Linux网络管理

阅读量：6843 次

发布时间：2019-06-26

本文共 20992 字，大约阅读时间需要 69 分钟。

一、Linux网络配置方式

Linux网络配置有两种方式, 如下:

静态指定:
- 命令: ifconfig, route, ip, ss, ...
- 配置文件
- 图形工具: CentOS 6(system-config-network-tui, setup); CentOS 7(nmtui)

动态分配: DHCP(Dynamic Host Configuration Protocol)

二、网路配置命令

2.1 ifconfig命令

用法1: ifconfig [interface]

# ifconfig [-a]: 显示所有网络接口详细信息, 不加“-a”也可以[root@zabbix ~]# ifconfig docker0: flags=4099
    
       mtu 1500        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0        ether 02:42:84:6c:65:e2  txqueuelen 0  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0eno16777736: flags=4163
     
        mtu 1500        inet 192.168.123.132  netmask 255.255.255.0  broadcast 192.168.123.255        inet6 fe80::20c:29ff:fe7b:f986  prefixlen 64  scopeid 0x20
              ether 00:0c:29:7b:f9:86  txqueuelen 1000  (Ethernet)        RX packets 225  bytes 25331 (24.7 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 254  bytes 82633 (80.6 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73
      
         mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
       
                loop  txqueuelen 0  (Local Loopback)        RX packets 12028  bytes 2818167 (2.6 MiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 12028  bytes 2818167 (2.6 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0# ifconfig IFACE: 显示指定网络接口详细信息[root@zabbix ~]# ifconfig docker0docker0: flags=4099
        
           mtu 1500        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0        ether 02:42:84:6c:65:e2  txqueuelen 0  (Ethernet)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

用法2: ifconfig interface [aftype] options | address ...

# ifconfig IFACE ip[/mask] [up]: 设置一个网络接口, up(默认)为启用;# ifconfig IFACE IP netmask MASK [up]: 同上[root@zabbix ~]# ifconfig eno16777736:0 192.168.123.133 up[root@zabbix ~]# ifconfig eno16777736:0eno16777736:0: flags=4163
    
       mtu 1500        inet 192.168.123.133  netmask 255.255.255.0  broadcast 192.168.123.255        ether 00:0c:29:7b:f9:86  txqueuelen 1000  (Ethernet)

Note: 以上配置方式为立即生效.

2.2 route命令

route命令用于进行路由管理.

查看当前内核路由表

用法: route -n

[root@zabbix ~]# route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.123.2   0.0.0.0         UG    100    0        0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0172.29.2.0      192.168.123.2   255.255.255.0   UG    100    0        0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U     100    0        0 eno16777736

添加路由

用法: route add [-net|-host] target [netmask Nm] [gw GW] [[dev] IFACE]

# 添加一条主机路由 目标为172.29.2.43, 网关为192.168.123.2;[root@zabbix ~]# route add -host 172.29.2.43 gw 192.168.123.2 dev eno16777736[root@zabbix ~]# route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.123.2   0.0.0.0         UG    100    0        0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0172.29.2.43     192.168.123.2   255.255.255.255 UGH   0      0        0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U     100    0        0 eno16777736# 添加一条网络路由, 目标为172.29.0.0; 网关为192.168.123.2root@zabbix ~]# route add -net 172.29.0.0 netmask 255.255.0.0 gw 192.168.123.2 dev eno16777736[root@zabbix ~]# route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.123.2   0.0.0.0         UG    100    0        0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0172.29.0.0      192.168.123.2   255.255.0.0     UG    0      0        0 eno16777736172.29.2.43     192.168.123.2   255.255.255.255 UGH   0      0        0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U     100    0        0 eno16777736# 添加一条默认路由, 网关为192.168.123.2; 以下两种方式都可以.[root@zabbix ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.123.2[root@zabbix ~]# route add default gw 192.168.123.2

删除路由

用法: route del [-net|-host] target [netmask Nm] [gw GW] [[dev] IFACE]

# 删除一条主机路由[root@zabbix ~]# route del -host 172.29.2.43[root@zabbix ~]# route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.123.2   0.0.0.0         UG    100    0        0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0172.29.0.0      192.168.123.2   255.255.0.0     UG    0      0        0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U     100    0        0 eno16777736# 删除一条网络路由[root@zabbix ~]# route del -net 172.29.0.0 netmask 255.255.0.0[root@zabbix ~]# route -nKernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         192.168.123.2   0.0.0.0         UG    100    0        0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0192.168.123.0   0.0.0.0         255.255.255.0   U     100    0        0 eno16777736

Note: 使用命令的方式配置的路由条目会立即生效, 但不会永久有效, 当重启网卡或者重启主机就会失效.

