关于作者
周李杰 ,最后一批90后,现居湖北武汉
孤独患者,懒癌中期,无脑幻想者。但却人畜无害,无需远离。
兴趣众多,然无一精通。正努力成为一个有趣的人。
1 2 > print("👆以上是不完整的我") //请我吃大餐将会了解更多 >
[TOC]
网卡命名 传统网卡命名机制
传统命名:
以太网eth[0,1,2,…]
wlan[0,1,2,…]
redhat7网卡命名机制
systemd对网络设备的命名方式:
如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测,则根据此索引进行命名,例如eno1
如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,例如ens1
如果硬件接口的物理位置信息可用,则根据此信息进行命名,例如enp2s0
如果用户显式启动,也可根据MAC地址进行命名,例如enx2387a1dc56
上述均不可用时,则使用传统命名机制
上述命名机制中,有的需要biosdevname程序的参与。所以必须安装biosdevname程序且启用它。
网络接口名称组成格式 网卡设备的命名过程
udev,辅助工具程序/lib/udev/rename_device会根据/usr/lib/udev/rules.d/60-net.rules中的信息设定网卡名称
biosdevname会根据/usr/lib/udev/rules.d/71-biosdevname.rules中的信息设定网卡名称
通过udev检测网络接口设备,根据/usr/lib/udev/rules.d/75-net-description中的变量信息设定网卡名称
回归传统命名 修改网卡配置文件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [root@zhoulijie ~] [root@zhoulijie network-scripts] [root@zhoulijie network-scripts] TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0 //此处要把ens33改成eth0 UUID=bb501ad9-f26f-4310-b857-14a1fc520546 DEVICE=eth0 //此处要把ens33改成eth0 ONBOOT=yes IPADDR=192.168.83.140 NETMASK=255.255.255.0 GATEWAY=192.168.83.2 DNS1=192.168.83.2
编辑/etc/default/grub配置文件
在以GRUB_CMDLINE_LINUX开头的行内rhgb的前面加上net.ifnames=0 biosdevname=0
1 2 3 4 5 6 7 8 [root@zhoulijie network-scripts] GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release) " GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet" GRUB_DISABLE_RECOVERY="true"
为grub2生成其配置文件 1 2 3 4 5 6 7 [root@zhoulijie network-scripts] Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-fd0bcf5782d24ba5b903b175c35f328e Found initrd image: /boot/initramfs-0-rescue-fd0bcf5782d24ba5b903b175c35f328e.img done
重启系统 1 [root@zhoulijie network-scripts]
网络管理常用命令 ifconfig 查看当前处于活动状态的所有网络接口 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@zhoulijie ~] eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.83.140 netmask 255.255.255.0 broadcast 192.168.83.255 inet6 fe80::20c:29ff:feab:cc67 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ab:cc:67 txqueuelen 1000 (Ethernet) RX packets 694 bytes 64096 (62.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 435 bytes 53145 (51.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 18 bytes 1624 (1.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18 bytes 1624 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:f0:f8:b0 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
仅查看单个网卡状态 1 2 3 4 5 6 7 8 9 [root@zhoulijie ~] eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.83.140 netmask 255.255.255.0 broadcast 192.168.83.255 inet6 fe80::20c:29ff:feab:cc67 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ab:cc:67 txqueuelen 1000 (Ethernet) RX packets 726 bytes 66886 (65.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 453 bytes 56481 (55.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看所有网卡状态信息, 包括禁用和启用 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [root@zhoulijie ~] eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.83.140 netmask 255.255.255.0 broadcast 192.168.83.255 inet6 fe80::20c:29ff:feab:cc67 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:ab:cc:67 txqueuelen 1000 (Ethernet) RX packets 763 bytes 70122 (68.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 475 bytes 60789 (59.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 18 bytes 1624 (1.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18 bytes 1624 (1.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 52:54:00:f0:f8:b0 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 52:54:00:f0:f8:b0 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
网卡配置信息含义如下
UP: 网卡处于活动状态
BROADCAST: 支持广播
RUNNING: 网线已接入
MULTICAST: 支持组播
MTU: 最大传输单元(字节),即此接口一次所能传输的最大封包
inet: 显示IPv4地址行
