linux网络管理及常用网络工具详解
linux网络管理及常用网络工具详解
目录
1. linux网络管理
1.1 centos网卡命名规则
centos6的网卡命名规则为eth0,eth1...
centos7的网卡是基于硬件,设备拓扑等信息命名,命名规则为ens33,ens34...
-
centos7的网卡命名规则不易理解和操作,可以使用以下方法将其更改为centos6上的命名规则:
-
修改内核的启动参数,禁用预命名规则,在内核启动参数那里将net.ifnames=0和biosdevname=0参数关闭,其中biosdevname=0主要用在实体机上。
[root@xuzhichao ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto spectre_v2=retpoline rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet net.ifnames=0 biosdevname=0" <==此行为内核启动项 GRUB_DISABLE_RECOVERY="true"可以使用sed命令在脚本中修改启动参数:
#修改启动项 [root@xuzhichao ~]# sed -i.bak -r '/CMDLINE/s/(.*)"$/\1 net.ifnames=0 biosdevname=0"/' /etc/default/grub #为grub2生成配置文件 [root@xuzhichao ~]# grub2-mkconfig -o /etc/grub2.cfg &> /dev/null0注意:以上操作需要设备重启后生效
-
修改网卡的配置参数
#修改网卡配置文件名称和配置文件内容 [root@xuzhichao ~]# cd /etc/sysconfig/network-scripts/ [root@xuzhichao network-scripts]# mv ifcfg-ens32 ifcfg-eth0 [root@xuzhichao network-scripts]# vim ifcfg-eth0 NAME=eth0 DEVICE=eth0
-
-
使用ethtool命令可以查看网卡的一些信息:
[root@xuzhichao ~]# ethtool -i eth0 driver: e1000 <==网卡的驱动程序 version: 7.3.21-k8-NAPI firmware-version: expansion-rom-version: bus-info: 0000:02:04.0 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: no -
卸载和装载网卡驱动的方法
#卸载网卡驱动 [root@xuzhichao ~]# modprobe -r e1000 #装载网卡驱动 [root@xuzhichao ~]# modprobe e1000
1.2 域名解析配置文件
-
/etc/hosts文件用于存放主机名和ip地址的映射关系
[root@xuzhichao ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.20.17 xuzhichao -
/etc/resolve.conf文件设置本机的DNS地址,进行域名解析
[root@xuzhichao ~]# cat /etc/resolv.conf # Generated by NetworkManager search lan localdomain nameserver 192.168.2.1 <==此项即为设置的DNS地址 nameserver 192.168.20.1 -
/etc/nsswitch.conf文件用户配置上述两个文件查找的顺序,在hosts那一行中,file代表/etc/hosts文件,dns则代表去dns服务器上查找。
默认情况下设备时先去/etc/hosts文件中查找ip和域名的对应,若没有查到则去/etc/resolv.conf中定义的DNS地址上查找。
[root@xuzhichao ~]# grep "host" /etc/nsswitch.conf #hosts: db files nisplus nis dns hosts: files dns myhostname
1.3 ifconfig命令管理网络接口
ifconfig命令用于显示和配置各个网卡的ip地址,该命令由net-tools软件包提供,常见用法如下。
-
ifconfig不加参数单独使用表示当前所有已经激活的接口
[root@xuzhichao ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 <==显示网卡状态和MTU值 inet 192.168.2.123 netmask 255.255.255.0 broadcast 192.168.2.255 <==ip地址和掩码 inet6 fe80::4809:4d0d:96a:b68e prefixlen 64 scopeid 0x20<link> <==ipv6地址和前缀 ether 00:0c:29:2f:d0:d0 txqueuelen 1000 (Ethernet) <==网卡的mac地址 RX packets 10200 bytes 851531 (831.5 KiB) <==网卡收到包的数量和字节 RX errors 0 dropped 0 overruns 0 frame 0 <==网卡收包的错误统计 TX packets 377 bytes 29724 (29.0 KiB) <==网卡发送包的数量和字节 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 <==网卡发送包的错误统计 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.17 netmask 255.255.255.0 broadcast 192.168.20.255 inet6 fe80::f0da:450f:5a80:de8b prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:da txqueuelen 1000 (Ethernet) RX packets 2091 bytes 187809 (183.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1078 bytes 144097 (140.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.30 netmask 255.255.255.0 broadcast 192.168.20.255 inet6 fe80::9932:c796:7c47:7513 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) RX packets 737 bytes 75209 (73.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 53 bytes 9122 (8.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 64 bytes 5184 (5.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 64 bytes 5184 (5.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -
ifconfig可以跟上接口名只显示指定接口信息
