ifcfg命令: ifconfig
ifconfig命令用来简单地获取网络接口配置信息,还可以修改这些配置。
ifconfig [网络设备] [参数]
# ifconfig -a:显示所有接口,包括inactive状态的接口;
[root@localhost ~]# ifconfig -a eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.50.100 netmask 255.255.0.0 broadcast 172.16.255.255 inet6 fe80::20c:29ff:fe73:7b4 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:73:07:b4 txqueuelen 1000 (Ethernet) RX packets 29862 bytes 2658256 (2.5 MiB) RX errors 0 dropped 50 overruns 0 frame 0 TX packets 5778 bytes 5550580 (5.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 1424 bytes 119716 (116.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1424 bytes 119716 (116.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifconfig interface [aftype] options |address ...
# ifconfig IFACE IP/MASK [up|down]
# ifconfig IFACE IP netmask NETMASK
例:# ifconfig eth1 192.168.1.100/24 up
# ifconfig eth1 192.168.10.200/24
# ifconfig eth1 0
清除ip地址
注意:立即送往内核中的TCP/IP协议栈,并生效;
route命令:在本地 IP 路由表中显示和修改条目网络命令
路由条目类型:
主机路由:目标地址为单个IP;
网络路由:目标地址为IP网络;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0;default;
查看:
# route -n (-n 表示不解析名字,列出速度会比route 快)
[root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
添加:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]
示例:route add-net 10.0.0.0/8 gw 172.16.10.1 dev eth0
[root@localhost ~]# route add -net 10.0.0.0/8 gw 172.16.10.1 dev eth0 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 172.16.10.1 255.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
route add -net 0.0.0.0/0.0.0.0 gw192.168.10.1
route add default gw 192.168.10.1
添加默认路由
删除:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
示例:route del -net 10.0.0.0/8 gw 172.16.10.1
[root@localhost ~]# route del -net 10.0.0.0/8 gw 172.16.10.1 [root@localhost ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
route del default
删除默认路由
netstat命令:
netstat是在内核中访问网络及相关信息的程序,它能提供TCP连接,TCP和UDP监听,进程内存管理的相关报告
显示路由表:netstat -rn
[root@localhost ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
-r:显示内核路由表
-n:数字格式
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t:显示TCP传输协议的相关连接,连接均有其状态;
-u:显示UDP传输协议相关的连接状态状态;
-w:显示raw socket传输协议相关的连接状态;
-l:处于监听状态的连接;
-a:显示所有socket状态;
-n:以数字格式显示IP和Port;
-e:扩展格式;
[root@localhost ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:45315 0.0.0.0:* LISTEN 1840/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1738/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2071/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1881/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2170/master tcp 0 0 :::32869 :::* LISTEN 1840/rpc.statd tcp 0 0 :::111 :::* LISTEN 1738/rpcbind tcp 0 0 :::22 :::* LISTEN 2071/sshd tcp 0 0 ::1:631 :::* LISTEN 1881/cupsd tcp 0 0 ::1:25 :::* LISTEN 2170/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1846/dhclient udp 0 0 0.0.0.0:49761 0.0.0.0:* 1840/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 1738/rpcbind udp 0 0 0.0.0.0:631 0.0.0.0:* 1881/cupsd udp 0 0 0.0.0.0:641 0.0.0.0:* 1738/rpcbind udp 0 0 127.0.0.1:745 0.0.0.0:* 1840/rpc.statd udp 0 0 :::111 :::* 1738/rpcbind udp 0 0 :::641 :::* 1738/rpcbind udp 0 0 :::37869 :::* 1840/rpc.statd
常用组合:
-tan, -uan, -tnl, -unl, -tunlp
传输层协议:
tcp:面向连接的协议;通信开始之前,要建立一个虚链路;通信完成后还要拆除连接;
udp:无连接的协议;直接发送数据报文;
显示接口的统计数据:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
所有接口:
netstat -i
[root@localhost ~]# netstat -i Kernel Interface table Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 0 12247 0 0 0 538 0 0 0 BMRU lo 65536 0 0 0 0 0 0 0 0 0 LRU
指定接口:
netstat -I<IFace>
ifup/ifdown命令:
注意:通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;
配置主机名:
hostname命令:
查看:hostname
配置:hostname HOSTNAME
当前系统有效,重启后无效;
hostnamectl命令(CentOS 7):
hostnamectl status:显示当前主机名信息;
hostnamectl set-hostname HOSTNAME:设定主机名,直接修改原文件,永久有效;
配置文件:/etc/sysconfig/network
HOSTNAME=<HOSTNAME>
注意:此方法的设置不会立即生效; 但以后会一直有效;
配置DNS服务器指向:
配置文件:/etc/resolv.conf
nameserver DNS_SERVER_IP
如何测试(host/nslookup/dig):
# dig -t A FQDN
FQDN --> IP
# dig -x IP
IP --> FQDN
ip命令:
show / manipulate routing, devices,policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help}
OBJECT := { link | addr |route | netns }
注意: OBJECT可简写,各OBJECT的子命令也可简写;
ip OBJECT:
ip link: network deviceconfiguration
ip link set 修改设备属性
[dev]NAME (default):指明要管理的设备,dev关键字可省略;
up和down:
multicaston或multicast off:启用或禁用多播功能;
nameNAME:重命名接口
mtuNUMBER:设置MTU的大小,默认为1500;
netnsPID:ns为namespace,用于将接口移动到指定的网络名称空间;
ip link show - display device attributes
ip link help - 显示简要使用帮助;
ip netns: - 管理网络名称空间.
