linux網絡基礎管理
目錄node
linux網絡基礎管理
@mysql
1. 網卡命名
1.1 傳統網卡命名機制
傳統命名:
以太網eth[0,1,2,...]
wlan[0,1,2,...]linux
1.2 redhat7網卡命名機制
systemd對網絡設備的命名方式:ios
若是Firmware或BIOS爲主板上集成的設備提供的索引信息可用,且可預測,則根據此索引進行命名,例如eno1
若是Firmware或BIOS爲PCI-E擴展槽所提供的索引信息可用,且可預測,則根據此索引進行命名,例如ens1
若是硬件接口的物理位置信息可用,則根據此信息進行命名,例如enp2s0
若是用戶顯式啓動,也可根據MAC地址進行命名,例如enx2387a1dc56
上述均不可用時,則使用傳統命名機制
上述命名機制中,有的須要biosdevname程序的參與。因此必須安裝biosdevname程序且啓用它。nginx
1.3 網絡接口名稱組成格式
基於固件、設備結構、設備類型git
由兩個字母開頭標示固件
以太網網卡以 en 開頭
無線網卡以 wl 開頭
設備結構
o:主板上集成的設備的設備索引號
s:擴展槽的索引號
x:基於MAC地址的命名
p
1.4 網卡設備的命名過程
udev,輔助工具程序/lib/udev/rename_device會根據/usr/lib/udev/rules.d/60-net.rules中的信息設定網卡名稱
biosdevname會根據/usr/lib/udev/rules.d/71-biosdevname.rules中的信息設定網卡名稱
經過udev檢測網絡接口設備,根據/usr/lib/udev/rules.d/75-net-description中的變量信息設定網卡名稱
迴歸傳統名
[root@localhost ~]# mv /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# ls /etc/sysconfig/network-scripts/ |grep ifcfg-e
ifcfg-eth0
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee
DEVICE=eth0 //修改
NAME=eth0 //修改
ONBOOT=yes
//編輯/etc/default/grub配置文件,在以GRUB_CMDLINE_LINUX開頭的行內rhgb的前面加上net.ifnames=0 biosdevname=0
[root@localhost ~]# vim /etc/default/grub
[root@localhost ~]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet"
|------------添加-----------|
GRUB_DISABLE_RECOVERY="true"
//爲grub2生成其配置文件
[root@localhost ~]# grub2-mkconfig -o /etc/grub2.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-56592b1fdc854164b8d6f8107bb3caa0
Found initrd image: /boot/initramfs-0-rescue-56592b1fdc854164b8d6f8107bb3caa0.img
done
//重啓生效
[root@localhost ~]# reboot
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1694sec preferred_lft 1694sec
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
2. 網絡管理經常使用命令
2.1 ifconfig
//查看當前處於活動狀態的全部網絡接口
[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255
inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet)
RX packets 1582 bytes 141335 (138.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 960 bytes 111137 (108.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 68 bytes 5792 (5.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5792 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//僅查看eth0網卡狀態
[root@localhost ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255
inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet)
RX packets 1612 bytes 143825 (140.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 978 bytes 113851 (111.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//查看全部網卡狀態信息, 包括禁用和啓用
[root@localhost ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255
inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet)
RX packets 1657 bytes 147697 (144.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1006 bytes 117125 (114.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 68 bytes 5792 (5.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5792 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//關閉 (lo) 接口 [root@localhost ~]# ifconfig lo down 打開網卡(lo)接口 [root@localhost ~]# ifconfig lo up
//網卡配置信息含義以下: UP: 網卡處於活動狀態 BROADCAST: 支持廣播 RUNNING: 網線已接入 MULTICAST: 支持組播 MTU: 最大傳輸單元(字節),即此接口一次所能傳輸的最大封包 inet: 顯示IPv4地址行 inet6: 顯示IPv6地址行 link/enther: 指設備硬件(MAC)地址 txqueuelen: 傳輸緩存區長度大小 RX packets: 接收的數據包 TX packets: 發送的數據包 errors: 總的收包的錯誤數量 dropped: 因爲各類緣由, 致使拷貝在內存過程當中被丟棄 collisions: 網絡信號衝突狀況, 值不爲0則可能存在網絡故障
2.2 ip
//語法:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT:
link:網絡接口屬性
addr:協議地址
route:路由
//查看IP信息
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1242sec preferred_lft 1242sec
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