[root@xuzhichao ~]# ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.123 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::4809:4d0d:96a:b68e prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:d0 txqueuelen 1000 (Ethernet) RX packets 10220 bytes 853115 (833.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 377 bytes 29724 (29.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -
ifconfig -a参数表示显示设备的所有网卡信息,包括状态为down的网卡
-
ifconfig -s参数显示接口的简要信息和收发报文的统计
[root@xuzhichao ~]# ifconfig -s Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg eth0 1500 10275 0 0 0 381 0 0 0 BMRU eth1 1500 2226 0 0 0 1154 0 0 0 BMRU eth2 1500 764 0 0 0 55 0 0 0 BMRU lo 65536 64 0 0 0 64 0 0 0 LRU -
ipconfig命令可以激活或禁用接口,使用up和down参数。
也可以使用ifup和ifdown启用和禁用网卡,该命令依赖于网卡的配置文件。
#把eth2接口down掉 [root@xuzhichao ~]# ifconfig eth2 down [root@xuzhichao ~]# ifconfig eth2 eth2: flags=4098<BROADCAST,MULTICAST> mtu 1500 inet 192.168.20.30 netmask 255.255.255.0 broadcast 192.168.20.255 ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) RX packets 776 bytes 79166 (77.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 55 bytes 9524 (9.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 #把eth2接口重新激活 [root@xuzhichao ~]# ifconfig eth2 up -
ifconfig命令可以直接配置接口的ip地址
注意:使用ifconfig命令设置ip地址会直接覆盖掉接口原来的ip地址
ip地址有两种表示形式:
- IP/NETMASK
- IP netmask NETMASK
[root@xuzhichao ~]# ifconfig eth2 10.0.0.1/24 up [root@xuzhichao ~]# ifconfig eth2 eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::9932:c796:7c47:7513 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) RX packets 777 bytes 79508 (77.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 66 bytes 10678 (10.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@xuzhichao ~]# ifconfig eth2 10.1.1.1 netmask 255.255.255.0 up [root@xuzhichao ~]# ifconfig eth2 eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.1.1.1 netmask 255.255.255.0 broadcast 10.1.1.255 inet6 fe80::9932:c796:7c47:7513 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) RX packets 777 bytes 79508 (77.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 66 bytes 10678 (10.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -
ifconfig命令可以为网卡配置别名并配置第二地址
[root@xuzhichao ~]# ifconfig eth2:0 21.1.1.1/24 up [root@xuzhichao ~]# ifconfig eth2:0 eth2:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 21.1.1.1 netmask 255.255.255.0 broadcast 21.1.1.255 ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) #取消设置别名和第二地址 [root@xuzhichao ~]# ifconfig eth2:0 down
最后需要注意:使用ifconfig命令对网卡进行设置都是临时的,一旦网络服务重启或设备重启,网卡配置都会丢失,若需要永久生效,需要把网络配置写到相应的配置文件当中。
1.4 网卡配置文件
网卡的配置文件都放置在目录/etc/sysconfig/network-scripts/中,以ifcfg-网卡名称来命名的文件,通过配置文件可以让网卡上的ip,网关,dns等信息永久生效。
网卡配置文件的主要内容如下:
-
DEVICE=eth0 #此配置文件应用到的网卡设备,网卡设备名必须是/sys/class/net下的某个网卡名;
-
HWADDR=00:0C:29:CC:60:B2 #以太网卡硬件地址,即MAC地址(如果是VMware克隆的虚拟机无法启动网卡,可以删除此项);
-
TYPE=Ethernet #网卡类型,目前基本上都是以太网;
-
UUID=176582f6-d198-4e4f-aab0-34ab10d1724 #网卡的通用唯一识别码(Universally Unique Identifier,如果是VMware克隆的虚拟机无法启动网卡,可以删除此项);
-
ONBOOT=YES #这里要设置为yes,yes表示下次开机时自动激活网卡设备,no表示下次开机时不激活网卡设备;
-
NM_CONTROLLED=yes #是否通过NetWorkManager服务管理网卡设备,在centos6上建议设置为no;
-
BOOTPROTO=none #激活此网卡时使用的地址配置方式,有:none|static|dhcp三种方式,none和static表示手动配置ip地址,dhcp表示通过dhcp自动获取ip地址,当配置为dhcp时,以下的IPADDR项无效;
-
IPADDR=10.0.0.8 #配置网卡的ip地址;
-
NETMASK=255.255.255.0 #配置子网掩码;
-
PERFIX=24 #也可以使用前缀方式设置子网掩码;
-
GATEWAY=10.0.0.254 #配置网关地址;
-
DNS1=202.206.0.20 #主DNS,这里默认会覆盖,以及优先于/etc/resolv.conf的配置生效;
-
DNS2=8.8.8.8 #备DNS,这里默认会覆盖,以及优先于/etc/resolv.conf的配置生效;
-
IPV6INIT=no #是否支持IPV6;
-
USERCTL=no #是否允许普通用户启用或禁用网卡。
-
PEERDNS=yes #默认为yes,设置为yes时,表示此文件设置的DNS会覆盖/etc/resolv.conf文件中的DNS,若使用dhcp方式获取地址,自动获取的dns默认优先于/etc/resolv.conf文件中的DNS。
-
PEERROUTES=yes #设置为yes时,表示dhcp获取的路由会覆盖route-ethx中的永久路由。
-
