我们对网络属性进行配置,可以通过几个命令组进行管理,可以帮助我们实现对linux网络,路由的配置管理。
一.首先是ifcfg命令家族(ifconfig,route,netstat)
1.ifconfig:接口及地址查看和管理
ifconfig [INTERFACE]
1) # ifconfig -a:显示所有接口,包括inactive状态的接口;如图:
2) #ifconfig可以指定某个网卡的激活或者关闭
# ifconfig IFACE IP/MASK [up|down]
如图,已经关闭eno33554984
3)#ifconfig可以指定某网卡的ip及子网掩码,直接设置IP
格式:ifconfig IFACE IP netmask NETMASK
示例:
或者使用[root@localhost ~]# ifconfig eno33554984 192.168.41.3/24 up
同样可以达到目的。
上面的命令时因为立即送往内核中的TCP/IP协议栈,所以会立即生效,但是不会永久生效,重启即消失。
4)启用选项,可以指定某网卡启用某种模式
例如指定eno33554984启用混杂模式promisc
关闭此模式:[root@localhost ~]# ifconfig eno33554984 -promisc
5)管理IPv6地址格式:
添加:add addr/prefixlen
删除:del addr/prefixlen
2.route命令:路由查看及管理命令:
路由的类型有三种:
-
主机路由:目标地址为单个IP;
网络路由:目标地址为IP网络;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0
1)查看路由
[root@localhost ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
2)添加路由
格式:route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
#给主机添加一个网络路由,示例:
给本机eno33554984这个网卡指定一个到10.0.0.0/8的路由,网关为192.168.41
[root@localhost ~]# route add -net 10.0.0.0/8 gw 192.168.41.1 dev eno33554984[root@localhost ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno1677773610.0.0.0 192.168.41.1 255.0.0.0 UG 0 0 0 eno33554984172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
#给主机添加一个默认网关,示例
route add -net 0.0.0.0/0.0.0.0 gw 192.168.10.1
或者:route add default gw 192.168.10.1
#给主机添加一个主机路由 只需要将-net 改成-host即可。
3)删除路由
格式:route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
#给主机删除一个路由
[root@localhost ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno1677773610.0.0.0 192.168.41.1 255.0.0.0 UG 0 0 0 eno33554984172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984192.168.124.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984[root@localhost ~]# route del -net 10.0.0.0/8 gw 192.168.41.1[root@localhost ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.16.0.1 0.0.0.0 UG 100 0 0 eno16777736172.16.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777736192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984192.168.124.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
#删除默认路由:route del default
3.netstat命令:显示网络连接,路由表,接口统计数据,伪装连接及多播成员关系
主要功能:
1)显示路由:netstat -rn
-r:显示内核路由表
-n:数字格式
示例:
[root@localhost ~]# netstat -nrKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eno16777736172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eno16777736192.168.41.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554984
2)显示网络连接
格式:netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
选项解释:
-
-t:TCP协议的相关连接,连接均有其状态;FSM(Finate State Machine);
-u:UDP相关的连接;
-w:raw socket相关的连接;
-l:处于监听状态的连接;
-a:所有状态;
-n:以数字格式显示IP和Port;
-e:扩展格式;
-p:显示相关的进程及PID;
示例:#-tan 显示tcp所有状态的数字格式的连接状况
[root@localhost ~]# netstat -tanActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN tcp 0 52 172.16.249.228:22 172.16.41.1:38249 ESTABLISHEDtcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 ::1:6010 :::* LISTEN
#-uan 显示udp所有状态的数字格式的连接状况
[root@localhost ~]# netstat -uanActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:9213 0.0.0.0:* udp 0 0 0.0.0.0:55841 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:123 0.0.0.0:* udp 0 0 127.0.0.1:323 0.0.0.0:* udp6 0 0 :::38403 :::* udp6 0 0 :::123 :::* udp6 0 0 ::1:323 :::* udp6 0 0 :::57286 :::*
#-tunlp 显示tcp及UDP处于监听状态的以数字格式连接的监听状态进程的状况
[root@localhost ~]# netstat -tulpnActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1012/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1822/master tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2263/sshd: root@pts tcp6 0 0 :::22 :::* LISTEN 1012/sshd tcp6 0 0 ::1:25 :::* LISTEN 1822/master tcp6 0 0 ::1:6010 :::* LISTEN 2263/sshd: root@pts udp 0 0 0.0.0.0:9213 0.0.0.0:* 840/dhclient udp 0 0 0.0.0.0:55841 0.0.0.0:* 2410/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 2410/dhclient udp 0 0 0.0.0.0:68 0.0.0.0:* 840/dhclient udp 0 0 0.0.0.0:123 0.0.0.0:* 792/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 792/chronyd udp6 0 0 :::38403 :::* 840/dhclient udp6 0 0 :::123 :::* 792/chronyd udp6 0 0 ::1:323 :::* 792/chronyd udp6 0 0 :::57286 :::* 2410/dhclient