inet6: 显示IPv6地址行
link/enther: 指设备硬件(MAC)地址
txqueuelen: 传输缓存区长度大小
RX packets: 接收的数据包
TX packets: 发送的数据包
errors: 总的收包的错误数量
dropped: 由于各种原因, 导致拷贝在内存过程中被丢弃
collisions: 网络信号冲突情况, 值不为0则可能存在网络故障
IP
//语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
查看网络有接口地址 1 2 3 4 5 6 7 8 9 [root@zhoulijie ~] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ab:cc:67 brd ff:ff:ff:ff:ff:ff 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:f0:f8:b0 brd ff:ff:ff:ff:ff:ff 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:f0:f8:b0 brd ff:ff:ff:ff:ff:ff
显示报文统计信息 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 [root@zhoulijie ~] 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 1624 18 0 0 0 0 TX: bytes packets errors dropped carrier collsns 1624 18 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:ab:cc:67 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 35806 380 0 0 0 0 TX: bytes packets errors dropped carrier collsns 27393 240 0 0 0 0 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:f0:f8:b0 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 1000 link/ether 52:54:00:f0:f8:b0 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0
启用或禁用网络接口ip link set DEV {up|down} 1 2 [root@zhoulijie ~] [root@zhoulijie ~]
查看网络接口的地址 1 2 3 4 5 6 7 [root@zhoulijie ~] 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ab:cc:67 brd ff:ff:ff:ff:ff:ff inet 192.168.83.140/24 brd 192.168.83.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feab:cc67/64 scope link valid_lft forever preferred_lft forever
添加IP地址 1 2 3 4 5 6 7 8 9 10 [root@zhoulijie ~] [root@zhoulijie ~] 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ab:cc:67 brd ff:ff:ff:ff:ff:ff inet 192.168.83.140/24 brd 192.168.83.255 scope global eth0 valid_lft forever preferred_lft forever inet 192.168.83.141/24 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feab:cc67/64 scope link valid_lft forever preferred_lft forever
删除IP地址 1 2 3 4 5 6 7 8 [root@zhoulijie ~] [root@zhoulijie ~] 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:ab:cc:67 brd ff:ff:ff:ff:ff:ff inet 192.168.83.140/24 brd 192.168.83.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feab:cc67/64 scope link valid_lft forever preferred_lft forever
路由管理
ip route:routing table management
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 //添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP TARGET: 主机路由:IP 网络路由:NETWORK/MASK //删除路由:ip route del TARGET TARGET: 主机路由:IP 网络路由:NETWORK/MASK //查看路由:ip route show //刷新路由表:ip route flush [dev IFACE] [via PREFIX]
route Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
查看当前路由表 1 2 3 4 5 6 [root@zhoulijie ~] Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 100 0 0 eth0 192.168.83.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
以数字方式显示各主机或端口等相关信息 1 2 3 4 5 6 [root@zhoulijie ~] Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.83.2 0.0.0.0 UG 100 0 0 eth0 192.168.83.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
增加路由
增加网段路由 1 2 [root@zhoulijie ~] [root@zhoulijie ~]
增加主机路由 删除路由 1 2 [root@zhoulijie ~] [root@zhoulijie ~]
hostname与hostnamectl 生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
地区
项目
业务
服务
节点
地址
wuhan
Supermarket
Library file
mysql
master01
192.168.83.1
guangzhou
Bank
Library file
mysql
master01
192.168.83.111
shanghai
Street
Library file
mysql
master01
192.168.83.10
查看主机名 1 2 [root@zhoulijie ~] zhoulijie
hostname临时修改主机名 1 2 3 [root@zhoulijie ~] [root@zhoulijie ~] [root@123 ~]
设置永久主机名 1 2 3 4 5 [root@123 ~] [root@123 ~] zhoulijie [root@123 ~] [root@zhoulijie ~]
注意: 在Linux中以命令方式修改网络配置只在当前状态有效,重启后将失效。故若想使修改的配置重启后依然有效,则必须编辑配置文件进行配置的修改。
网络相关配置文件 网络配置文件
网络配置文件:/etc/sysconfig/network
1 2 NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。 HOSTNAME:设置主机名