DEFROUTE=yes #设置为yes时,表示dhcp获取的默认路由会覆盖route-ethx中的默认路由。
#示例:对网卡eth1静态配置ip地址 [root@xuzhichao network-scripts]# cat ifcfg-eth1 TYPE=Ethernet BOOTPROTO=none IPADDR=192.168.20.17 PREFIX=24 GATEWANY=192.168.20.1 DNS1=192.168.20.1 DEFROUTE=yes NAME=eth1-static UUID=b0b223a0-fa90-4cdb-b762-16d88aeed548 DEVICE=eth1 ONBOOT=yes
注意:在网卡配置文件中配置的网关地址会生成metric为0的默认路由。
1.4.1 为网卡配置多个地址
为eth2网卡配置两个地址,其中一个使用dhcp方式获取地址,一个配置静态地址,永久生效。
注意:需要把eth2主接口设置为dhcp自动获取地址,为其子接口配置静态地址,实现dhcp和静态同时使用,子接口不支持dhcp模式。
-
临时配置,使用ifcofig或ip命令配置
- ifconfig eth2:0 192.168.20.100/24 up
- ip add add 10.1.1.1/24 dev eth2 label eth2:1
[root@xuzhichao network-scripts]# ip add add 10.1.1.1/24 dev eth2 label eth2:1 [root@xuzhichao network-scripts]# ifconfig eth2:0 192.168.20.100/24 up [root@xuzhichao network-scripts]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.30/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1753sec preferred_lft 1753sec inet 10.1.1.1/24 scope global eth2:1 valid_lft forever preferred_lft forever inet 192.168.20.100/24 brd 192.168.20.255 scope global secondary eth2:0 valid_lft forever preferred_lft forever inet6 fe80::9932:c796:7c47:7513/64 scope link noprefixroute valid_lft forever preferred_lft forever -
永久配置,使用配置文件
[root@xuzhichao network-scripts]# cat ifcfg-eth2 DEVICE=eth2 TYPE=Ethernet BOOTPROTO=dhcp ONBOOT=yes #子接口的配置文件 [root@xuzhichao network-scripts]# cat ifcfg-eth2:0 DEVICE=eth2:0 TYPE=Ethernet BOOTPROTO=static ONBOOT=yes IPADDR=192.168.20.100 NETMASK=255.255.255.0 GATEWAY=192.168.20.1 DNS1=192.168.20.1 [root@xuzhichao network-scripts]# systemctl restart network [root@xuzhichao network-scripts]# ifconfig eth2 eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.30 netmask 255.255.255.0 broadcast 192.168.20.255 inet6 fe80::9932:c796:7c47:7513 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) RX packets 726 bytes 66044 (64.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 289 bytes 49106 (47.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@xuzhichao network-scripts]# ifconfig eth2:0 eth2:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.100 netmask 255.255.255.0 broadcast 192.168.20.255 ether 00:0c:29:2f:d0:e4 txqueuelen 1000 (Ethernet) [root@xuzhichao network-scripts]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.30/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1280sec preferred_lft 1280sec inet 192.168.20.100/24 brd 192.168.20.255 scope global secondary eth2:0 valid_lft forever preferred_lft forever inet6 fe80::9932:c796:7c47:7513/64 scope link noprefixroute valid_lft forever preferred_lft forever
1.5 路由管理
linux中常用的路由一般使用静态路由,可分为主机路由,网段路由和默认路由。
路由的匹配顺序是:
- 最长掩码匹配;
- 比较路由的metric值,越小越优先;
配置路由的方式可以使用route和ip等命令进行配置,这种配置方法为临时生效,要想永久生效,需要写入路由的配置文件中。
1.5.1 route命令
使用route命令可以临时添加或删除路由,也可以查看当前路由。
-
route -n用于查看当前路由
[root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 0.0.0.0 UG 105 0 0 eth0 <==默认路由 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 <==直接路由 10.1.1.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.2.0 0.0.0.0 255.255.255.0 U 105 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 104 0 0 eth1 192.168.20.0 0.0.0.0 255.255.255.0 U 105 0 0 eth0 -
route可以添加路,语法格式为:
route add [-net | -host] target [netmask] gw GATEWAY 说明: -net:表示添加网段路由; -host:表示添加主机路由; target:为目标网络地址或主机地址; netmask:网络地址对应的掩码; GATEWAY:下一跳地址#示例:添加主机路由和网段路由 [root@xuzhichao ~]# route add -host 106.1.1.1 gw 192.168.20.30 [root@xuzhichao ~]# route add -net 107.0.0.0 netmask 255.255.255.0 gw 192.168.20.17 [root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 10.0.0.0 UG 105 0 0 eth0 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 10.1.1.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 106.1.1.1 192.168.20.30 255.255.255.255 UGH 0 0 0 eth2 <==主机路由 107.0.0.0 192.168.20.17 255.255.255.0 UG 0 0 0 eth1 <==网段路由 192.168.2.0 0.0.0.0 255.255.255.0 U 105 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 104 0 0 eth1 192.168.20.0 0.0.0.0 255.255.255.0 U 105 0 0 eth0 -
