一、Linux网络配置方式
Linux网络配置有两种方式, 如下:
- 静态指定:
- 命令: ifconfig, route, ip, ss, ...
- 配置文件
- 图形工具: CentOS 6(system-config-network-tui, setup); CentOS 7(nmtui)
- 动态分配: DHCP(Dynamic Host Configuration Protocol)
二、网路配置命令
2.1 ifconfig命令
用法1: ifconfig [interface]
# ifconfig [-a]: 显示所有网络接口详细信息, 不加“-a”也可以
[root@zabbix ~]# ifconfig
docker0: flags=4099 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:84:6c:65:e2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno16777736: flags=4163 mtu 1500
inet 192.168.123.132 netmask 255.255.255.0 broadcast 192.168.123.255
inet6 fe80::20c:29ff:fe7b:f986 prefixlen 64 scopeid 0x20
ether 00:0c:29:7b:f9:86 txqueuelen 1000 (Ethernet)
RX packets 225 bytes 25331 (24.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 254 bytes 82633 (80.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 12028 bytes 2818167 (2.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12028 bytes 2818167 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ifconfig IFACE: 显示指定网络接口详细信息
[root@zabbix ~]# ifconfig docker0
docker0: flags=4099 mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
ether 02:42:84:6c:65:e2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 用法2: ifconfig interface [aftype] options | address ...
# ifconfig IFACE ip[/mask] [up]: 设置一个网络接口, up(默认)为启用;
# ifconfig IFACE IP netmask MASK [up]: 同上
[root@zabbix ~]# ifconfig eno16777736:0 192.168.123.133 up
[root@zabbix ~]# ifconfig eno16777736:0
eno16777736:0: flags=4163 mtu 1500
inet 192.168.123.133 netmask 255.255.255.0 broadcast 192.168.123.255
ether 00:0c:29:7b:f9:86 txqueuelen 1000 (Ethernet) Note: 以上配置方式为立即生效.
2.2 route命令
route命令用于进行路由管理.
查看当前内核路由表
用法: route -n
[root@zabbix ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 100 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.2.0 192.168.123.2 255.255.255.0 UG 100 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736添加路由
用法: route add [-net|-host] target [netmask Nm] [gw GW] [[dev] IFACE]
# 添加一条主机路由 目标为172.29.2.43, 网关为192.168.123.2;
[root@zabbix ~]# route add -host 172.29.2.43 gw 192.168.123.2 dev eno16777736
[root@zabbix ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 100 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.2.43 192.168.123.2 255.255.255.255 UGH 0 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
# 添加一条网络路由, 目标为172.29.0.0; 网关为192.168.123.2
root@zabbix ~]# route add -net 172.29.0.0 netmask 255.255.0.0 gw 192.168.123.2 dev eno16777736
[root@zabbix ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 100 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.0.0 192.168.123.2 255.255.0.0 UG 0 0 0 eno16777736
172.29.2.43 192.168.123.2 255.255.255.255 UGH 0 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
# 添加一条默认路由, 网关为192.168.123.2; 以下两种方式都可以.
[root@zabbix ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.123.2
[root@zabbix ~]# route add default gw 192.168.123.2删除路由
用法: route del [-net|-host] target [netmask Nm] [gw GW] [[dev] IFACE]
# 删除一条主机路由
[root@zabbix ~]# route del -host 172.29.2.43
[root@zabbix ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 100 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.0.0 192.168.123.2 255.255.0.0 UG 0 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
# 删除一条网络路由
[root@zabbix ~]# route del -net 172.29.0.0 netmask 255.255.0.0
[root@zabbix ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 100 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.123.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736Note: 使用命令的方式配置的路由条目会立即生效, 但不会永久有效, 当重启网卡或者重启主机就会失效.
