ifcfg 、ip、ss命令详解之配置文件
一、ifcfg命令详解
(1)ifconfig命令:接口及地址查看和管理,例如:
[root@server /]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe63:920b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:375 errors:0 dropped:0 overruns:0 frame:0
TX packets:102 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31897 (31.1 KiB) TX bytes:12537 (12.2 KiB)
(2)ifconfig -a:显示所有接口,包括inactive状态的接口;
[root@server /]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe63:920b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:418 errors:0 dropped:0 overruns:0 frame:0
TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:35468 (34.6 KiB) TX bytes:16631 (16.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:240 (240.0 b) TX bytes:240 (240.0 b)
virbr0 Link encap:Ethernet HWaddr 52:54:00:1D:A4:DD
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0-nic Link encap:Ethernet HWaddr 52:54:00:1D:A4:DD
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ifconfig interface [aftype] options | address ...
(3)ifconfig +网卡名称+ IP/MASK [up|down] 可以用命令设计IP地址 子网掩码 然后启用,例如:
[root@server ~]# ifconfig eth0 192.168.1.119/24 255.255.255.0 up
[root@server ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe63:920b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1470 errors:0 dropped:0 overruns:0 frame:0
TX packets:304 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:106985 (104.4 KiB) TX bytes:36552 (35.6 KiB)
(4)ifconfig +网卡名称 IP netmask NETMASK 设置IP地址,子网掩码,例如:
[root@server ~]# ifconfig eth0 192.168.1.119 netmask 255.255.255.0 up (启用服务可以用service network restart命令)
[root@server ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe63:920b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1470 errors:0 dropped:0 overruns:0 frame:0
TX packets:304 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:106985 (104.4 KiB) TX bytes:36552 (35.6 KiB)
(5)ifconfig eth0 premisc (开启混杂模式)
ifcofnig eth0 -premisc(关闭混杂模式)
(6)ifup +网卡 如下:
[root@server ~]# ifup eth0
/etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
活跃连接状态:激活中
活跃连接路径:/org/freedesktop/NetworkManager/ActiveConnection/2
状态:激活的
连接被激活
(7)ifdown+网卡 如下:
[root@server ~]# ifdown eth0
/etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
设备状态:3 (断开连接)
(8)通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;
IP/NETMASK/GW/DNS等属性的配置文件:vim /etc/sysconfig/network-scripts/ifcfg-IFACE
IFACE:接口名称;
ifcfg-IFACE配置文件参数:
DEVICE:此配置文件对应的设备的名称;
ONBOOT:在系统引导过程中,是否激活此接口;
UUID:此设备的惟一标识;
IPV6INIT:是否初始化IPv6;
BOOTPROTO:激活此接口时使用什么协议来配置接口属性,常用的有dhcp、bootp、static、none;
TYPE:接口类型,常见的有Ethernet, Bridge;
DNS1:第一DNS服务器指向;
DNS2:备用DNS服务器指向;
DOMAIN:DNS搜索域;
IPADDR: IP地址;
NETMASK:子网掩码;CentOS 7支持使用PREFIX以长度方式指明子网掩码;
GATEWAY:默认网关;
USERCTL:是否允许普通用户控制此设备;
PEERDNS:如果BOOTPROTO的值为“dhcp”,是否允许dhcp server分配的dns服务器指向覆盖本地手动指定的DNS服务器指向;默认为允许;
HWADDR:设备的MAC地址;
NM_CONTROLLED:是否使用NetworkManager服务来控制接口;
route命令:路由查看及管理
也可以使用专用的命令的进行修改(CentOS 6:system-config-network (setup),CentOS 7: nmtui)
管理网络服务:
CentOS 6: service SERVICE {start|stop|restart|status}
CentOS 7:systemctl {start|stop|restart|status} SERVICE[.service]
(9)配置文件修改之后,如果要生效,需要重启网络服务;如下:
CentOS 6:# service network restart
[root@server network-scripts]# service network restart
./ifcfg-eth0: line 5: O: command not found
正在关闭接口 eth0: /etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
设备状态:3 (断开连接)
[确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: /etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
活跃连接状态:激活中
活跃连接路径:/org/freedesktop/NetworkManager/ActiveConnection/6
状态:激活的
连接被激活
[确定]
CentOS 7:# systemctl restart network.service从新启动网卡的命令
正在关闭接口 eth0: /etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
设备状态:3 (断开连接)
[ 确定]
关闭环回接口: [确定]
弹出环回接口: [确定]
弹出界面 eth0: /etc/sysconfig/network-scripts/ifcfg-eth0: line 5: O: command not found
活跃连接状态:激活中
活跃连接路径:/org/freedesktop/NetworkManager/ActiveConnection/6
状态:激活的
连接被激活
二、ip命令详解:
ip命令:
ip link: network device configuration
ip link show eth0 单独显示一个网卡设备的信息
[root@server /]# ip link show eth0
2: eth0:
link/ether 00:0c:29:63:92:0b brd ff:ff:ff:ff:ff:ff
ip link set - change device attributes
ip link show 显示所有的网络接口设备情况,例如:
[root@server /]# ip link show eth0
2: eth0:
link/ether 00:0c:29:63:92:0b brd ff:ff:ff:ff:ff:ff
[root@server /]# ip link show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:
link/ether 00:0c:29:63:92:0b brd ff:ff:ff:ff:ff:ff
3: virbr0:
link/ether 52:54:00:1d:a4:dd brd ff:ff:ff:ff:ff:ff
4: virbr0-nic:
link/ether 52:54:00:1d:a4:dd brd ff:ff:ff:ff:ff:ff