route添加默认路由的方法为
route add default gw GATEWAY route add -net 0.0.0.0 netmask 0.0.0.0 gw GATEWAY[root@xuzhichao ~]# route add default gw 192.168.20.17 [root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.20.17 0.0.0.0 UG 0 0 0 eth1 <==手动添加的默认路由 0.0.0.0 192.168.2.1 0.0.0.0 UG 105 0 0 eth0 10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 10.1.1.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 106.1.1.1 192.168.20.30 255.255.255.255 UGH 0 0 0 eth2 107.0.0.0 192.168.20.17 255.255.255.0 UG 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 105 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 104 0 0 eth1注意:手动添加的默认路由的metric值为0,优先于dhcp获取的到的默认路由。
-
route删除路由的语法如下:
route del [-net | -host] target [netmask] gw GATEWAY#示例一:删除网段路由 [root@xuzhichao ~]# route del -net 107.0.0.0 netmask 255.255.255.0 gw 192.168.20.17 #示例二:删除默认路由 [root@xuzhichao ~]# route del -net default gw 192.168.20.17
1.5.2 配置永久路由
-
方法一:创建路由配置文件/etc/sysconfig/network-scripts/route-ethX,该路由的出接口是什么,路由文件就以该接口命名。例如出接口是eth0,路由配置文件就命名为route-eth0。
路由配置文件的格式为,一行写一个路由条目,每一个路由条目格式如下:
DEST/PREFIX via nexthop 说明: DEST:目标网络号; PREFIX:网络号对应的掩码; via:固定关键字; nexthop:下一跳地址;例如eth2的地址为192.168.20.31,以下几条路由的出接口都是eth2,可以编写配置文件/etc/sysconfig/network-scripts/route-eth2:
[root@xuzhichao ~]# vim /etc/sysconfig/network-scripts/route-eth2 #默认路由的两种编写方法 default via 192.168.20.1 0.0.0.0/0 via 192.168.20.1 #网段路由 20.0.0.0/24 via 192.168.20.1 #主机路由 31.1.1.1/32 via 192.168.20.1写完以后重新启动network服务,路由才能生效。
重启网路服务的命令为 systemctl restart network(centos7)或service network restart(centos6)
[root@xuzhichao ~]# systemctl restart network [root@xuzhichao ~]# service network restart Restarting network (via systemctl): [ OK ] [root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth0 20.0.0.0 192.168.20.1 255.255.255.0 UG 102 0 0 eth2 31.1.1.1 192.168.20.1 255.255.255.255 UGH 102 0 0 eth2 192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2注意以上路由中默认路由没有生效。
在使用上述方法配置永久路由时,需要注意以下事项:
-
route-ethX的对应的网卡配置文件ifcfg-ethX必须存在(网卡配置文件名称必须是ifcfg-ethX)且其中的DEVICE必须设置为ethX,否则路由不生效;
-
如果要配置默认路由,必须保证所有使用了DHCP服务的网卡配置文件中的DEFROUTE需要设置为no,即DHCP不设置默认路由,否则dhcp设置的默认路由会覆盖此处配置的默认路由;
-
如果要配置非默认路由,则必须保证所有使用了DHCP服务的网卡配置文件中的PEERROUTES设置为no,即dhcp设置的路由允许被覆盖,否则dhcp中设置的相同网段的路由会覆盖此处配置的路由;
PS:在实际测试时,方法一默认路由无法生效。
-
-
方法二:
可以参考/etc/init.d/network脚本中关于路由的添加方法:
[root@xuzhichao ~]#cat /etc/init.d/network #Add non interface-specific static-routes. if [ -f /etc/sysconfig/static-routes ]; then if [ -x /sbin/route ]; then grep "^any" /etc/sysconfig/static-routes | while read ignore args ; do /sbin/route add -$args done else net_log $"Legacy static-route support not available: /sbin/route not found" fi fi添加以下路由:
#配置静态路由和默认路由 [root@xuzhichao ~]# vim /etc/sysconfig/static-routes any net 99.0.0.0 netmask 255.255.255.0 gw 192.168.2.1 any net 0.0.0.0 netmask 0.0.0.0 gw 192.168.20.1 #重启网络服务(二选一即可) [root@xuzhichao ~]# systemctl restart network [root@xuzhichao ~]# service network restart Restarting network (via systemctl): [ OK ] #查看路由,此时默认路由可以和dhcp下发的默认路由并存,而且优先级高于dhcp下发的默认路由 [root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth0 20.0.0.0 192.168.20.1 255.255.255.0 UG 102 0 0 eth2 31.1.1.1 192.168.20.1 255.255.255.255 UGH 102 0 0 eth2 99.0.0.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1 192.168.20.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2第二种方法为使用network配置脚本添加,没有方法一种的限制条件。