2.3 DNS解析命令

DNS配置文件: /etc/resolv.conf

nameserver DNS_SERVER_IP1nameserver DNS_SERVER_IP2nameserver DNS_SERVER_IP3

dns正向解析: FQDN(Fully Qualified Domain Name, 完全限定域名) --> IP

# dig -t A FQDN# host -t A FQDN

dns反向解析: IP --> FQDN

# dig -x IP# host -t PTR IP

2.4 网络连接查看命令 - netstat

netstat用于显示网络连接状态, 内核路由表, 接口统计, 伪装连接和组播成员.

显示网络连接

# -t: tcp协议相关# -u: udp协议相关# -r: raw socket相关# -l: 处于监听状态# -a: 所有状态# -n: 以数字显示IP和端口# -e: 扩展格式# -p: 显示相关进程及PID# 以数字格式显示所有tcp相关连接[root@zabbix ~]# netstat -tanActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address           Foreign Address         State      tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     ...# 以数字格式显示所有udp相关连接[root@zabbix ~]# netstat -uanActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address           Foreign Address         State      udp        0      0 0.0.0.0:6842            0.0.0.0:*                          udp        0      0 0.0.0.0:68              0.0.0.0:*                          udp        0      0 127.0.0.1:323           0.0.0.0:*                          udp6       0      0 ::1:323                 :::*                               udp6       0      0 :::34427                :::*                       # 以数字格式显示所有处于监听状态的tcp连接[root@zabbix ~]# netstat -tnlActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State      tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     tcp        0      0 0.0.0.0:10050           0.0.0.0:*               LISTEN     tcp        0      0 0.0.0.0:10051           0.0.0.0:*               LISTEN     tcp6       0      0 :::80                   :::*                    LISTEN     tcp6       0      0 :::22                   :::*                    LISTEN     tcp6       0      0 ::1:25                  :::*                    LISTEN     tcp6       0      0 :::10050                :::*                    LISTEN     tcp6       0      0 :::10051                :::*                    LISTEN     # 以数字格式显示所有处于监听状态udp连接: netstat -unl# 以数字格式显示所有处于监听状态的tcp连接, 并显示相关进程及pid: netstat -tnlp# 以数字格式显示所有出去监听状态的udp连接, 并显示相关进程和pid: netstat -unlp

显示内核路由表

用法: netstat {--route|-r} [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n]

# -r: 显示内核路由表[root@zabbix ~]# netstat -rKernel IP routing tableDestination     Gateway         Genmask         Flags   MSS Window  irtt Ifacedefault         gateway         0.0.0.0         UG        0 0          0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0172.29.2.0      gateway         255.255.255.0   UG        0 0          0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U         0 0          0 eno16777736# -n: 以数字格式显示[root@zabbix ~]# netstat -rnKernel IP routing tableDestination     Gateway         Genmask         Flags   MSS Window  irtt Iface0.0.0.0         192.168.123.2   0.0.0.0         UG        0 0          0 eno16777736172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0172.29.2.0      192.168.123.2   255.255.255.0   UG        0 0          0 eno16777736192.168.123.0   0.0.0.0         255.255.255.0   U         0 0          0 eno16777736

接口统计数据

用法: netstat {--interfaces|-I|-i} [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]

# -I
    
     : 显示指定接口[root@zabbix ~]# netstat -Idocker0Kernel Interface tableIface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flgdocker0   1500        0      0      0 0             0      0      0      0 BMU# -i: 显示所有网络接口[root@zabbix ~]# netstat -iKernel Interface tableIface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flgdocker0   1500        0      0      0 0             0      0      0      0 BMUeno16777  1500    21658      0      0 0          4968      0      0      0 BMRUlo       65536   130925      0      0 0        130925      0      0      0 LRU

2.5 路由信息(包括策略路由)、网络设备和ip隧道管理命令 - ip

用法: ip [ OPTIONS ] OBJECT { COMMAND | help }

OBJECT: { link | addr | route }OPTIONS: { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] | -n[etns] name }

网络接口信息查看

用法: ip link show

# 显示所有接口信息: ip link show[root@zabbix ~]# ip link show1: lo: 
    
      mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: 
     
       mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000    link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff3: docker0: 
      
        mtu 1500 qdisc noqueue state DOWN mode DEFAULT     link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff# 查看指定接口新: ip link show dev IFACE[root@zabbix ~]# ip link show dev docker03: docker0: 
       
         mtu 1500 qdisc noqueue state DOWN mode DEFAULT     link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff# 查看所有已激活接口的信息: ip link show up[root@zabbix ~]# ip link show up1: lo: 
        
          mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: 
         
           mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff3: docker0: 
          
            mtu 1500 qdisc noqueue state DOWN mode DEFAULT link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff

网络接口状态设置

用法: ip link set

# 激活或禁用某个接口: ip link set dev IFACE up|down[root@zabbix ~]# ip link set dev docker0 down[root@zabbix ~]# ip link show up1: lo: 
    
      mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eno16777736: 
     
       mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000    link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff

ip地址管理

用法: ip addr

# ip地址的添加或移除: ip addr 
    
      IP_ADDRESS/MASK dev IFACE    # [label 'LABEL']: 添加地址时指明网卡标签    # [scope {global|link|host}]: 指明作用域        # global: 全局有效        # link: 仅链接有用        # host: 仅本机可用    # [broadcast ADDRESS]: 指明广播域# 添加一个新地址[root@zabbix ~]# ip addr add 192.168.123.101/24 dev eno16777736:0[root@zabbix ~]# ip addr show eno167777362: eno16777736: 
     
       mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff    inet 192.168.123.132/24 brd 192.168.123.255 scope global dynamic eno16777736       valid_lft 1685sec preferred_lft 1685sec    inet 192.168.123.101/24 scope global secondary eno16777736 # 新添加的地址       valid_lft forever preferred_lft forever    inet6 fe80::20c:29ff:fe7b:f986/64 scope link        valid_lft forever preferred_lft forever# 移除[root@zabbix ~]# ip addr del 192.168.123.101/24 dev eno16777736:0 # 删除[root@zabbix ~]# ip addr show dev eno167777362: eno16777736: 
      
        mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ffinet 192.168.123.132/24 brd 192.168.123.255 scope global dynamic eno16777736   valid_lft 1486sec preferred_lft 1486secinet6 fe80::20c:29ff:fe7b:f986/64 scope link    valid_lft forever preferred_lft forever# 指定一个标签[root@zabbix ~]# ip addr add 192.168.123.100/24 dev eno16777736 label 'eno16777736:0'[root@zabbix ~]# ifconfig eno16777736:0eno16777736:0: flags=4163
       
          mtu 1500    inet 192.168.123.100  netmask 255.255.255.0  broadcast 0.0.0.0    ether 00:0c:29:7b:f9:86  txqueuelen 1000  (Ethernet)[root@zabbix ~]# ip addr del 192.168.123.100/24 dev eno16777736 label 'eno16777736:0'# 查询协议地址: ip add show    # [dev IFACE]    # [label 'LABEL']    # [primary and secondary][root@zabbix ~]# ip add show dev docker03: docker0: 
        
          mtu 1500 qdisc noqueue state DOWN     link/ether 02:42:91:38:6b:00 brd ff:ff:ff:ff:ff:ff    inet 172.17.0.1/16 scope global docker0       valid_lft forever preferred_lft forever# 清空协议地址: ip add flush[root@zabbix ~]# ip addr flush dev eno16777736 label 'eno16777736:0'

路由管理

# 添加路由: ip route add TARGET via GW dev IFACE [src SOURCE_IP]    # 主机路由: IP    # 网络路由: IP/MASK[root@zabbix ~]# ip route add to 172.29.2.43 via  192.168.123.2 dev eno16777736 # 主机路由不用指定掩码, 默认为32[root@zabbix ~]# ip route add 172.29.0.0/16 via 192.168.123.2[root@zabbix ~]# ip route add default via 192.168.123.2 # 添加默认网关# 显示内核路由表: ip route show[root@zabbix ~]# ip route showdefault via 192.168.123.2 dev eno16777736  proto static  metric 100 172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 172.29.0.0/16 via 192.168.123.2 dev eno16777736 172.29.2.43 via 192.168.123.2 dev eno16777736 192.168.123.0/24 dev eno16777736  proto kernel  scope link  src 192.168.123.132  metric 100#删除路由: ip route del TARGET[root@zabbix ~]# ip route del 172.29.2.43[root@zabbix ~]# ip route del 172.29.0.0/16[root@zabbix ~]# ip route del default[root@zabbix ~]# ip route showdefault via 192.168.123.2 dev eno16777736  proto static  metric 100 172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 192.168.123.0/24 dev eno16777736  proto kernel  scope link  src 192.168.123.132  metric 100 # 清空路由表: ip route flush    # [dev IFACE]    # [via PREFIX][root@zabbix ~]# ip route flush dev eno16777736[root@zabbix ~]# ip route show172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

Note: 以上方式添加或删除的路由立即生效, 重启系统或者network服务后失效.