网络接口配置文件 网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [root@zhoulijie ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet //接口类型。常见的接口类型有:Ethernet,Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以 DEFROUTE=yes //将接口设定为默认路由[yes|no] IPV4_FAILURE_FATAL=no NAME=eth0 //连接名称 UUID=bb501ad9-f26f-4310-b857-14a1fc520546 //设备的惟一标识 DEVICE=eth0 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致 ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no } IPADDR=192.168.83.140 //固定IP地址 NETMASK=255.255.255.0 //子网掩码 GATEWAY=192.168.83.2 //默认网关 DNS1=192.168.83.2 //第一个DNS服务器指向(还可以有DNS2、DNS3)
路由配置文件 路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
添加格式1:
1 2 3 [root@zhoulijie ~] [root@zhoulijie ~] 192.168.83.0/24 via 192.168.83.2
添加格式2:
1 2 3 4 5 [root@zhoulijie ~] [root@zhoulijie ~] ADDRESS0=192.168.83.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.83.2
DNS配置文件 DNS配置文件的路径是/etc/resolv.conf
1 2 3 4 [root@zhoulijie ~]# vim /etc/resolv.conf [root@zhoulijie ~]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 192.168.83.2
NerworkManager管理网络 RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connect-editor
device物理设备, 例如 ens33,enp2s0,virbr0,team0connection连接设置, 具体网络配置方案
1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接
使用nmcli命令查看设备以及连接情况
查看设备状态 1 2 3 4 5 6 [root@zhoulijie ~] 设备 类型 状态 连接 virbr0 bridge 连接的 virbr0 eth0 ethernet 连接的 eth0 lo loopback 未托管 -- virbr0-nic tun 未托管 --
查看指定设备的详细状态 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [root@zhoulijie ~] GENERAL.设备: eth0 GENERAL.类型: ethernet GENERAL.硬盘: 00:0C:29:AB:CC:67 GENERAL.MTU: 1500 GENERAL.状态: 100 (连接的) GENERAL.连接: eth0 GENERAL.连接路径: /org/freedesktop/NetworkManager/ActiveConnection/1 WIRED-PROPERTIES.载波: 开 IP4.地址[1]: 192.168.83.140/24 IP4.网关: 192.168.83.2 IP4.路由[1]: dst = 192.168.83.144/32, nh = 192.168.83.2, mt = 0 IP4.DNS[1]: 192.168.83.2 IP6.地址[1]: fe80::20c:29ff:feab:cc67/64 IP6.网关: --
查看连接状态 1 2 3 4 [root@zhoulijie ~] 名称 UUID 类型 设备 eth0 bb501ad9-f26f-4310-b857-14a1fc520546 802-3-ethernet eth0 virbr0 d8b4e76e-b469-4ff4-8937-cef5cc254873 bridge virbr0
查看所有活动的连接 1 2 3 4 [root@zhoulijie ~] 名称 UUID 类型 设备 eth0 bb501ad9-f26f-4310-b857-14a1fc520546 802-3-ethernet eth0 virbr0 d8b4e76e-b469-4ff4-8937-cef5cc254873 bridge virbr0
查看指定设备连接的详细情况 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 [root@zhoulijie ~] connection.id: eth0 connection.uuid: bb501ad9-f26f-4310-b857-14a1fc520546 connection.stable-id: -- connection.interface-name: eth0 connection.type: 802-3-ethernet connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (默认) connection.timestamp: 1555937607 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (默认) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: 未知 connection.lldp: -1 (default) 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: no 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: 自动 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: 1 (default) 802-3-ethernet.wake-on-lan-password: -- ipv4.method: manual ipv4.dns: 192.168.83.2 ipv4.dns-search: -- ipv4.dns-options: (默认) ipv4.dns-priority: 0 ipv4.addresses: 192.168.83.140/24 ipv4.gateway: 192.168.83.2 ipv4.routes: -- ipv4.route-metric: -1 ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id: -- ipv4.dhcp-timeout: 0 ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (默认) ipv6.method: ignore ipv6.dns: -- ipv6.dns-search: -- ipv6.dns-options: (默认) ipv6.dns-priority: 0 ipv6.addresses: -- ipv6.gateway: -- ipv6.routes: -- ipv6.route-metric: -1 ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (未知) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-send-hostname: yes ipv6.dhcp-hostname: -- ipv6.token: -- proxy.method: none proxy.browser-only: no proxy.pac-url: -- proxy.pac-script: -- GENERAL.名称: eth0 GENERAL.UUID: bb501ad9-f26f-4310-b857-14a1fc520546 GENERAL.设备: eth0 GENERAL.状态: 已激活 GENERAL.默认: 是 GENERAL.默认6: 否 GENERAL.VPN 参数: 否 GENERAL.区: -- GENERAL.DBUS路径: /org/freedesktop/NetworkManager/ActiveConnection/1 GENERAL.连接路径: /org/freedesktop/NetworkManager/Settings/1 GENERAL.指定对象: -- GENERAL.主路径: -- IP4.地址[1]: 192.168.83.140/24 IP4.网关: 192.168.83.2 IP4.路由[1]: dst = 192.168.83.144/32, nh = 192.168.83.2, mt = 0 IP4.DNS[1]: 192.168.83.2 IP6.地址[1]: fe80::20c:29ff:feab:cc67/64 IP6.网关: --