3)显示接口的统计数据:
格式:netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
#显示所有接口的数据 -i
[root@localhost ~]# netstat -iKernel Interface tableIface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeno16777 1500 14012 0 0 0 946 0 0 0 BMRUeno33554 1500 302 0 0 0 25 0 0 0 BMRUlo 65536 11 0 0 0 11 0 0 0 LRU
#指定接口:netstat -I<IFace> 此处-I之后不能有空格
[root@localhost ~]# netstat -Ieno33554984Kernel Interface tableIface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeno33554 1500 320 0 0 0 27 0 0 0 BMRU
4.ifup/ifdown命令:启用或者禁用某网卡
#ifup/ifdown IFace
原理:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;所以如果配置文件不存在,此命令无法实现启用或者禁用网卡接口。
5.配置主机名
# hostname命令:
1)查看:hostname
2)配置:hostname HOSTNAME 配置只在当前系统有效,重启后失效
#针对CentOS 7,可以使用另外的命令:
hostnamectl status:显示当前主机名信息;
hostnamectl set-hostname:设定主机名,永久有效;
[root@localhost ~]# hostnamectl Static hostname: localhost.localdomain Icon name: computer-vm Chassis: vm Machine ID: 95aab33025e949cc85ccb116339b7eac Boot ID: ab8ccd62676d48e9a7b653625eead0cc Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-229.el7.x86_64 Architecture: x86_64
#通过编辑配置文件也可使其永久生效;
配置文件: /etc/sysconfig/network
HOSTNAME=<HOSTNAME>
修改后不会立即生效,需要重读此文件才有效,但是一直生效。
6.DNS服务器指向
#修改配置文件/etc/resolv.conf
nameserver DNS_SERVER_IP
#测试(host/nslookup/dig):
[root@localhost ~]# dig -t A mageedu.com; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> -t A mageedu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4358;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 10;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 4096;; QUESTION SECTION:;mageedu.com. IN A;; ANSWER SECTION:mageedu.com. 600 IN A 101.200.188.230;; AUTHORITY SECTION:mageedu.com. 153286 IN NS v2s1.xundns.com.mageedu.com. 153286 IN NS v2s2.xundns.com.;; ADDITIONAL SECTION:v2s1.xundns.com. 126456 IN A 183.57.38.184v2s1.xundns.com. 126456 IN A 113.17.169.37v2s1.xundns.com. 126456 IN A 115.238.241.21v2s1.xundns.com. 126456 IN A 115.238.253.250v2s1.xundns.com. 126456 IN A 124.232.156.76v2s2.xundns.com. 126456 IN A 116.10.184.143v2s2.xundns.com. 126456 IN A 121.10.104.13v2s2.xundns.com. 126456 IN A 115.238.241.20v2s2.xundns.com. 126456 IN A 115.238.253.252;; Query time: 1110 msec;; SERVER: 172.16.0.1#53(172.16.0.1);; WHEN: 五 12月 25 21:27:59 CST 2015;; MSG SIZE rcvd: 245
二.iproute家族:
1.ip命令:查看及管理路由,设备,策略路由及隧道功能
格式:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns }
1)ip link 网络设备配置
#ip link set - 修改设备属性
#ip link show - 显示设备属性
显示属性示例:
[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
或者使用list也可以实现查看显示的效果
[root@localhost ~]# ip link list1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
#ip link set后跟比较多,同ifconfig比较相似。
1)up和down 启用或者禁用。示例:eno33554984被禁用
[root@localhost ~]# ip link set eno33554984 down[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
重新启用eno33554984:
[root@localhost ~]# ip link set eno33554984 up[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
2)#multicast on或multicast off:启用或禁用多播功能;示例:
[root@localhost ~]# ip link set eno33554984 multicast on[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link set eno33554984 multicast off[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
3)name NAME:重命名接口
4)mtu NUMBER:设置MTU的大小,默认为1500;
5)netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
示例:
[root@localhost ~]# ip netns add mynet[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff[root@localhost ~]# ip link set eno33554984 netns mynet[root@localhost ~]# ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff
可以发现这里我们增加了一个自己命名的网络空间:mynet,并将eno33554984移入到了 mynet空间中,所以原先eno33554984接口消失;
[root@localhost ~]# ip netns exec mynet ip link show1: lo:mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:003: eno33554984: mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
此时在mynet空间中执行查看接口信息,即可发现消失的eno33554984信息。
