1、配置命令
如果一台服务器需要通外网,能被远程连接,就得给这个台服务器配置ip,子网掩码和网关和DNS,下面就来说下网卡的配置方式及各种命令。
配置方式:
1、静态指定,ifconfig、ip
ifconfig命令:
[[email protected] ~]# ifconfig eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.18.254.97 netmask 255.255.0.0 broadcast 172.18.255.255 inet6 fe80::20c:29ff:fe7c:7e0b prefixlen 64 scopeid 0x20<link> ether 00:0c:29:7c:7e:0b txqueuelen 1000 (Ethernet) RX packets 4402 bytes 722088 (705.1 KiB) RX errors 0 dropped 26 overruns 0 frame 0 TX packets 103 bytes 12847 (12.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 //环回地址 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 2 bytes 98 (98.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 98 (98.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
直接ifconfig命令可以查看当前启用的网卡及IP地址,子网掩码,mac地址等。后面加个-a选项可以显示出当前服务器上所有的网卡信息,包括未启用的。
[[email protected] ~]# ifconfig eno33554960 192.168.0.100/24 up eno33554960: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.100 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::20c:29ff:fe7c:7e15 prefixlen 64 scopeid 0x20<link>
用法: ifconfig ethX IP/MASK up|down
ifconfig后面直接接网卡名称 IP地址和掩码可以直接配置IP,并且是立即生效的,但不是永久生效。
也可以直接ifup ethX /ifdown ethX 启动网卡/关闭网卡。
[[email protected] ~]# ifconfig eno33554960 promisc //开启混杂模式 [[email protected] ~]# ifconfig eno33554960 -promisc //关闭混杂模式 eno33554960: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
混杂模式:指的是一台服务器能够接收到所有的数据流,无论目标地址是否是它,默认情况下网卡只把发给本机的包(包括广播包)传送给上层程序。一般是网络管理员诊断网络问题时开启。
route:路由查看及管理
路由条目类型:
主机路由:目标地址为单个IP (host )
网络路由:目标地址为IP网络 ( net )
默认路由:目标为任意主机,0.0.0.0/0.0.0.0
[[email protected] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.18.0.1 0.0.0.0 UG 100 0 0 eno16777728 172.18.0.0 0.0.0.0 255.255.0.0 U 100 0 0 eno16777728 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno33554960
直接route的话会把ip地址反解成主机名,如果路由中有大量的单机地址,会导致route显示非常的慢,而且效率非常低。
-n:以数字形式显示路由信息.
添加路由条目: [子网掩码] [下一跳]
route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If]
[[email protected] ~]# route add -net 10.0.0.0/8 gw 172.18.0.1 //网卡可以省略 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.18.0.1 0.0.0.0 UG 100 0 0 eno16777728 10.0.0.0 172.18.0.1 255.0.0.0 UG 0 0 0 eno16777728
注意,下一跳的地址必须跟网卡的IP在同一网段上。
删除路由条目:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
[[email protected] ~]# route del -net 10.0.0.0/8
[[email protected] ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.18.0.1 0.0.0.0 UG 100 0 0 eno16777728
default:默认路由,相当于0.0.0.0
netstat命令:状态及统计数据查看
-rn:以数字形式显示内核路由表 相当于route -n
显示网络连接状态:
-t:显示tcp协议的相关的连接 tcp:面向连接的协议;通信开始之前,要建立一个虚链路;通信完成后还要拆除连接
-u:显示udp协议的相关连接 udp:无连接协议,直接发送数据报文
-w:显示raw socket(套接字)的相关连接
-l:显示正在监听的相关连接
-a:显示所有连接
-n:以数字形式显示IP和端口
-p: 显示相关的进程和PID
常见的组合: -ntlp /-utlp
[[email protected] ~]# netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1373/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2010/master tcp6 0 0 :::22 :::* LISTEN 1373/sshd tcp6 0 0 ::1:25 :::* LISTEN 2010/master
显示接口的统计数据:
netstat -I //显示所有接口
netstat -Idev //显示单个网卡接口
[[email protected] ~]# netstat -I Kernel Interface table Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eno16777 1500 31798 0 124 0 1907 0 0 0 BMRU eno33554 1500 130267 0 0 0 141 0 0 0 BMPRU lo 65536 0 0 0 0 0 0 0 0 LRU
ip命令:
ip link:网络设备配置
ip link show:显示网络设备信息
ip link set :修改网络设备信息
[[email protected] ~]# ip link show //显示二层网络信息 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:0b brd ff:ff:ff:ff:ff:ff 3: eno33554960: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:15 brd ff:ff:ff:ff:ff:ff
修改eno33554960的名称: 修改前得把网卡down掉。
用法:ip link set name ethX Name ethX
[[email protected] ~]# ip link set eno33554960 down [[email protected] ~]# ip link set eno33554960 name eth0 [[email protected] ~]# ip link show 3: eth0: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:15 brd ff:ff:ff:ff:ff:ff
把eth0的混杂模式去掉:
用法:ip link set FUNCTION on/off ethX
[[email protected] ~]# ip link set promisc off eth0 [[email protected] ~]# ip link 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:15 brd ff:ff:ff:ff:ff:ff
netns PID : 虚拟化,用于将接口移动到指定的网络名称空间 //centos7以下不支持
[[email protected] ~]# ip netns help Usage: ip netns list //列出netns ip netns add NAME //添加netns ip netns delete NAME //删除netns ip netns identify PID ip netns pids NAME ip netns exec NAME cmd ... //在指定的netns中运行命令 ip netns monitor