//查看網絡接口全部地址
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:f
//顯示報文統計信息
[root@localhost ~]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
13396 127 0 0 0 0
TX: bytes packets errors dropped carrier collsns
14967 129 0 0 0 0
//啓用或禁用網絡接口ip link set DEV {up|down}
[root@localhost ~]# ip link set lo down
[root@localhost ~]# ip link set lo up
//ip addr add ADDRESS dev DEV:添加IP地址
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1429sec preferred_lft 1429sec
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.213.130/24 dev eth0
[root@localhost ~]# ip addr show eth0
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1287sec preferred_lft 1287sec
inet 192.168.213.130/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
//ip addr del ADDRESS dev DEV:刪除IP地址
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1287sec preferred_lft 1287sec
inet 192.168.213.130/24 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1121sec preferred_lft 1121sec
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
//ip addr show DEV:查看網絡接口的地址
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
valid_lft 1041sec preferred_lft 1041sec
inet6 fe80::f6f:62de:73a6:fa93/64 scope link
valid_lft forever preferred_lft forever
//ip route:routing table management 路由管理 //`在這裏插入代碼片`
//添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主機路由:IP
網絡路由:NETWORK/MASK
//刪除路由:ip route del TARGET
TARGET:
主機路由:IP
網絡路由:NETWORK/MASK
//查看路由:ip route show
//刷新路由表:ip route flush
[dev IFACE]
[via PREFIX]
2.3 route
Linux主機之間是使用IP進行通訊, 假設A主機和B主機同在一個網段內且網卡都處於激活狀態, 則A具有和B直接通訊的能力, 但若是A主機和B主機處於兩個不一樣的網段, 則A必須經過路由器才能和B通訊, 路由器屬於IT設備的基礎設施, 每個網段都應該至少有一個網關sql
//查看當前路由表 [root@localhost ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//以數字方式顯示各主機或端口等相關信息 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增長路由 //語法:route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If] //增長網段路由 [root@localhost ~]# route add -net 192.168.1.0/24 gw 192.168.1.254 dev eth0 [root@localhost ~]# route add -net 0.0.0.0/0 gw 192.168.1.254 dev eth0 //增長主機路由 [root@localhost ~]# route add -host 172.16.12.128 gw 172.16.12.2
//例: [root@guilai ~]# route add -net 192.168.161.0/24 gw 192.168.213.2 dev eth0 [root@guilai ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.161.0 192.168.213.2 255.255.255.0 UG 0 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 [root@guilai ~]# route del -net 192.168.161.0/24 [root@guilai ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//刪除路由 [root@localhost ~]# route del -net 192.168.1.0/24 [root@localhost ~]# route del -net 0.0.0.0 gw 192.168.1.254
2.4 hostname與hostnamectl
生產環境中必須配置主機名,同時主機名也須要遵循必定的規範, 好比:
公有云: 地區-項目-業務-服務-節點-地址
wh-shop-register-nginx-node1-192.168.56.13
wh-med-pay-mysql-master01-192.168.56.11
wh-med-pay-mysql-slave01-192.168.56.12vim
//hostname查看主機名 [root@localhost ~]# hostname localhost.localdomain
//hostname臨時修改主機名 [root@localhost ~]# hostname tianxiadiyi [root@localhost ~]# cat /etc/hostname localhost.localdomain //注意:修改主機名後須要從新登陸用戶纔會顯示效果
//rhel7系統建議使用hostnamectl修改和查看主機名 //設定永久名稱 [root@localhost ~]# hostnamectl set-hostname guilai [root@localhost ~]# cat /etc/hostname guilai
//查看主機信息
[root@localhost ~]# hostnamectl
Static hostname: guilai
Icon name: computer-vm
Chassis: vm
Machine ID: 56592b1fdc854164b8d6f8107bb3caa0
Boot ID: 9d806f2ea7c54acbb7f100c0bcce2a18
Virtualization: vmware
Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.4:GA:server
Kernel: Linux 3.10.0-693.el7.x86_64
Architecture: x86-64
注意:
在Linux中以命令方式修改網絡配置只在當前狀態有效,重啓後將失效。故若想使修改的配置重啓後依然有效,則必須編輯配置文件進行配置的修改。緩存
3.網絡相關配置文件
//網絡配置文件:/etc/sysconfig/network
NETWORKING={yes|no}:設定整個系統是否啓用網絡功能,若設爲no,則不論網卡如何設置都不能使用網絡功能。
HOSTNAME:設置主機名
3.2 網絡接口配置文件
網絡接口即網卡,其配置文件的路徑是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet //接口類型。常見的接口類型有:Ethernet,Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static //引導協議,可選值有{static|none|dhcp|bootp}。若是要使用靜態地址,使用static或none均可以
DEFROUTE=yes //將接口設定爲默認路由[yes|no]
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee //設備的唯一標識
DEVICE=eth0 //關聯的設備名稱,要與文件名的後半部"INTERFACE_NAME"保持一致
NAME=eth0 //鏈接名稱
ONBOOT=yes //在系統引導時是否自動激活此網絡接口,可選值有{ yes | no }
IPADDR=192.168.213.132 //固定IP地址
NETMASK=255.255.255.0 //子網掩碼//子網掩碼 PREFIX=24也是子網掩碼
GATEWAY=192.168.213.2 //默認網關
DNS1=192.168.213.2 //第一個DNS服務器指向, DNS2 //第二個DNS服務器指向
//網卡配置說明
//參數 說明
BOOTPROTO=none //引導協議,可選值有{static|none|dhcp|bootp}。若是要使用靜態地址,使用static或none均可以
NM_CONTROLLED //NM是NetworkManager的簡寫,NM是由RHEL研發的在RHEL6中取代network腳原本實現網絡管理、配置的服務腳本
//可選值有{ yes | no }
//此項是設定此網卡是否接受NM控制。CentOS6建議設爲「no」
TYPE //接口類型。常見的接口類型有:Ethernet,Bridge
UUID //設備的唯一標識
HWADDR //硬件地址,要與硬件中的地址保持一致,可省
IPADDR=172.16.12.130 //固定IP地址
PREFIX=24 //子網掩碼
NETMASK=255.255.255.0 //子網掩碼
GATEWAY=172.16.12.2 //默認網關
DNS1=172.16.12.2 //第一個DNS服務器指向
DNS2 //第二個DNS服務器指向
DNS3 //第三個DNS服務器指向
DEVICE=eth1 //關聯的設備名稱,要與文件名的後半部"INTERFACE_NAME"保持一致
NAME="eth1" //鏈接名稱
ONBOOT=yes //在系統引導時是否自動激活此網絡接口,可選值有{ yes | no }
DEFROUTE=yes //將接口設定爲默認路由[yes|no]
USERCTL={yes|no} //是否容許普通用戶控制此接口的啓用與禁用
PEERDNS={yes|no} //是否在BOOTPROTO爲dhcp時接受由dhcp服務器指定的DNS地址,此項設爲yes時得到的DNS地址將直接覆蓋至/etc/resolv.conf文件中
3.3路由配置文件
路由配置文件的路徑是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
//添加格式一:DEST via NEXTHOP
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33 //用vi生成編輯
172.16.12.0/24 via 172.16.12.2
//添加格式二:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33
ADDRESS0=172.16.12.0
NETMASK0=255.255.255.0
GATEWAY0=172.16.12.2
3.4DNS配置文件
DNS配置文件的路徑是/etc/resolv.conf
[root@localhost ~]# vi /etc/resolv.conf nameserver DNS_IP_1 nameserver DNS_IP_2 nameserver DNS_IP_3
不必配置這個,若是在vi /etc/sysconfig/network-scripts/ifcfg-eth0
4. NetworkManager管理網絡
RHEL/CentOS7系統默認使用NetworkManager來提供網絡服務,這是一種動態管理網絡配置的守護進程,可以讓網絡設備保持鏈接狀態。
NetworkManager提供的命令行和圖形配置工具對網絡進行設定, 設定保存的配置文件在/etc/sysconfig/network-scripts目錄下, 工具備 nmcli, nmtui, nm-connect-editor
device物理設備, 例如 ens33,enp2s0,virbr0,team0
connection鏈接設置, 具體網絡配置方案
1.不一樣的網絡鏈接配置能夠應用到相同的物理設備,但物理設備同一時間只能應用其中某個網絡鏈接
2.針對物理網絡接口, 設定不一樣的網絡鏈接, 在不一樣的使用環境中激活相應的網絡鏈接,就能夠實現網絡配置信息的自動切換了
使用nmcli命令查看設備以及鏈接狀況
//查看設備狀態 [root@guilai ~]# nmcli device 設備 類型 狀態 鏈接 eth0 ethernet 鏈接的 eth0 lo loopback 未託管 -- //查看指定設備的詳細狀態 [root@guilai ~]# nmcli device show eth0 GENERAL.設備: eth0 GENERAL.類型: ethernet GENERAL.硬盤: 00:0C:29:84:06:E4 GENERAL.MTU: 1500 GENERAL.狀態: 100 (鏈接的) GENERAL.鏈接: eth0 GENERAL.鏈接路徑: /org/freedesktop/NetworkManager/ActiveConnection/2 WIRED-PROPERTIES.載波: 開 IP4.地址[1]: 192.168.213.132/24 IP4.網關: 192.168.213.2 IP4.DNS[1]: 192.168.213.2 IP6.地址[1]: fe80::f6f:62de:73a6:fa93/64 IP6.網關: -- //查看鏈接狀態 //查看全部活動的鏈接 [root@guilai ~]# nmcli connection 名稱 UUID 類型 設備 eth0 52ed696c-ea51-4509-89b8-cfa4a7f22aee 802-3-ethernet eth0 //查看指定設備鏈接的詳細狀況 [root@guilai ~]# nmcli connection show eth0 connection.id: eth0 connection.uuid: 52ed696c-ea51-4509-89b8-cfa4a7f22aee connection.stable-id: -- connection.interface-name: eth0 connection.type: 802-3-ethernet connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (默認) connection.timestamp: 1570532473 connection.read-only: no connection.permissions: -- connection.zone: -- .....................