[root@localhost ~]# ip netns del mynet[root@localhost ~]# ip link show1: lo:mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff3: eno33554984: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff
将mynet空间删除,eno33554984即可归来。
6)ip netns:管理用户网络空间
选项:
-
ip netns list:列出所有的netns
ip netns add NAME:创建指定的netns
ip netns del NAME:删除指定的netns
ip netns exec NAME COMMAND:在指定的netns中运行命令
7)ip address - 协议地址管理,管理网络上的IP地址
<一>格式:ip addr add IFADDR dev IFACE
示例:删除了eno33554984的IP
ifconfig eno33554984 0
# 为eno33554984新增一个IP-192.168.41.3/24
[root@localhost ~]# ip addr add 192.168.41.3/24 dev eno33554984[root@localhost ~]# ip addr show1: lo:mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff inet 172.16.249.228/16 brd 172.16.255.255 scope global dynamic eno16777736 valid_lft 78030sec preferred_lft 78030sec inet6 fe80::20c:29ff:feee:d3f1/64 scope link valid_lft forever preferred_lft forever3: eno33554984: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff inet 192.168.41.3/24 scope global eno33554984 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feee:d3fb/64 scope link valid_lft forever preferred_lft forever
#为同一个网卡增加第二个地址
[root@localhost ~]# ip addr add 192.168.41.4/24 dev eno33554984[root@localhost ~]# ip adr listObject "adr" is unknown, try "ip help".[root@localhost ~]# ip addr list1: lo:mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ee:d3:f1 brd ff:ff:ff:ff:ff:ff inet 172.16.249.228/16 brd 172.16.255.255 scope global dynamic eno16777736 valid_lft 77507sec preferred_lft 77507sec inet6 fe80::20c:29ff:feee:d3f1/64 scope link valid_lft forever preferred_lft forever3: eno33554984: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff inet 192.168.41.3/24 scope global eno33554984 valid_lft forever preferred_lft forever inet 192.168.41.4/24 scope global secondary eno33554984 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feee:d3fb/64 scope link valid_lft forever preferred_lft forever
# 此时新增的IP在ifconfig下是显示不出来的,如果想要显示,就需要增加一个标签。
ip addr add label NAME,示例:
[root@localhost ~]# ip addr add 192.168.41.5/24 dev eno33554984 label eno33554984:0
[root@localhost ~]# ip addr list eno335549843: eno33554984:mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ee:d3:fb brd ff:ff:ff:ff:ff:ff inet 192.168.41.3/24 scope global eno33554984 valid_lft forever preferred_lft forever inet 192.168.41.4/24 scope global secondary eno33554984 valid_lft forever preferred_lft forever inet 192.168.41.5/24 scope global secondary eno33554984:0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feee:d3fb/64 scope link valid_lft forever preferred_lft forever
此时ifconfig也是可以显示eno33554984:0的信息。
# ip address add [broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
# ip address add [scope SCOPE_VALUE]:作用域
global:全局可用
link:接口可用; 自己ping自己可以,别人不可以
host:仅本机可用;除了自己可见,别人无法ping。
<二>ip address delete - delete protocol address -删除
格式:ip addr delete IFADDR dev IFACE
示例:删除eno33554984上的192.168.41.5/24的IP
[root@localhost ~]# ip addr del 192.168.41.5/24 dev eno33554984
<三>ip address show - look at protocol addresses-显示接口信息
同:ip addr list [IFACE]:显示接口的地址;
<四>ip address flush - flush protocol addresses--清除接口信息
ip addr flush dev IFACE
8)ip route:管理路由表
ip route add - add new route-添加路由;
ip route change - change route--修改路由;
ip route replace - change or add new one---替换路由,修改已有或者添加新的;
ip route delete - delete route--删除路由;
ip route show--list routes-显示路由
ip route flush - flush routing tables--清空路由;
ip route get - get a single route--获取单条路由;
格式:ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
[root@localhost ~]# ip route add 192.168.0.0/24 via 10.0.0.1 dev eno33554984[root@localhost ~]# ip route list default via 172.16.0.1 dev eno16777736 proto static metric 100 10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41 172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100 192.168.0.0/24 via 10.0.0.1 dev eno33554984 192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