1.6 ip命令详解
ip命令是一个功能及其强大的命令,几乎可以管理和查看网络相关的一切信息。
ip命令有很多的子命令,分别用来完成不同的功能。
[root@xuzhichao ~]# ip --help
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename
where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |
tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |
netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |
vrf }
OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |
-h[uman-readable] | -iec |
-f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |
-4 | -6 | -I | -D | -B | -0 |
-l[oops] { maximum-addr-flush-attempts } | -br[ief] |
-o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |
-rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}
每一个OBJECT都是一个子命令,子命令获取帮助的方法如下:
[root@xuzhichao ~]# ip link help
ip的子命令支持缩写,例如ip addr 可以简写成ip a ,会依据上述ip --help语法中OBJECT从前往后匹配的第一项。
同时ip命令的自命令支持tab键自动补全的功能,如果自动补全功能使用,可以尝试安装以下数据包:
yum install bash-completion.noarch -y
ip命令的常用的几个子命令以下依次说明。
1.6.1 ip addr命令用法
ip addr命令用于管理网卡的ip地址。
-
查看网卡ip地址的语法为ip addr show,其中show可以省略,可以加上对应的接口只显示该接口的地址信息,加上接口后show不能省略。
[root@xuzhichao ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.2.123/24 brd 192.168.2.255 scope global noprefixroute dynamic eth0 valid_lft 85634sec preferred_lft 85634sec inet6 fe80::4809:4d0d:96a:b68e/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:da brd ff:ff:ff:ff:ff:ff inet 192.168.20.17/24 brd 192.168.20.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::f0da:450f:5a80:de8b/64 scope link noprefixroute valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1035sec preferred_lft 1035sec inet6 fe80::20c:29ff:fe2f:d0e4/64 scope link valid_lft forever preferred_lft forever [root@xuzhichao ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:d0 brd ff:ff:ff:ff:ff:ff inet 192.168.2.123/24 brd 192.168.2.255 scope global noprefixroute dynamic eth0 valid_lft 85625sec preferred_lft 85625sec inet6 fe80::4809:4d0d:96a:b68e/64 scope link noprefixroute valid_lft forever preferred_lft forever -
增加或删除ip地址的语法格式为:
ip addr add|del IP/PREFIX dev IFACE [label LABEL] 说明: add:增加ip地址; del:删除ip地址; IP/PREFIX:配置ip地址和掩码; IFACE:指定接口设备名称; LABEL:添加地址时指明网卡别名;使用ip addr可以直接添加接口的第二地址,使用示例如下:
#示例一:增加ip地址 [root@xuzhichao ~]# ip add add 12.1.1.1/24 dev eth2 [root@xuzhichao ~]# ip add add 13.1.1.1/24 dev eth2 [root@xuzhichao ~]# ip ad show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1474sec preferred_lft 1474sec inet 12.1.1.1/24 scope global eth2 valid_lft forever preferred_lft forever inet 13.1.1.1/24 scope global eth2 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe2f:d0e4/64 scope link valid_lft forever preferred_lft forever #示例二:删除接口的13.1.1.1的ip地址 [root@xuzhichao ~]# ip add del 13.1.1.1/24 dev eth2 #示例三:添加eth2的别名 [root@xuzhichao ~]# ip add add 13.1.1.1/24 dev eth2 label eth2:0 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1196sec preferred_lft 1196sec inet 12.1.1.1/24 scope global eth2 valid_lft forever preferred_lft forever inet 13.1.1.1/24 scope global eth2:0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe2f:d0e4/64 scope link valid_lft forever preferred_lft forever [root@xuzhichao ~]# ip add del 13.1.1.1/24 dev eth2 label eth2:0 -
ip addr flush可以清空接口上的所有ip地址,包括别名下的地址。
[root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute dynamic eth2 valid_lft 1193sec preferred_lft 1193sec inet 12.1.1.1/24 scope global eth2 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe2f:d0e4/64 scope link valid_lft forever preferred_lft forever [root@xuzhichao ~]# ip add flush eth2 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff
1.6.2 ip link命令用法
ip link命令可以查看和修改网卡的链路层信息,即MAC地址。
-
ip link show 可以用来查看接口的物理状态和MAC地址
[root@xuzhichao ~]# ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:d0 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:da brd ff:ff:ff:ff:ff:ff 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff [root@xuzhichao ~]# ip link show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff -
ip link可以启动或禁用接口,语法为:
ip link set DEVICE up|down
#禁用eth2接口 [root@xuzhichao ~]# ip link set eth2 down [root@xuzhichao ~]# ip link show eth2 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff #启用eth2接口 [root@xuzhichao ~]# ip link set eth2 up [root@xuzhichao ~]# ip link show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff -
ip link 命令可以修改网卡的mac地址,设置mtu。
#设置eth2接口的MAC地址 [root@xuzhichao ~]# ip link set eth2 address 00:01:7a:03:1c:9b [root@xuzhichao ~]# ip link show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:01:7a:03:1c:9b brd ff:ff:ff:ff:ff:ff #设置eth2接口的mtu值 [root@xuzhichao ~]# ip link set eth2 mtu 1480 [root@xuzhichao ~]# ip link show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1480 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 00:01:7a:03:1c:9b brd ff:ff:ff:ff:ff:ff
1.6.3 ip route 命令方法
ip route 命令用于查看和管理路由,支持查看,添加,删除,清空路由,备份恢复路由等。
ip route对路由的操作都是临时行为,网络服务重启失效。
-
查看路由信息:ip route list|show用于查看路由信息,list|show可以省略。
[root@xuzhichao ~]# ip route list default via 192.168.20.1 dev eth1 default via 192.168.2.1 dev eth0 proto dhcp metric 100 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 101 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.32 metric 102 [root@xuzhichao ~]# ip route list 99.0.0.0/24 99.0.0.0/24 via 192.168.2.1 dev eth0 -
添加或删除路由信息,语法为:
ip route add|del TARGET/PREFIX via nexthop 说明: add:增加路由; del:删除路由; TARGET:目标网段; PREFIX:网路掩码; nexthop:下一跳地址添加路由示例如下:
#添加网段路由 [root@xuzhichao ~]# ip route add 30.0.0.0/24 via 192.168.20.1 #添加主机路由 [root@xuzhichao ~]# ip route add 30.0.1.1/32 via 192.168.20.1 #添加默认路由 [root@xuzhichao ~]# ip route add default via 192.168.20.1 dev eth2 [root@xuzhichao ~]# ip route default via 192.168.20.1 dev eth2 default via 192.168.2.1 dev eth0 proto dhcp metric 100 30.0.0.0/24 via 192.168.20.1 dev eth1 30.0.1.1 via 192.168.20.1 dev eth1 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 101 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.32 metric 102删除路由示例如吗,使用ip route删除路由只需要复制ip route查看出来的路由即可。
#删除默认路由 [root@xuzhichao ~]# ip route del default via 192.168.20.1 dev eth2 #删除网段路由 [root@xuzhichao ~]# ip route del 30.0.0.0/24 via 192.168.20.1 dev eth1 [root@xuzhichao ~]# ip route default via 192.168.2.1 dev eth0 proto dhcp metric 100 30.0.1.1 via 192.168.20.1 dev eth1 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 101 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.32 metric 102 -
ip route flush 用于清空路由表,可以使用dev DEVICE和via nexthop两个参数,指定清空哪个接口或下一跳的路由,不指定接口或下一跳会清空所有路由:
[root@xuzhichao ~]# ip route default via 192.168.2.1 dev eth0 proto dhcp metric 100 30.0.1.1 via 192.168.20.1 dev eth1 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 101 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.32 metric 102 [root@xuzhichao ~]# ip route flush dev eth2 [root@xuzhichao ~]# ip route flush via 192.168.20.1 [root@xuzhichao ~]# ip route default via 192.168.2.1 dev eth0 proto dhcp metric 100 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100注意:Ip route flush清空接口路由时会清空直连路由,导致主机无法ping通直连网段,慎用!
