22 linux系统网络基础知识及其配置

1.用户访问网站的基本流程原理:

  

  
2.DNS(domain name system)
www.etiantian.org ==> 网站服务器IP地址 ==>IP地址对应服务器

  

3.DNS域名系统 解析域名的流程原理:
www.etiantian.org.
. ==>根13台
org
etiantian
www

  

4.修改主机名:
//临时修改:
[root@moban ~]# hostname
moban
[root@moban ~]# hostname crmn //
[root@moban ~]# hostname
crmn
//永久修改:
[root@moban ~]# hostname crmn
[root@crmn ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=crmn //reboot生效
[root@crmn ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 localhost crmn
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@crmn ~]#
//也可以setup修改

5.修改网卡、IP地址,也可以setup配置
[root@crmn ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none //配置静态IP地址;动态为dhcp
HWADDR=00:0c:29:c5:c6:ee
NM_CONTROLLED=yes
ONBOOT=yes //开机网卡自启动
TYPE=Ethernet
DNS2=8.8.8.8
USERCTL=no
IPV6INIT=no
IPADDR=192.168.0.104
NETMASK=255.255.255.0
GATEWAY=192.168.0.1 //路由器的IP地址;网关的配置,也可以命令行通过route添加删除
修改网卡:编辑配置文件,然后:
[root@crmn ~]# /etc/init.d/network restart //重启网卡
//或者ifup eth0 启动网卡,ifdown eth0 停掉网卡
//查看网卡:ifconfig eth0:X (X可以是0~254)

linux配置两个IP地址:
[root@crmn ~]# ifconfig eth0:0 192.168.0.114 netmask 255.255.255.0 up//配置别名IP临时生效,重启就失效了!
//配置别名IP,VIP还可以:ifconfig eth0:0 192.168.0.114/24 up
[root@crmn ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:C5:C6:EE
inet addr:192.168.0.104 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fec5:c6ee/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19759 errors:0 dropped:0 overruns:0 frame:0
TX packets:6672 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1789773 (1.7 MiB) TX bytes:905865 (884.6 KiB)

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:C5:C6:EE
inet addr:192.168.0.114 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
//该新网卡可以被ping通
[root@crmn ~]# ifconfig eth0:0 down//去掉新配置的网卡
[root@crmn ~]# vim /etc/sysctl.conf

6.linux局域网电脑上网基本流程以及NAT转换的过程:
7.配置DNS,直接生效,属于local dns。注意不要去 /etc/sysconfig/network-scripts/ifcfg-eth0配置DNS
[root@crmn ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 192.168.136.2
nameserver 8.8.8.8
[root@crmn ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0c:29:c5:c6:ee
NM_CONTROLLED=yes
ONBOOT=yes
TYPE=Ethernet
DNS1=192.168.136.2
DNS2=8.8.8.8
USERCTL=no
IPV6INIT=no
IPADDR=192.168.0.104
NETMASK=255.255.255.0
GATEWAY=192.168.0.1

8.配置默认网关:(网关即上网的出口)也可以setup配置

  
[root@crmn ~]# route -n //查看网关命令
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0 //默认网关,缺省
[root@crmn ~]# netstat -rn //同理,netstat可以查看网络状态
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
[root@crmn ~]# route del default gw 192.168.0.1 //删除网关
[root@crmn ~]# ping 8.8.8.8
connect: Network is unreachable
[root@crmn ~]# route add default gw 192.168.0.1 //添加默认网关,属于临时生效。
[root@crmn ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=247 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=234 ms

[root@crmn ~]# grep -i gate /etc/sysconfig/network-scripts/ifcfg-eth0 //永久生效,网卡网关优先级比/etc/sysconfig/network高,即第一生效文件!
#GATEWAY=192.168.0.1
[root@crmn ~]# cat /etc/sysconfig/network//除非/etc/sysconfig/network-scripts/ifcfg-eth0中网关被注释才生效,即第二生效文件!
NETWORKING=yes
HOSTNAME=crmn
GATEWAY=192.168.0.253
[root@crmn ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.0.253 0.0.0.0 UG 0 0 0 eth0
//route功能很多,不仅仅是配置默认网关,网络路由。