2.3 DNS解析命令
DNS配置文件: /etc/resolv.conf
nameserver DNS_SERVER_IP1
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3dns正向解析: FQDN(Fully Qualified Domain Name, 完全限定域名) --> IP
# dig -t A FQDN
# host -t A FQDNdns反向解析: IP --> FQDN
# dig -x IP
# host -t PTR IP2.4 网络连接查看命令 - netstat
netstat用于显示网络连接状态, 内核路由表, 接口统计, 伪装连接和组播成员.
显示网络连接
用法: netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e] [--program|-p]
# -t: tcp协议相关
# -u: udp协议相关
# -r: raw socket相关
# -l: 处于监听状态
# -a: 所有状态
# -n: 以数字显示IP和端口
# -e: 扩展格式
# -p: 显示相关进程及PID
# 以数字格式显示所有tcp相关连接
[root@zabbix ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
...
# 以数字格式显示所有udp相关连接
[root@zabbix ~]# netstat -uan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:6842 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
udp6 0 0 :::34427 :::*
# 以数字格式显示所有处于监听状态的tcp连接
[root@zabbix ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10051 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::10050 :::* LISTEN
tcp6 0 0 :::10051 :::* LISTEN
# 以数字格式显示所有处于监听状态udp连接: netstat -unl
# 以数字格式显示所有处于监听状态的tcp连接, 并显示相关进程及pid: netstat -tnlp
# 以数字格式显示所有出去监听状态的udp连接, 并显示相关进程和pid: netstat -unlp显示内核路由表
用法: netstat {--route|-r} [--extend|-e[--extend|-e]] [--verbose|-v] [--numeric|-n]
# -r: 显示内核路由表
[root@zabbix ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.2.0 gateway 255.255.255.0 UG 0 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
# -n: 以数字格式显示
[root@zabbix ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.123.2 0.0.0.0 UG 0 0 0 eno16777736
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.29.2.0 192.168.123.2 255.255.255.0 UG 0 0 0 eno16777736
192.168.123.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736接口统计数据
用法: netstat {--interfaces|-I|-i} [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]
# -I: 显示指定接口
[root@zabbix ~]# netstat -Idocker0
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 0 0 0 0 0 0 0 BMU
# -i: 显示所有网络接口
[root@zabbix ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
docker0 1500 0 0 0 0 0 0 0 0 BMU
eno16777 1500 21658 0 0 0 4968 0 0 0 BMRU
lo 65536 130925 0 0 0 130925 0 0 0 LRU 2.5 路由信息(包括策略路由)、网络设备和ip隧道管理命令 - ip
用法: ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT: { link | addr | route }
OPTIONS: { -V[ersion] | -s[tatistics] | -r[esolve] | -f[amily] { inet | inet6 | ipx | dnet | link } | -o[neline] | -n[etns] name }网络接口信息查看
用法: ip link show
# 显示所有接口信息: ip link show
[root@zabbix ~]# ip link show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff
3: docker0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff
# 查看指定接口新: ip link show dev IFACE
[root@zabbix ~]# ip link show dev docker0
3: docker0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff
# 查看所有已激活接口的信息: ip link show up
[root@zabbix ~]# ip link show up
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff
3: docker0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT
link/ether 02:42:48:10:bd:c5 brd ff:ff:ff:ff:ff:ff 网络接口状态设置
用法: ip link set
# 激活或禁用某个接口: ip link set dev IFACE up|down
[root@zabbix ~]# ip link set dev docker0 down
[root@zabbix ~]# ip link show up
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff ip地址管理
用法: ip addr
# ip地址的添加或移除: ip addr IP_ADDRESS/MASK dev IFACE
# [label 'LABEL']: 添加地址时指明网卡标签
# [scope {global|link|host}]: 指明作用域
# global: 全局有效
# link: 仅链接有用
# host: 仅本机可用
# [broadcast ADDRESS]: 指明广播域
# 添加一个新地址
[root@zabbix ~]# ip addr add 192.168.123.101/24 dev eno16777736:0