dev NAME (default):指明要管理的设备,dev关键字可省略;
ip link set eth0 down 将其网卡端口关掉:如下:
ip link set eth0 up 将其网卡端口启用:如下:
ip link set eth0 multicast on启用网卡设备的多播功能;
[root@server /]# ip link set eth0 multicast on
[root@server /]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1000 Metric:1
RX packets:928 errors:0 dropped:0 overruns:0 frame:0
TX packets:799 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:127339 (124.3 KiB) TX bytes:86571 (84.5 KiB)
[root@server /]# ip link set eth0 multicast off 禁用网卡设备的多播功能:
[root@server /]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:63:92:0B
inet addr:192.168.1.119 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MTU:1000 Metric:1
RX packets:1043 errors:0 dropped:0 overruns:0 frame:0
TX packets:880 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:142449 (139.1 KiB) TX bytes:95331 (93.0 KiB)
name NAME:重命名接口 ip link set eth22 name eth0 将其网卡名称重命名为eth0
ip link set mtu NUMBER:设置MTU的大小,默认为1500;例如:
[root@server /]# ip link set eth0 mtu 1000
[root@server /]# ip link show eth0
2: eth0:
link/ether 00:0c:29:63:92:0b brd ff:ff:ff:ff:ff:ff
netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
ip link show - display device attributes 查看所有的网络接口设备的状态信息如下:
[root@server ~]# ip link show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:
link/ether 00:0c:29:63:92:0b brd ff:ff:ff:ff:ff:ff
3: virbr0:
link/ether 52:54:00:1d:a4:dd brd ff:ff:ff:ff:ff:ff
4: virbr0-nic:
link/ether 52:54:00:1d:a4:dd brd ff:ff:ff:ff:ff:ff
ip link help - 显示简要使用帮助,例如:
[root@server ~]# ip link help
Usage: ip link add link DEV [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
type TYPE [ ARGS ]
ip link delete DEV type TYPE [ ARGS ]
ip link set DEVICE [ { up | down } ]
[ arp { on | off } ]
[ dynamic { on | off } ]
[ multicast { on | off } ]
[ allmulticast { on | off } ]
[ promisc { on | off } ]
[ trailers { on | off } ]
[ txqueuelen PACKETS ]
[ name NEWNAME ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
[ netns PID ]
[ alias NAME ]
[ vf NUM [ mac LLADDR ]
[ vlan VLANID [ qos VLAN-QOS ] ]
[ rate TXRATE ] ]
[ spoofchk { on | off} ] ]
ip link show [ DEVICE ]
TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | can }
ip nets help:
[root@li ~]# ip netns help
Usage: ip netns list
ip netns add NAME
ip netns set NAME NETNSID
ip [-all] netns delete [NAME]
ip netns identify [PID]
ip netns pids NAME
ip [-all] netns exec [NAME] cmd ...
ip netns monitor
ip netns list-id
ip netns: - manage network namespaces.
ip netns list:列出所有的netns,例如:
ip netns add NAME:创建指定的netns
[root@li ~]# ip netns add magedu 添加一个网络名称空间
ip netns del NAME:删除指定的netns ,然后进行查,如下:原先的网卡又可以查到了。
ip address - protocol address managemen
[root@li ~]# ip link show 查看所有接口的状态
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736:
link/ether 00:0c:29:53:5e:01 brd ff:ff:ff:ff:ff:ff
3: virbr0:
link/ether 52:54:00:f2:b1:be brd ff:ff:ff:ff:ff:ff
4: virbr0-nic:
link/ether 52:54:00:f2:b1:be brd ff:ff:ff:ff:ff:ff
[root@li ~]# ip link set eno16777736 netns magedu 将网口添加到网络名称空间中,查看本地网卡已经没有了。
t.
如果要看原有的网口设备号,要进行如下操作。
ip address add - add new protocol address
ip addr add IFADDR dev IFACE 如下所示:给网卡eth0 添加了两个IP地址。
如果用ifconfig eth0 查看ip 地址的话,只能显示第一次添加的地址如下所示:
[label NAME]:为额外添加的地址指明接口别名;这样就可以列出第二次添加的地址信息了,如下:
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
global:全局可用;
link:接口可用;
host:仅本机可用;
ip address delete - delete protocol address
ip addr delete IFADDR dev IFACE ,删除I地址10.1.1.10/8 如下看显示结果:
ip address show - look at protocol addresses
ip addr list [IFACE]:显示接口的地址;如下:
ip addr flush dev IFACE(清空网络接口上的所有地址)
ip route add - add new route
ip route change - change route
ip route replace - change or add new one
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
示例:
# ip route add 192.168.0.0/24 via 10.0.0.1 dev eth1 src 10.0.20.100
# ip route add default via GW 添加默认网关,语法如下:
ip route add default via 192.168.1.1 dev eth0
ip route delete - delete route (删除路由信息)
ip route del TYPE PRIFIX :例如:
# ip route delete 192.168.1.0/24
ip route show - list routes 查看路由表信息
TYPE PRIFIX
ip route flush - flush routing tables 清楚路由信息表
TYPE PRIFIX
ip route get - get a single route
ip route get TYPE PRIFIX
示例:ip route get 192.168.0.0/24
三、ss命令详解
ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION:
dport =
sport =
示例:'( dport = :22 or sport = :22)'
~]# ss -tan '( dport = :22 or sport = :22 )'
~]# ss -tan state ESTABLISHED
路由条目类型:
主机路由:目标地址为单个IP;
网络路由:目标地址为IP网络;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0
就写到这里吧,明天继续,每天都有新的收获,努力。