添加一个叫firstnet的虚拟化网络,并把eth0移动到此网络中,查看虚拟化网络信息
[[email protected] ~]# ip netns add firstnet [[email protected] ~]# ip netns firstnet [[email protected] ~]# ip link set eth0 netns firstnet [[email protected] ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:0b brd ff:ff:ff:ff:ff:ff
查看虚拟化网络信息:
[[email protected] ~]# ip netns exec firstnet ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:7c:7e:15 brd ff:ff:ff:ff:ff:ff
删除虚拟化网络: //删除后eth0可以再物理地址查到
[[email protected] ~]# ip netns add firstnet
ip addr:显示网卡信息(包括IP)
ip addr show:显示网卡信息
ip addr add IPADDR dev ethX :添加IP
ip addr del IPADDR dev ethX:删除IP
[[email protected] ~]# ip addr show 2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:7c:7e:0b brd ff:ff:ff:ff:ff:ff inet 172.18.254.97/16 brd 172.18.255.255 scope global eno16777728 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe7c:7e0b/64 scope link valid_lft forever preferred_lft forever
添加一个IP:
[[email protected] ~]# ip addr add 192.168.1.100/24 dev eno33554960 [[email protected] ~]# ip addr 3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:7c:7e:15 brd ff:ff:ff:ff:ff:ff inet 172.18.252.96/16 brd 172.18.255.255 scope global dynamic eno33554960 valid_lft 83229sec preferred_lft 83229sec inet 192.168.1.100/24 scope global eno33554960 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe7c:7e15/64 scope link valid_lft forever preferred_lft forever
删除一个IP:
[[email protected] ~]# ip addr del 192.168.1.100/24 dev eno33554960
或者可以清空一个网卡的ip:
ip addr flush dev ethX
ip route: 实现路由表管理
ip route add:添加路由
ip route del:删除路由
ip route show:显示路由
ip route flush :清空路由
用法: ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
[ 目标地址 ] [下一跳] [指定源地址]
[[email protected] ~]# ip route add 192.168.1.0/24 via 172.18.0.1 dev eno33554960 [[email protected] ~]# ip route list 192.168.1.0/24 via 172.18.0.1 dev eno33554960
指定网卡上的哪个ip:
[[email protected] ~]# ip addr add 172.18.254.100/16 dev eno33554960 [[email protected] ~]# ip addr show inet 172.18.252.96/16 brd 172.18.255.255 scope global dynamic eno33554960 valid_lft 81531sec preferred_lft 81531sec inet 172.18.254.100/16 scope global secondary eno33554960
[[email protected] ~]# ip route add 10.0.0.0/8 via 172.18.0.1 dev eno33554960 src 172.18.254.100 [[email protected] ~]# ip route show 10.0.0.0/24 via 172.18.0.1 dev eno33554960 src 172.18.254.100
删除路由:
[[email protected] ~]# ip route del 10.0.0.0/24
清空路由表: 需指明具体范围
[[email protected] ~]# ip route flush 172.18/16
ss命令: 取代netstat命令
ss [option] [FILTER]
选项:
-t:显示tcp协议的相关的连接
-u:显示udp协议的相关连接
-w:显示raw socket(套接字)的相关连接
-l:显示正在监听的相关连接
-a:显示所有连接
-n:以数字形式显示IP和端口
-p: 显示相关的进程和PID
-m:内存用量
-o:计时器信息
ss还有过滤的功能:
[[email protected] ~]# ss -tan state established //指明已建立连接的 Recv-Q Send-Q Local Address:Port Peer Address:Port 0 52 172.18.254.97:22 172.18.252.65:50817
2、文件配置
通过修改配置文件来配置IP:
第一种方法:
centos6可以在命令行输入setup或者system-config-network,通过图形界面来配置IP。
centos7可以在命令行输入nmtui,通过图形界面来配置IP。
第二种方法:
修改/etc/sysconfig/network-scripts/ifcfg-ethX文件。
[[email protected] network-scripts]# cat ifcfg-eno16777728 TYPE=Ethernet //设备类型 BOOTPROTO=static //激活此设备时用什么协议来配置接口属性,有DHCP.BOOTP.Static.non DEFROUTE=yes // 默认路由 PEERDNS=yes // 如果用DHCP协议,是否允许DHCP Server分配的dns来覆盖本地手动指定的DN IPV6INIT=yes //是否初始化ipv6 NAME=eno16777728 //设备别名 UUID=7d317209-c3a3-40c6-948c-08e9ecfbd5cb //设备的唯一标识 DEVICE=eno16777728 //设备名称 ONBOOT=yes //是否开机启动 IPADDR= //IP地址 NETMASK= //子网掩码 GATEWAY= //网关 DNS1= //定义DNS DOMAIN= //定义DNS域 USERCTL=no //是否允许普通用户控制此设备 NM_CONTROLLED=no //是否使用NetworkManager服务来控制接口 /不建议开启
修改完后重启network服务: 此方式配置的IP地址永久有效
centos6:service network restart
centos7:systemctl restart network.service
路由配置文件:
在/etc/sysconfig/network-scripts/route-ethX
支持两种配置方式,但不可混用
1、每行一个路由条目
target via gw
[[email protected] network-scripts]# vim ifcfg-eno33554960 [[email protected] network-scripts]# cat route-eno33554960 192.168.0.0/24 via 172.18.0.1 [[email protected] network-scripts]# ip route show 192.168.0.0/24 via 172.18.0.1 dev eno33554960 proto static metric 100
2、每三行一个路由条目:#表示数字,可以写多组路由条目
ADDRESS#=target
NETMASK#=mask
GATEWAY#=nexthop
[[email protected] network-scripts]# cat route-eno33554960 ADDRESS0=10.0.0.0 NETMASK0=255.0.0.0 GATEWAY0=172.18.0.1 [[email protected] network-scripts]# ip route show 10.0.0.0/8 via 172.18.0.1 dev eno33554960 proto static metric 100