[root@zabbix ~]# ip addr show eno16777736
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.123.132/24 brd 192.168.123.255 scope global dynamic eno16777736
valid_lft 1685sec preferred_lft 1685sec
inet 192.168.123.101/24 scope global secondary eno16777736 # 新添加的地址
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7b:f986/64 scope link
valid_lft forever preferred_lft forever
# 移除
[root@zabbix ~]# ip addr del 192.168.123.101/24 dev eno16777736:0 # 删除
[root@zabbix ~]# ip addr show dev eno16777736
2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:7b:f9:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.123.132/24 brd 192.168.123.255 scope global dynamic eno16777736
valid_lft 1486sec preferred_lft 1486sec
inet6 fe80::20c:29ff:fe7b:f986/64 scope link
valid_lft forever preferred_lft forever
# 指定一个标签
[root@zabbix ~]# ip addr add 192.168.123.100/24 dev eno16777736 label 'eno16777736:0'
[root@zabbix ~]# ifconfig eno16777736:0
eno16777736:0: flags=4163 mtu 1500
inet 192.168.123.100 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:7b:f9:86 txqueuelen 1000 (Ethernet)
[root@zabbix ~]# ip addr del 192.168.123.100/24 dev eno16777736 label 'eno16777736:0'
# 查询协议地址: ip add show
# [dev IFACE]
# [label 'LABEL']
# [primary and secondary]
[root@zabbix ~]# ip add show dev docker0
3: docker0: mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:91:38:6b:00 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
# 清空协议地址: ip add flush
[root@zabbix ~]# ip addr flush dev eno16777736 label 'eno16777736:0' 路由管理
# 添加路由: ip route add TARGET via GW dev IFACE [src SOURCE_IP]
# 主机路由: IP
# 网络路由: IP/MASK
[root@zabbix ~]# ip route add to 172.29.2.43 via 192.168.123.2 dev eno16777736 # 主机路由不用指定掩码, 默认为32
[root@zabbix ~]# ip route add 172.29.0.0/16 via 192.168.123.2
[root@zabbix ~]# ip route add default via 192.168.123.2 # 添加默认网关
# 显示内核路由表: ip route show
[root@zabbix ~]# ip route show
default via 192.168.123.2 dev eno16777736 proto static metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.29.0.0/16 via 192.168.123.2 dev eno16777736
172.29.2.43 via 192.168.123.2 dev eno16777736
192.168.123.0/24 dev eno16777736 proto kernel scope link src 192.168.123.132 metric 100
#删除路由: ip route del TARGET
[root@zabbix ~]# ip route del 172.29.2.43
[root@zabbix ~]# ip route del 172.29.0.0/16
[root@zabbix ~]# ip route del default
[root@zabbix ~]# ip route show
default via 192.168.123.2 dev eno16777736 proto static metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.123.0/24 dev eno16777736 proto kernel scope link src 192.168.123.132 metric 100
# 清空路由表: ip route flush
# [dev IFACE]
# [via PREFIX]
[root@zabbix ~]# ip route flush dev eno16777736
[root@zabbix ~]# ip route show
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1Note: 以上方式添加或删除的路由立即生效, 重启系统或者network服务后失效.
2.6 网络套接字接口查看工具
用法: ss [options] [FILTER]
# [options]:
# -t: tcp协议相关
# -u: udp协议相关
# -w: 裸套接字相关
# -x: unix sock相关
# -l: listen状态的连接
# -a: 所有状态
# -n: 数字格式
# -p: 相关的程序及pid
# -e: 扩展的信息
# -m: 内存用量
# -o: 计时器信息
# [FILTER]:
# FILETER: [state TCP-STATE] [EXPRESSION]
# TCP-STATE: established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait, closed, close-wait, last-ack, listen and closing.