5. 使用原生network管理網絡
CentOS/RHEL的網絡配置文件默認目錄爲/etc/sysconfig/network-scripts
默認第一塊物理網卡配置文件爲ifcfg-eth0, 若是有第二塊物理網卡, 配置文件則爲ifcfg-eth1以此類推。 注意: 若是新增物理網卡沒有配置文件,可選擇複製系統默認的進行修改。
//設置NetworkManger開機不啓動, 同時中止NetworkManger服務
[root@localhost ~]# systemctl disable NetworkManager
[root@localhost ~]# systemctl stop NetworkManager
//添加一塊物理網卡, 而後新增網絡鏈接配置文件
//複製配置eth0配置文件爲eth1
/添加一塊物理網卡, 而後新增網絡鏈接配置文件
//複製配置eth0配置文件爲eth1
[root@localhost ~]# cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1}
//編輯網卡配置文件
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
UUID=03be31f5-a3c1-4f8d-88b3-aea6e85c869f
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
//重啓network網絡服務加載網絡並設置開機啓動
[root@localhost ~]# systemctl restart network
[root@localhost ~]# systemctl enable network
6.網絡檢測工具與故障排查
6.1 ping
ping命令的目的在於測試另外一臺主機是否可達, 若是ping不到某臺主機,就說明對方主機已經出現了問題, 可是不排除因爲鏈路中的防火牆、ping被丟棄等緣由形成ping不通的狀況
//ping命令經常使用選項:
-c 指定ping的次數
-i 指定ping包的發送間隔
-w 若是ping沒有迴應, 則在指定超時時間後退出
// ping 5 次
[root@guilai ~]# ping -c 5 www.baidu.com
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=1 ttl=128 time=21.8 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=2 ttl=128 time=27.6 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=3 ttl=128 time=47.5 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=4 ttl=128 time=22.4 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=5 ttl=128 time=21.9 ms
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 21.837/28.289/47.585/9.893 ms
//每0.1秒ping一次
[root@guilai ~]# ping -i 0.1 www.baidu.com
6.2 host與nslookup
host/nslookup命令用於查詢DNS記錄
host/nslookup命令用於查詢DNS記錄 [root@guilai ~]# host www.baidu.com www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 182.61.200.7 www.a.shifen.com has address 182.61.200.6``` [root@guilai ~]# nslookup www.baidu.com Server: 192.168.213.2 Address: 192.168.213.2#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 182.61.200.6 Name: www.a.shifen.com Address: 182.61.200.7
yum provides *bin/nslookup 來查看該命令須要安裝什麼包
6.3 traceroute
traceroute命令用於路由跟蹤, 檢測網絡故障出如今ISP運營商或是對端服務沒法響應
[root@guilai ~]# traceroute www.baidu.com traceroute to www.baidu.com (182.61.200.7), 30 hops max, 60 byte packets 1 gateway (192.168.213.2) 0.097 ms 0.066 ms 0.088 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * *
6.4 netstat
netstat用於查看網絡狀態
//顯示路由表
[root@seancheng ~]# netstat -r
[root@guilai ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
192.168.213.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//以數字方式顯示路由表
[root@seancheng ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.213.2 0.0.0.0 UG 0 0 0 eth0
192.168.213.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//顯示創建的tcp鏈接
[root@seancheng ~]# netstat -t
[root@guilai ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED
//顯示udp鏈接
[root@seancheng ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
//顯示監聽狀態的鏈接
[root@seancheng ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 19870 private/trace
unix 2 [ ACC ] STREAM LISTENING 19873 private/verify
unix 2 [ ACC ] STREAM LISTENING 19879 private/proxymap
unix 2 [ ACC ] SEQPACKET LISTENING 14350 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19882 private/proxywrite
......