使用原生network管理网络 CentOS/RHEL的网络配置文件默认目录为/etc/sysconfig/network-scriptsifcfg-eth0, 如果有第二块物理网卡, 配置文件则为ifcfg-eth1以此类推。 注意: 如果新增物理网卡没有配置文件,可选择复制系统默认的进行修改。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 //设置NetworkManger开机不启动, 同时停止NetworkManger服务 [root@zhoulijie ~]# systemctl disable NetworkManager [root@zhoulijie ~]# systemctl stop NetworkManager //添加一块物理网卡, 然后新增网络连接配置文件 //复制配置eth0配置文件为eth1 [root@zhoulijie ~]# cd /etc/sysconfig/network-scripts/ [root@zhoulijie network-scripts]# cp ifcfg-eth0 ifcfg-eth1 //编辑网卡配置文件 [root@zhoulijie ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 UUID=bb501ad9-f26f-4310-b857-14a1fc520546 DEVICE=eth1 ONBOOT=yes IPADDR=192.168.83.141 NETMASK=255.255.255.0 GATEWAY=192.168.83.2 DNS1=192.168.83.2 //重启network网络服务加载网络并设置开机启动 [root@zhoulijie ~]# systemctl restart network [root@zhoulijie ~]# systemctl enable network
网络检测工具与故障排查 ping ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况
1 2 3 4 //ping命令常用选项: -c 指定ping的次数 -i 指定ping包的发送间隔 -w 如果ping没有回应, 则在指定超时时间后退出
host与nslookup host/nslookup命令用于查询DNS记录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [root@zhoulijie ~] www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 180.97.33.107 www.a.shifen.com has address 180.97.33.108 [root@zhoulijie ~] Server: 192.168.83.2 Address: 192.168.83.2 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 180.97.33.108 Name: www.a.shifen.com Address: 180.97.33.107
traceroute traceroute命令用于路由跟踪, 检测网络故障出现在ISP运营商或是对端服务无法响应
1 2 3 4 5 6 7 8 [root@zhoulijie ~] traceroute to www.baidu.com (180.97.33.107), 30 hops max, 60 byte packets 1 gateway (192.168.83.2) 0.143 ms 0.066 ms 0.089 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * *
在武汉地区,路由追踪被运营商限制
在北上广深可以路由追踪
netstat netstat用于查看网络状态
显示路由表 1 2 3 4 5 6 7 [root@zhoulijie ~] Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 eth0 192.168.83.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.83.144 gateway 255.255.255.255 UGH 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
以数字方式显示路由表 1 2 3 4 5 6 7 [root@zhoulijie ~] Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.83.2 0.0.0.0 UG 0 0 0 eth0 192.168.83.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.83.144 192.168.83.2 255.255.255.255 UGH 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
显示建立的tcp连接 1 2 3 [root@zhoulijie ~] Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State
显示udp连接 1 2 3 [root@zhoulijie ~] Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State
显示监听状态的连接 1 2 3 4 5 6 7 8 [root@zhoulijie ~] Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 zhoulijie:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN ..................以下省略.......................
显示所有状态的连接 1 2 3 4 5 6 7 8 9 [root@zhoulijie ~] Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 zhoulijie:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN ..................以下省略.......................
常用选项
-antlp
1 2 3 4 5 6 7 [root@zhoulijie ~] Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:55033 0.0.0.0:* LISTEN 1732/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1726/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN ..................以下省略.......................