# EXPRESSION: dport =; sport =; 示例: '( dport = :ssh or sport = :ssh )'
# 以数字格式显示所有tcp相关连接: ss -tan
[root@zabbix ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:10050 *:*
LISTEN 0 128 *:10051 *:*
ESTAB 0 0 192.168.123.132:46052 192.168.123.132:3306
...
# 常用组合: -tan, -tanl, =tanlp, -uan
# 通过FILTER过滤
[root@zabbix ~]# ss -tan state established '( sport = 3306 )'
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.123.132:3306 192.168.123.132:40527
0 0 192.168.123.132:3306 192.168.123.132:40526
0 0 192.168.123.132:3306 192.168.123.132:40539
0 0 192.168.123.132:3306 192.168.123.132:40528
0 0 192.168.123.132:3306 192.168.123.132:40537
0 0 192.168.123.132:3306 192.168.123.132:40545
0 0 192.168.123.132:3306 192.168.123.132:40533
0 0 192.168.123.132:3306 192.168.123.132:40538
0 0 192.168.123.132:3306 192.168.123.132:40534
0 0 192.168.123.132:3306 192.168.123.132:40531
0 0 192.168.123.132:3306 192.168.123.132:40541
0 0 192.168.123.132:3306 192.168.123.132:40530
0 0 192.168.123.132:3306 192.168.123.132:40529
0 0 192.168.123.132:3306 192.168.123.132:40544
0 0 192.168.123.132:3306 192.168.123.132:40542
0 0 192.168.123.132:3306 192.168.123.132:40535
0 0 192.168.123.132:3306 192.168.123.132:40543
0 0 192.168.123.132:3306 192.168.123.132:40540
0 0 192.168.123.132:3306 192.168.123.132:40546
0 0 192.168.123.132:3306 192.168.123.132:40532
0 0 192.168.123.132:3306 192.168.123.132:40536
0 0 192.168.123.132:3306 192.168.123.132:40596
0 0 192.168.123.132:3306 192.168.123.132:405472.7 修改网络配置文件
IP, MASK, GW, DNS相关配置文件: /etc/sysconfig/network-scripts/ifcfg-IFACE
DEVICE="IFACE": 此配置文件应用到的设备
HWADDR="MAC_ADDRESS": 对应设备的mac地址
BOOTPROTO=="static|dhcp|none|bootp": 激活此设备时使用的地址配置协议
NM_CONTROLLED="yes|no": NM是NetworkManager的简写, 此网卡是否接受NM控制, CentOS简写为“no”
ONBOOT="yes|no": 在系统引导时是否激活此设备
TYPE="Ethernet|Bridge": 接口类型
UUID="uuid": 设备的唯一标识
IPADDR="IP_ADDRESS": 指明IP地址
NETMASK="MASK": 子网掩码
GATEWAY="gateway": 默认网关
DNS1="DNS_SERVER_IP1": 第一个DNS服务器
DNS2="DNS_SERVER_IP2":
DNS3="DNS_SERVER_IP3":
USERCTL="yes|no": 普通用户是否可控制此设备
PEERDNS="yes|no": 如果BOOTPROTO的值为“dhcp”, 是否允许dhcp server分配的dns服务器指向信息直接覆盖至/etc/resolv.conf文件中Note: 通过网络配置文件给网卡配置多地址, ifcfg-IFACE_ALIAS中DEVICE="IFACE_ALIAS", 网卡别名不用使用DHCP引导.
路由相关配置文件: /etc/sysconfig/network-scripts/route-IFACE
# 两种方式:
# 1. TARGET via GW
[root@zabbix network-scripts]# vim route-eno16777736
172.29.0.0/16 via 192.168.123.2
2. 每三行定义一条路由
# ADDRESS#(#号表示数字, 表示第几组路由)=TARGET
# NETMASK#=mask
# GATEWAY#=GW
[root@zabbix network-scripts]# vim route-eno16777736
ADDRESS0=172.29.2.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.123.2