label eth0:0
7>.设备别名
为每个设备别名生成独立的接口配置文件 关闭NetworkManager服务 ifcfg-ethX:xxx 必须使用静态联网 DEVICE=eth0:0 IPADDR=10.10.10.10 NETMASK=255.0.0.0 ONPARENT=yes 注意: service network restart 生效 参考: /usr/share/doc/initscripts-*/sysconfig.txt
八.网络接口配置-bonding
1>.什么是bonding
将多块网卡绑定同一IP地址对外提供服务,可以实现高可用或者负载均衡。直接给两块网卡设置同一IP地址是不可以的。通过bonding,虚拟一块网卡对外提供连接,物理网卡的被修改为相同的MAC地址
2>.Bonding常用的工作模式
Mode 0 (balance-rr) 轮转(Round-robin)策略:从头到尾顺序的在每一个slave 接口上面发送数据包。本模式提供负载均衡和容错的能力 Mode 1 (active-backup) 活动-备份(主备)策略:只有一个slave被激活,当且仅当活动的slave接口失败时才会激活其他slave.为了避免交换机发生混乱此时绑定的MAC地址只有一个外部端口上可见 Mode 3 (broadcast) 广播策略:在所有的slave接口上传送所有的报文,提供容错能力 active-backup、balance-tlb 和 balance-alb 模式不需要交换机的任何特殊配置。其他绑定模式需要配置交换机以便整合链接。如:Cisco 交换机需要在模式 0、2 和 3 中使用 EtherChannel,但在模式4中需要 LACP和 EtherChannel
3>.Bonding配置
bond详细配置过程可参考: https://www.cnblogs.com/yinzhengjie/p/10334705.html
删除bond0 ifconfig bond0 down rmmod bonding
博主推荐阅读: /usr/share/doc/kernel-doc- version/Documentation/networking/bonding.txt https://www.kernel.org/doc/Documentation/networking/bonding.txt
本文来自博客园,作者:尹正杰,转载请注明原文链接:https://www.cnblogs.com/yinzhengjie/p/11863836.html,个人微信: "JasonYin2020"(添加时请备注来源及意图备注,有偿付费)
当你的才华还撑不起你的野心的时候,你就应该静下心来学习。当你的能力还驾驭不了你的目标的时候,你就应该沉下心来历练。问问自己,想要怎样的人生。