ss ss是一种网络状态查看工具,取代netstat
语法:ss [options][ FILTER ]
1 2 3 4 5 6 7 8 9 10 11 12 13 常见的FILTER: FILTER := [ state TCP-STATE ] [ EXPRESSION ] 如:ss -tan state ESTABLISHED 常见的state: //tcp finite state machine:有限状态机 LISTEN:监听 ESTABLISHED:已建立的连接 EXPRESSION: dport = sport = 示例:'( dport = :ssh or sport = :ssh)',此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格
常用组合 1 2 3 4 5 6 7 8 [root@zhoulijie ~] State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 0 172.16.12.128:22 172.16.12.1:56187 ESTAB 0 0 172.16.12.128:22 172.16.12.1:53808 LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::*
1 2 3 4 5 6 [root@zhoulijie ~] State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::*
1 2 3 4 5 6 [root@zhoulijie ~] State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* users:(("sshd" ,pid=889,fd=3)) LISTEN 0 100 127.0.0.1:25 *:* users:(("master" ,pid=1007,fd=13)) LISTEN 0 128 :::22 :::* users:(("sshd" ,pid=889,fd=4)) LISTEN 0 100 ::1:25 :::* users:(("master" ,pid=1007,fd=14))
1 2 3 4 5 [root@zhoulijie ~] State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:23511 *:* UNCONN 0 0 *:68 *:* UNCONN 0 0 :::35299 :::*
常见端口 1 2 3 4 5 6 7 http 80/tcp https 443/tcp ssh 22/tcp ftp 20,21/tcp mysql 3306/tcp rsync 873/rsync redis 6379/tcp
网络故障排查 练习 1.如何查看系统中每个ip的连接数
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
1 2 3 [root@zhoulijie ~] 1 Address 1 servers)
2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
http 80
ftp 20,21
ssh 22
telnet 23
mysql 3306
dns 53
3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@zhoulijie ~] [root@zhoulijie network-scripts] [root@zhoulijie network-scripts] [root@zhoulijie network-scripts] TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 //此处eth0改成eth1 UUID=bb501ad9-f26f-4310-b857-14a1fc520546 DEVICE=eth1 //此处eth0改成eth1 ONBOOT=yes IPADDR=172.16.0.10 //此处更改IP NETMASK=255.255.255.0 GATEWAY=172.16.0.1 //此处更改网关 DNS1=172.16.0.1 //此处更改DNS1 [root@zhoulijie network-scripts]
4.详细描述dns解析过程,以访问www.baidu.com为例
打开浏览器,输入一个域名:www.baidu.com,这时,你使用的电脑会发出一个DNS请求到本地DNS服务器。本地DNS服务器一般都是你的网络接入服务器商提供,比如中国电信,中国移动。
查询www.baidu.com的DNS请求到达本地DNS服务器之后,本地DNS服务器会首先查询它的缓存记录,如果缓存中有此条记录,就可以直接返回结果。如果没有,本地DNS服务器还要向DNS根服务器进行查询。
根DNS服务器没有记录具体的域名和IP地址的对应关系,而是告诉本地DNS服务器,你可以到域服务器上去继续查询,并给出域服务器的地址。
本地DNS服务器继续向域服务器发出请求,在这个例子中,请求的对象是.com域服务器。.com域服务器收到请求之后,也不会直接返回域名和IP地址的对应关系,而是告诉本地DNS服务器,你的域名的解析服务器的地址。
最后,本地DNS服务器向域名的解析服务器发出请求,这时就能收到一个域名和IP地址对应关系,本地DNS服务器不仅要把IP地址返回给用户电脑,还要把这个对应关系保存在缓存中,以备下次别的用户查询时,可以直接返回结果,加快网络访问。
5.如何查看系统中运行了多少个进程
ps -aux | wc -l
1 2 [root@zhoulijie network-scripts] 243
6.如何查看系统中启动了哪些端口
ss -tan
1 2 3 4 5 6 7 8 9 10 11 [root@zhoulijie ~] State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 ::1:25
7.如何查看是否开启80端口,及查看sshd进程是否存在
netstat -nultp | grep 80
1 2 3 [root@zhoulijie ~] [root@zhoulijie ~]
ps -aux | grep sshd
1 2 3 [root@zhoulijie ~] root 1193 0.0 0.2 105996 4076 ? Ss 18:48 0:00 /usr/sbin/sshd -D root 6448 0.0 0.0 112676 984 pts/0 R+ 22:23 0:00 grep --color=auto sshd
8.列出所有处于监听状态的tcp端口
netstat -l | grep tcp
1 2 3 4 5 6 7 8 9 10 [root@zhoulijie ~] tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 zhoulijie:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:ipp [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN
9.查看所有的端口信息, 包括 PID 和进程名称
netstat -antlp
1 2 3 4 5 6 7 8 9 10 11 12 [root@zhoulijie ~] Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1391/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1193/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1197/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1321/master tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1193/sshd tcp6 0 0 ::1:631 :::* LISTEN 1197/cupsd tcp6 0 0 ::1:25 :::* LISTEN 1321/master
打赏