9.查看网络通与不通:
例如排查网站打不开排查步骤:
<1>[root@crmn ~]# ping www.baidu.com //icmp协议
PING www.a.shifen.com (183.232.231.172) 56(84) bytes of data.
64 bytes from www.sn.10086.cn (183.232.231.172): icmp_seq=1 ttl=53 time=39.2 ms
64 bytes from www.sn.10086.cn (183.232.231.172): icmp_seq=2 ttl=53 time=45.5 ms
......
<2>[root@crmn ~]# traceroute www.baidu.com //跟踪路由;
<3>[root@crmn ~]# telnet 192.168.0.104 80 //查看服务器WEB是否开启,服务开没开,以及防火墙有没有挡住。
<4>win下跟踪路由检查:tracert -d www.baidu.com
[root@crmn ~]# nmap 192.168.0.104 -p 80

10.DNS域名解析查询:
[root@crmn ~]# dig www.baidu.com //查看DNS解析

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48986
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.baidu.com. IN A

;; ANSWER SECTION:
www.baidu.com. 213 IN CNAME www.a.shifen.com.
www.a.shifen.com. 170 IN A 183.232.231.172
www.a.shifen.com. 170 IN A 183.232.231.173
//一般大网站一个域名拥有多个IP地址,以免一个坏了去找另一个。
;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Nov 25 05:34:56 2017
;; MSG SIZE rcvd: 90
[root@crmn ~]# nslookup //查看DNS解析
> www.etiantian.org
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: www.etiantian.org
Address: 42.62.5.158
> www.baidu.com
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 183.232.231.172
Name: www.a.shifen.com
Address: 183.232.231.173
>
[root@crmn ~]# host www.etiantian.org //查看DNS解析
www.etiantian.org has address 42.62.5.158
[root@crmn ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 183.232.231.172
www.a.shifen.com has address 183.232.231.173

11.linux抓包工具:tcpdump
//linux服务器端(IP为192.168.0.103) <== win端(IP为192.168.0.103):ping 192.168.0.104
[root@crmn ~]# tcpdump -n icmp -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
06:44:24.996530 IP 192.168.0.104 > 111.13.142.2: ICMP host 192.168.0.104 unreachable - admin prohibited, length 60
06:44:25.976145 IP 192.168.0.104 > 111.13.142.2: ICMP host 192.168.0.104 unreachable - admin prohibited, length 60

06:44:42.506834 IP 192.168.0.103 > 192.168.0.104: ICMP echo request, id 1, seq 94, length 40
06:44:42.506949 IP 192.168.0.104 > 192.168.0.103: ICMP echo reply, id 1, seq 94, length 40
06:44:43.513394 IP 192.168.0.103 > 192.168.0.104: ICMP echo request, id 1, seq 95, length 40
06:44:43.513472 IP 192.168.0.104 > 192.168.0.103: ICMP echo reply, id 1, seq 95, length 40
06:44:44.527351 IP 192.168.0.103 > 192.168.0.104: ICMP echo request, id 1, seq 96, length 40
06:44:44.527428 IP 192.168.0.104 > 192.168.0.103: ICMP echo reply, id 1, seq 96, length 40

  

 

  

  

  


12.排错:
如果win32和linux服务器无法连接,分别描述排查方法?
基本检查思路:
a.物理链路是否通畅
b.本机IP,路由,DNS的设置情况是否达标
c.测试到网关或者路由器的通畅情况,先测试网关再测试路由器一级一级的测试
d.测试ping公网IP的通畅情况(平时记住几个外部IP)
e.测试DNS的通畅,可以ping etiantian.org看是否对应IP
根据每级的结果来排查,如果是系统管理员,以上问题都检查后还可以在网关路由一级一级检查
13.网站服务器访问慢,打不开排错。

参考:http://blog.51cto.com/oldboy/784625

posted @ 2017-11-26 20:06  bkycrmn  阅读(241)  评论(0)    收藏  举报