//顯示監聽指定的套接字的進程的進程號及進程名
[root@seancheng ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED 1409/sshd: root@pts
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ] DGRAM 14373 1/systemd /run/systemd/shutdownd
unix 2 [ ] DGRAM 15922 767/chronyd /var/run/chrony/chronyd.sock
unix 2 [ ] DGRAM 9170 1/systemd /run/systemd/notify
unix 2 [ ] DGRAM 9172 1/systemd /run/systemd/cgroups-agent
unix 5 [ ] DGRAM 9183 1/systemd /run/systemd/journal/socket
unix 16 [ ] DGRAM 9185 1/systemd /dev/log
unix 3 [ ] DGRAM 14889 594/systemd-udevd
unix 3 [ ] STREAM CONNECTED 16123 781/crond
unix 3 [ ] STREAM CONNECTED 19848 1342/master
.........
/顯示全部狀態的鏈接
[root@seancheng ~]# netstat -a
[root@guilai ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 guilai:48786 makaki.miuku.net:ntp ESTABLISHED
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 19870 private/trace
unix 2 [ ACC ] STREAM LISTENING 19873 private/verify
unix 2 [ ACC ] STREAM LISTENING 19879 private/proxymap
unix 2 [ ACC ] SEQPACKET LISTENING 14350 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19882 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 19885 private/smtp
unix 2 [ ACC ] STREAM LISTENING 19888 private/relay
unix 2 [ ACC ] STREAM LISTENING 19894 private/error
unix 2 [ ] DGRAM 14373 /run/systemd/shutdownd
..................
//經常使用選項
-antlp
[root@seancheng ~]# netstat -antlp
[root@guilai ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1115/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1342/master
tcp 0 52 192.168.213.132:22 192.168.213.1:51255 ESTABLISHED 1409/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1115/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1342/master
6.5 ss
ss是一種網絡狀態查看工具,取代netstat
//語法:ss [options] [ FILTER ]
//經常使用的options:
-t:tcp協議相關
-u:udp協議相關
-w:裸套接字相關
-x:unix套接字相關
-l:listen狀態的鏈接
-a:全部
-n:數字格式
-p:相關的程序及pid
-e:擴展的信息
-m:內存用量
-o:顯示計時器信息
//常見的FILTER:
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
如:ss -tan state ESTABLISHED
//常見的state:
//tcp finite state machine:有限狀態機
LISTEN:監聽
ESTABLISHED:已創建的鏈接
//EXPRESSION:
dport =
sport =
示例:'( dport = :ssh or sport = :ssh)',此處的ssh也即服務名可使用其對應的端口號代替,等號兩邊必須有空格
//經常使用組合:
[root@seancheng ~]# ss -tan
[root@guilai ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 0 192.168.213.132:22 192.168.213.1:51255
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@seancheng ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@seancheng ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1115,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1342,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1115,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1342,fd=14))
[root@seancheng ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 ::1:323 :::*
常見端口
| 服務 | 端口號 |
|---|---|
| http | 80/tcp |
| https | 443/tcp |
| ssh | 22/tcp |
| ftp | 20,21/tcp |
| mysql | 3306/tcp |
| rsync | 873/rsync |
| redis | 6379/tcp |
| Telnet | 23/tcp |
| TFTP | 69/udp |
6.6 網絡故障排查
網絡故障分爲硬件/軟件故障
網卡損壞
鏈路故障
網卡驅動不兼容
網絡排查思路
ping本地迴環口, 肯定本機TCP/IP協議棧是否正常
ping本機IP地址, 肯定本地設備以及驅動是否正常
ping同網段主機, 肯定二層網絡是否正常工做
ping網關地址, 肯定本地與網絡是否正常
ping公網地址, 肯定本地路由是否正常
ping公網域名, 肯定DNS客戶端是否正常