ip netns list:列出所有的netns
ip netns add NAME:创建指定的netns
[root@localhost ~]# ip netns add eno16777736 netns mynet [root@localhost ~]# ip netns list eno16777736
ip netns del NAME:删除指定的netns
ip netns exec NAME COMMAND:在指定的netns中运行命令
例如:#ip netns add mynet
#ip link set eth0 netns mynet
ip address - protocol addressmanagement.
ip address add - add new protocoladdress
ip addr add IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名;
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
global:全局可用;
link:接口可用;
host:仅本可用;
例:ip addr add IPADDR dev IFACE label IFACE:#
指定别名之后才能在ifconfig中显示;
ipaddress delete - delete protocol address
ip addr delete IFADDR dev IFACE
ip address show - look at protocoladdresses
ip addr list [IFACE]:显示接口的地址;
ip address flush - flush protocoladdresses(清空)
ip addr flush dev IFACE
ip route - routing table management
ip route add - add new route
ip route change - change route
ip route replace - change or add newone
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
# ip route add 192.168.0.0/24 via 10.0.0.1 dev eth1 src 10.0.20.100
# ip route add default via GW
ip route delete - delete route
ip route del TYPE PRIFIX
示例:
# ip route delete 192.168.1.0/24
ip route show - list routes
TYPE PRIFIX
ip route flush - flush routing tables
TYPE PRIFIX
ip route get - get a single route
ip route get TYPE PRIFIX
示例:iproute get 192.168.0.0/24
ss命令:
ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
[root@localhost ~]# ss -tunlp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp UNCONN 0 0 *:123 *:* users:(("chronyd",791,1))
tcp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",791,3))
tcp UNCONN 0 0 :::123 :::* users:(("chronyd",791,2))
tcp UNCONN 0 0 ::1:323 :::* users:(("chronyd",791,5))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",1045,3))
tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",1337,13))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",1045,4))
tcp LISTEN 0 100 ::1:25
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION: 用来精确显示
dport =
sport =
示例:'( dport = :22 orsport = :22)'
~]# ss -tan '( dport = :22 or sport =:22 )'
~]# ss -tan state ESTABLISHED
配置文件:
IP/NETMASK/GW/DNS等属性的配置文件:/etc/sysconfig/network-scripts/ifcfg-IFACE
IFACE:接口名称;
路由的相关配置文件:/etc/sysconfig/networkj-scripts/route-IFACE
配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE通过大量参数来定义接口的属性;其可通过vim等文本编辑器直接修改,也可以使用专用的命令的进行修改(CentOS 6:system-config-network (setup),CentOS 7: nmtui)
ifcfg-IFACE配置文件参数:
DEVICE:此配置文件对应的设备的名称;
ONBOOT:在系统引导过程中,是否激活此接口;
UUID:此设备的惟一标识;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp、bootp、static、none;
TYPE:接口类型,常见的有Ethernet,Bridge;
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子网掩码;CentOS 7支持使用PREFIX以长度方式指明子网掩码;
GATEWAY:默认网关;
USERCTL:是否允许普通用户控制此设备;
PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcpserver分配的dns服务器指向覆盖本地手动指定的DNS服务器指向;默认为允许;
HWADDR:设备的MAC地址;
NM_CONTROLLED:是否使用NetworkManager服务来控制接口;
网络服务:
network
NetworkManager
管理网络服务:
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
配置文件修改之后,如果要生效,需要重启网络服务;
CentOS 6:# service network restart
CentOS 7:# systemctl restart network.service
用到非默认网关路由:/etc/sysconfig/network-scripts/route-IFACE
支持两种配置方式,但不可混用;
(1) 每行一个路由条目:
TARGET via GW
(2) 每三行一个路由条目:
ADDRESS#=TARGET
NETMASK#=MASK
GATEWAY#=NEXTHOP
给接口配置多个地址:
ip addr之外,ifconfig或配置文件都可以;
(1) ifconfig IFACE_LABEL IPADDR/NETMASK
IFACE_LABEL: eth0:0, eth0:1, ...
例: ifconfig lo:0192.168.20.100/24
(2) 为别名添加配置文件;
DEVICE=IFACE_LABEL
BOOTPROTO:网上别名不支持动态获取地址;
static, none