示例:特指定出去的ip为10.0.10.41的路由网关,由src指定
[root@localhost ~]# ip route add 192.168.1.0/24 via 10.0.0.1 dev eno33554984 src 10.0.10.41[root@localhost ~]# ip route listdefault via 172.16.0.1 dev eno16777736 proto static metric 100 10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41 172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100 192.168.0.0/24 via 10.0.0.1 dev eno33554984 192.168.1.0/24 via 10.0.0.1 dev eno33554984 src 10.0.10.41 192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
# 增加默认网关:
ip route add default via 172.16.0.1 dev eno16777736
#删除网关:
ip route del TYPE PRIFIX
示例: 删除到192.168.1.0/24的网关
[root@localhost ~]# ip route del 192.168.1.0/24[root@localhost ~]# ip route listdefault via 172.16.0.1 dev eno16777736 proto static metric 100 10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41 172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100 192.168.0.0/24 via 10.0.0.1 dev eno33554984 192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
#ip route show - list routes-显示地址
#ip route get - get a single route-获得一个路由
格式:ip route get TYPE PRIFIX
#ip route flush - flush routing tables- 清空路由表 ,可以指定网络
格式:TYPE PRIFIX
清空到10.0.0.0/8的路由
[root@localhost ~]# ip route listdefault via 172.16.0.1 dev eno16777736 proto static metric 100 10.0.0.0/8 dev eno33554984 proto kernel scope link src 10.0.10.41 172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100 192.168.0.0/24 via 10.0.0.1 dev eno33554984 192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100 [root@localhost ~]# ip route flush 10.0.0.0/8[root@localhost ~]# ip route listdefault via 172.16.0.1 dev eno16777736 proto static metric 100 172.16.0.0/16 dev eno16777736 proto kernel scope link src 172.16.249.228 metric 100 192.168.0.0/24 via 10.0.0.1 dev eno33554984 192.168.41.0/24 dev eno33554984 proto kernel scope link src 192.168.41.3 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 192.168.124.0/24 dev eno33554984 proto kernel scope link src 192.168.124.128 metric 100
2.ss命令:另一个显示socket的工具
格式:ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ] 用来过滤连接
其中:TCP的状态有如下:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:分手阶段,等待一方回应
FIN_WAIT_2:分手时候,一方分完,另一方确认
SYN_SENT:
SYN_RECV:
CLOSED:
示例:'( dport = :22 or sport = :22)'
#只显示tan状态中22端口的链接
[root@localhost ~]# ss -tan '( dport = :22 or sport = :22 )'State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* ESTAB 0 0 172.16.249.228:22 172.16.41.1:38249 LISTEN 0 128
三.配置文件修改
1.IP/NETMASK/GW/DNS等属性的配置文件
位置:/etc/sysconfig/network-scripts/ifcfg-IFACE,其中IFACE:接口名称;
2.路由的相关配置文件:
/etc/sysconfig/networkj-scripts/route-IFACE
注意:配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通过大量参数来定义接口的属性;其可通过vim等文本编辑器直接修改,也可以使用专用的命令的进行修改(CentOS 6:system-config-network (setup),CentOS 7: nmtui)
3.对IP/NETMASK/GW/DNS等属性的配置文件 ifcfg-IFACE参数的解释:
DEVICE:此配置文件对应的设备的名称;
ONBOOT:在系统引导过程中,是否激活此接口;
UUID:此设备的惟一标识;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp、bootp、static、none;
TYPE:接口类型,常见的有Ethernet, Bridge;
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子网掩码;CentOS 7支持使用PREFIX以长度方式指明子网掩码;
GATEWAY:默认网关;
USERCTL:是否允许普通用户控制此设备;
PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向覆盖本地手动指定的DNS服务器指向;默认为允许;
HWADDR:设备的MAC地址;
NM_CONTROLLED:是否使用NetworkManager服务来控制接口;centos6上不建议打开。
3.管理网络服务
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之后,如果要生效,需要重启网络服务;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
4.日常工作中我们需要将一些默认路由永久生效,也需要写到配置文件中
文件位置:/etc/sysconfig/network-scripts/route-IFACE
支持两种配置方式,但不可混用;
(1) 每行一个路由条目:
格式:TARGET via GW
例:目标:下一跳:网关
10.0.0.0/24 via 192.168.10.1
# 即到达10.0.0.0/24经由192.168.10.1通过
(2) 每三行一个路由条目:
格式:ADDRESS#=TARGET ADDRESS0=20.0.0.0
NETMASK#=MASK NETMASK0=255.255.255.0
GATEWAY#=NEXTHOP GATEWAY0=192.168.10.2
#即到达达20.0.0.0/24经由192.168.10.2通过
5.给接口配置多个地址,除ip addr之外,ifconfig或配置文件都可以;
(1) ifconfig IFACE_LABEL IPADDR/NETMASK
即:IFACE_LABEL: eth0:0, eth0:1, ...
(2) 为别名添加配置文件;
DEVICE=IFACE_LABEL
BOOTPROTO:网上别名不支持动态获取地址