服務故障排查思路
使用telnet檢測端口是否開放
檢查服務端防火牆以及SElinux
檢查相應的權限是否配置正常
檢查日誌是否有異常
檢查完畢後持續測試
建議:
全部的排查思路都從OSI七層模型由下往上逐一進行排查(學會看日誌)
做業
1.如何查看系統中每一個ip的鏈接數
[root@guilai ~]# netstat -na |awk '{print $5}'|awk -F: '{print $1}'|grep [[:digit:]]
0.0.0.0
0.0.0.0
192.168.213.1
0.0.0.0
2.請列出下列服務使用的端口,http,ftp,ssh,telnet,mysql,dns
| 服務 | 端口號 |
|---|---|
| http | 80/tcp |
| ssh | 22/tcp |
| ftp | 20,21/tcp |
| telent | 23/tcp |
| mysql | 3306/tcp |
| dns | 53udp |
3.如何在虛擬機上新增長一塊網卡,並配置IP爲172.16.0.10,指定網關爲172.16.0.1
[root@guilai ~]# cd /etc/sysconfig/network-scripts/
[root@guilai network-scripts]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
[root@guilai network-scripts]# systemctl stop NetworkManager
[root@guilai network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@guilai network-scripts]# vim ifcfg-eth1
[root@guilai network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee
DEVICE=eth1
NAME=eth1
ONBOOT=yes
IPADDR=172.16.0.10
NETMASK=255.255.255.0
GATEWAY=172.16.0.1
DNS1=192.168.213.2
[root@guilai network-scripts]# systemctl enable NetworkManager
[root@guilai network-scripts]# systemctl start NetworkManager
[root@guilai network-scripts]# systemctl restart network
[root@guilai network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.10 netmask 255.255.255.0 broadcast 172.16.0.255
inet6 fe80::f35b:4df0:b42a:4fe9 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:84:06:ee txqueuelen 1000 (Ethernet)
RX packets 47 bytes 4035 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 1284 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4.詳細描述dns解析過程,以訪問www.baidu.com爲例
訪問www.baidu.com 通過dns域名解析返回www.baidu.com的ip地址
5.如何查看系統中運行了多少個進程
[root@guilai ~]# ps -ef >a [root@guilai ~]# cat -n a 用最大行數減一
6.如何查看系統中啓動了哪些端口
[root@guilai ~]# netstat -an
7.如何查看是否開啓80端口,及查看sshd進程是否存在
[root@guilai ~]# netstat -anp |grep ssh 安裝lsof [root@guilai ~]# lsof -i :80 [root@guilai ~]# lsof -i :ssh
8.列出全部處於監聽狀態的tcp端口
[root@guilai ~]# netstat -ltpnu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1238/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1472/master tcp6 0 0 :::22 :::* LISTEN 1238/sshd tcp6 0 0 ::1:25 :::* LISTEN 1472/master udp 0 0 127.0.0.1:323 0.0.0.0:* 765/chronyd udp6 0 0 ::1:323 :::* 765/chronyd
9.查看全部的端口信息, 包括 PID 和進程名稱
[root@guilai ~]# netstat -ap
相關文章
- 1. Linux基礎_網絡管理
- 2. linux 網絡管理基礎
- 3. Linux網絡管理(網絡基礎)
- 4. Linux | 網絡管理基礎命令
- 5. Linux基礎學習-網絡管理
- 6. 網絡管理——基礎篇
- 7. Linux網絡基本管理
- 8. linux基礎上機練習(九)基礎網絡管理
- 9. Linux基礎(進程管理、服務管理(systemctl命令)、網絡管理(Linux下配置網絡))
- 10. Linux 網絡基礎
- 更多相關文章...
- • Kotlin 基礎語法 - Kotlin 教程
- • Scala 基礎語法 - Scala教程
- • Docker 清理命令
- • Kotlin學習(二)基本類型
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 融合阿里雲,牛客助您找到心儀好工作
- 2. 解決jdbc(jdbctemplate)在測試類時不報錯在TomCatb部署後報錯
- 3. 解決PyCharm GoLand IntelliJ 等 JetBrains 系列 IDE無法輸入中文
- 4. vue+ant design中關於圖片請求不顯示的問題。
- 5. insufficient memory && Native memory allocation (malloc) failed
- 6. 解決IDEA用Maven創建的Web工程不能創建Java Class文件的問題
- 7. [已解決] Error: Cannot download ‘https://start.spring.io/starter.zip?
- 8. 在idea讓java文件夾正常使用
- 9. Eclipse啓動提示「subversive connector discovery」
- 10. 帥某-技巧-快速轉帖博主文章(article_content)
歡迎關注本站公眾號,獲取更多信息
相關文章