2.6 网络套接字接口查看工具

用法: ss [options] [FILTER]

# [options]:    # -t: tcp协议相关    # -u: udp协议相关    # -w: 裸套接字相关    # -x: unix sock相关    # -l: listen状态的连接    # -a: 所有状态    # -n: 数字格式    # -p: 相关的程序及pid    # -e: 扩展的信息    # -m: 内存用量    # -o: 计时器信息# [FILTER]:    # FILETER: [state TCP-STATE] [EXPRESSION]        # TCP-STATE: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.        # EXPRESSION: dport =; sport =; 示例: '( dport = :ssh or sport = :ssh )'# 以数字格式显示所有tcp相关连接: ss -tan[root@zabbix ~]# ss -tanState      Recv-Q Send-Q                  Local Address:Port                                 Peer Address:Port              LISTEN     0      50                                  *:3306                                            *:*                  LISTEN     0      128                                 *:22                                              *:*                  LISTEN     0      100                         127.0.0.1:25                                              *:*                  LISTEN     0      128                                 *:10050                                           *:*                  LISTEN     0      128                                 *:10051                                           *:*                  ESTAB      0      0                     192.168.123.132:46052                             192.168.123.132:3306               ...# 常用组合: -tan, -tanl, =tanlp, -uan# 通过FILTER过滤[root@zabbix ~]# ss -tan state established '( sport = 3306 )' Recv-Q Send-Q                            Local Address:Port                                           Peer Address:Port              0      0                               192.168.123.132:3306                                        192.168.123.132:40527              0      0                               192.168.123.132:3306                                        192.168.123.132:40526              0      0                               192.168.123.132:3306                                        192.168.123.132:40539              0      0                               192.168.123.132:3306                                        192.168.123.132:40528              0      0                               192.168.123.132:3306                                        192.168.123.132:40537              0      0                               192.168.123.132:3306                                        192.168.123.132:40545              0      0                               192.168.123.132:3306                                        192.168.123.132:40533              0      0                               192.168.123.132:3306                                        192.168.123.132:40538              0      0                               192.168.123.132:3306                                        192.168.123.132:40534              0      0                               192.168.123.132:3306                                        192.168.123.132:40531              0      0                               192.168.123.132:3306                                        192.168.123.132:40541              0      0                               192.168.123.132:3306                                        192.168.123.132:40530              0      0                               192.168.123.132:3306                                        192.168.123.132:40529              0      0                               192.168.123.132:3306                                        192.168.123.132:40544              0      0                               192.168.123.132:3306                                        192.168.123.132:40542              0      0                               192.168.123.132:3306                                        192.168.123.132:40535              0      0                               192.168.123.132:3306                                        192.168.123.132:40543              0      0                               192.168.123.132:3306                                        192.168.123.132:40540              0      0                               192.168.123.132:3306                                        192.168.123.132:40546              0      0                               192.168.123.132:3306                                        192.168.123.132:40532              0      0                               192.168.123.132:3306                                        192.168.123.132:40536              0      0                               192.168.123.132:3306                                        192.168.123.132:40596              0      0                               192.168.123.132:3306                                        192.168.123.132:40547

2.7 修改网络配置文件

IP, MASK, GW, DNS相关配置文件: /etc/sysconfig/network-scripts/ifcfg-IFACE

DEVICE="IFACE": 此配置文件应用到的设备HWADDR="MAC_ADDRESS": 对应设备的mac地址BOOTPROTO=="static|dhcp|none|bootp": 激活此设备时使用的地址配置协议NM_CONTROLLED="yes|no": NM是NetworkManager的简写, 此网卡是否接受NM控制, CentOS简写为“no”ONBOOT="yes|no": 在系统引导时是否激活此设备TYPE="Ethernet|Bridge": 接口类型UUID="uuid": 设备的唯一标识IPADDR="IP_ADDRESS": 指明IP地址NETMASK="MASK": 子网掩码GATEWAY="gateway": 默认网关DNS1="DNS_SERVER_IP1": 第一个DNS服务器DNS2="DNS_SERVER_IP2":DNS3="DNS_SERVER_IP3":USERCTL="yes|no": 普通用户是否可控制此设备PEERDNS="yes|no": 如果BOOTPROTO的值为“dhcp”, 是否允许dhcp server分配的dns服务器指向信息直接覆盖至/etc/resolv.conf文件中

Note: 通过网络配置文件给网卡配置多地址, ifcfg-IFACE_ALIAS中DEVICE="IFACE_ALIAS", 网卡别名不用使用DHCP引导.

路由相关配置文件: /etc/sysconfig/network-scripts/route-IFACE

# 两种方式:# 1. TARGET via GW[root@zabbix network-scripts]# vim route-eno16777736172.29.0.0/16 via 192.168.123.22. 每三行定义一条路由# ADDRESS#(#号表示数字, 表示第几组路由)=TARGET# NETMASK#=mask# GATEWAY#=GW[root@zabbix network-scripts]# vim route-eno16777736 ADDRESS0=172.29.2.0NETMASK0=255.255.255.0GATEWAY0=192.168.123.2

转载于:https://blog.51cto.com/13501622/2063581

你可能感兴趣的文章

嘿，微软：Windows Store到底有多少应用了？

查看>>

系统宕机：设备和应用不再是大问题，人为错误是关键

查看>>

来看看Win32资源监视器在Fluent Design设计语言下的样子

查看>>