#无法ping通网关地址 [root@xuzhichao ~]# ping 192.168.20.1 PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data. ^C --- 192.168.20.1 ping statistics --- 77 packets transmitted, 0 received, 100% packet loss, time 76445ms #增加直连路由 [root@xuzhichao ~]# ip route add 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 102 -
备份和恢复路由:
ip route save > FILE
ip route restore < FILE
#备份路由 [root@xuzhichao ~]# ip route save > route.txt [root@xuzhichao ~]# ip route flush dev eth2 [root@xuzhichao ~]# ip route flush dev eth0 [root@xuzhichao ~]# ip route 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 102 #恢复路由 [root@xuzhichao ~]# ip route restore < route.txt RTNETLINK answers: File exists [root@xuzhichao ~]# ip route default via 192.168.2.1 dev eth0 proto dhcp metric 100 99.0.0.0/24 via 192.168.2.1 dev eth0 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.123 metric 100 192.168.20.0/24 dev eth2 proto kernel scope link src 192.168.20.31 metric 102 192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.17 metric 102
1.7 nmcli命令详解
nmcli和nmtui是NetworkManger提供的网络管理工具,nmtui是图形界面,nmcli是命令行配置工具。
nmcli命令支持子命令简写和自动补全,任意不能补全需要安装软件包yum install bash-completion.noarch。
1.7.1 nmcli常用概念
在nmcli中有一个重要概念:connection,在nmcli中,每一个网络接口都有一个对应的connection,对应了接口的一套完整的网络配置,接口可以切换不同的connection来切换不同的配置。
每一个connection都有一个con-name,还有系统为其分配的UUID。
connection中需要执行网卡的类型,一般为ethernet,也可以是bond,wifi等接口类型;还有指定该connection对应的网络接口,以及指定接口的各种属性,例如地址获取方式,ip地址,掩码,网关,dns等。
每增加一个connection,都会自动生成一个网卡的配置文件,即在/etc/sysconfig/network-scripts/下生成一个名为ifcfg-NAME的文件,其中NAME为connection的con-name。
1.7.2 nmcli用法说明
nmcli的用法较多,下面一一说明。
-
nmcli connection show CON-NAME:查看connection的的内容
#示例一:查看当前的网卡和con-name的对应关系 [root@xuzhichao ~]# nmcli connection NAME UUID TYPE DEVICE eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 System eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2 #示例二:查看eth0-dhcp的具体配置 [root@xuzhichao ~]# nmcli connection show eth0-dhcp connection.id: eth0-dhcp connection.uuid: 3b80adc9-20cb-4da5-8ca2-3049006cdd0a connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: eth0 connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (default) connection.multi-connect: 0 (default) connection.auth-retries: -1 connection.timestamp: 1622945363 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) ...... -
nmclic device [disconnect | connect] IFACE:启用或禁用指定网卡接口
nmcli device status:查看接口状态
nmcli device show IFCFG :查看网卡的信息
#禁用eth2网卡 [root@xuzhichao ~]# nmcli device disconnect eth2 Device 'eth2' successfully disconnected. #查看网卡的状态 [root@xuzhichao ~]# nmcli device status DEVICE TYPE STATE CONNECTION eth1 ethernet connected eth1-static eth0 ethernet connected eth0-dhcp eth2 ethernet disconnected -- lo loopback unmanaged -- #禁用后网卡物理up,但是没有地址,可以临时配置ip地址 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff [root@xuzhichao ~]# ip add add 1.1.1.1/24 dev eth2 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 1.1.1.1/24 scope global eth2 valid_lft forever preferred_lft forever #启用网卡接口 [root@xuzhichao ~]# nmcli device connect eth2 Device 'eth2' successfully activated with '3a73717e-65ab-93e8-b518-24f5af32dc0d'. [root@xuzhichao ~]# nmcli device status DEVICE TYPE STATE CONNECTION eth1 ethernet connected eth1-static eth0 ethernet connected eth0-dhcp eth2 ethernet connected System eth2 lo loopback unmanaged -- #查看eth2的网卡信息 [root@xuzhichao ~]# nmcli device show eth2 GENERAL.DEVICE: eth2 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:2F:D0:E4 GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: System eth2 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/5 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 192.168.20.31/24 IP4.GATEWAY: -- IP4.ROUTE[1]: dst = 192.168.20.0/24, nh = 0.0.0.0, mt = 102 IP4.ROUTE[2]: dst = 20.0.0.0/24, nh = 192.168.20.1, mt = 102 IP4.ROUTE[3]: dst = 31.1.1.1/32, nh = 192.168.20.1, mt = 102 IP4.DNS[1]: 192.168.20.1 IP4.DOMAIN[1]: localdomain IP6.ADDRESS[1]: fe80::20c:29ff:fe2f:d0e4/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255 -
新建和删除connection,语法格式为:
nmcli connection add con-name CON-NAME type TYPE ifname IFCFG ipv4.method METHOD ipv4.address IP/PREFIX ipv4.gateway GATEWAY ipv4.dns DNS nmcli connection delete CON-NAME 说明: add:增加connection delete:删除connection con-name CON-NAME:connection的名字 type TYPE:指定网卡类型,一般为ethernet ifname IFCFG:指定网卡接口 ipv4.method METHOD:指定地址获取方式,manual为静态地址,auto为自动获取 ipv4.address IP/PREFIX:配置接口ip地址 ipv4.gateway GATEWAY:配置接口网关地址 ipv4.dns DNS:配置dns地址配置示例如下:
#示例一:为eth2增加静态地址的connection [root@xuzhichao ~]# nmcli connection add con-name eth2-static type ethernet ifname eth2 ipv4.method manual ipv4.addresses 10.1.1.1/24 ipv4.gateway 10.1.1.254 ipv4.dns 8.8.8.8 +ipv4.dns 9.9.9.9 Connection 'eth2-static' (fdd6eb05-7517-4e7a-8197-288fb12ccaef) successfully added. #自动生成的配置文件 [root@xuzhichao ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2-static TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none IPADDR=10.1.1.1 PREFIX=24 GATEWAY=10.1.1.254 DNS1=8.8.8.8 DNS2=9.9.9.9 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eth2-static UUID=05070603-5e39-4a9d-b499-9d2efea8556b DEVICE=eth2 ONBOOT=yes #示例二:为eth2增加自动获取地址的connection [root@xuzhichao ~]# nmcli connection add con-name eth2-auto type ethernet ifname eth2 ipv4.method auto Connection 'eth2-auto' (c2e3f414-da5c-4c67-90f4-cdcce74f3c18) successfully added. #自动生成的配置文件 [root@xuzhichao ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2-auto TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eth2-auto UUID=c2e3f414-da5c-4c67-90f4-cdcce74f3c18 DEVICE=eth2 ONBOOT=yes [root@xuzhichao ~]# nmcli connection NAME UUID TYPE DEVICE eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 System eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2 eth2-auto c2e3f414-da5c-4c67-90f4-cdcce74f3c18 ethernet -- eth2-static fdd6eb05-7517-4e7a-8197-288fb12ccaef ethernet -- #示例三:删除connection [root@xuzhichao ~]# nmcli connection delete eth2-static Connection 'eth2-static' (fdd6eb05-7517-4e7a-8197-288fb12ccaef) successfully deleted. -
nmcli connection up|down CON-NAME:激活up或down掉connection
增加connection后要想让该connection生效,需要启用该connection
#示例一:启用connection eth2-static [root@xuzhichao ~]# nmcli connection up eth2-static Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) [root@xuzhichao ~]# nmcli connection NAME UUID TYPE DEVICE eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 eth2-static 05070603-5e39-4a9d-b499-9d2efea8556b ethernet eth2 eth2-auto c2e3f414-da5c-4c67-90f4-cdcce74f3c18 ethernet -- System eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet -- #接口地址生效 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link noprefixroute valid_lft forever preferred_lft forever #路由自动生成,metric为102 [root@xuzhichao ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.20.1 0.0.0.0 UG 0 0 0 eth1 0.0.0.0 192.168.2.1 0.0.0.0 UG 101 0 0 eth0 0.0.0.0 10.1.1.254 0.0.0.0 UG 102 0 0 eth2 <==生成的路由 10.1.1.0 0.0.0.0 255.255.255.0 U 102 0 0 eth2 99.0.0.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 101 0 0 eth0 192.168.20.0 0.0.0.0 255.255.255.0 U 100 0 0 eth1 #生成dns地址 [root@xuzhichao ~]# cat /etc/resolv.conf search lan nameserver 192.168.2.1 nameserver 8.8.8.8 #示例二:禁用connection eth2-static [root@xuzhichao ~]# nmcli connection down eth2-static Connection 'eth2-static' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10) [root@xuzhichao ~]# nmcli connection NAME UUID TYPE DEVICE eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 System eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2 eth2-auto c2e3f414-da5c-4c67-90f4-cdcce74f3c18 ethernet -- eth2-static 05070603-5e39-4a9d-b499-9d2efea8556b ethernet -- -
更改connection的配置,语法格式为:
nmcli connection modify CON-NAME [+|-] <setting><property> <value> 说明: CON-NAME:connection的名称; +:表示在connection上增加配置; -:表示在connection上移除配置; <setting><property>:修改项,例如ipv4.address; <value>:修改的值 注意:当地址为自动获取时,不能手动增加ip地址注意:修改为connection后,配置不会立即生效,需要nmcli connection up CON-NAME才能生效。
配置示例如下:
[root@xuzhichao ~]# nmcli connection up eth2-static Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19) [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link noprefixroute valid_lft forever preferred_lft forever #示例一:增加eth2的ip地址 [root@xuzhichao ~]# nmcli connection modify eth2-static +ipv4.addresses 11.1.1.1/32 [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@xuzhichao ~]# nmcli connection up eth2-static Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/20) [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet 11.1.1.1/32 brd 11.1.1.1 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link noprefixroute valid_lft forever preferred_lft forever #示例二:移除eth2的ip地址 [root@xuzhichao ~]# nmcli connection modify eth2-static -ipv4.addresses 11.1.1.1/32 [root@xuzhichao ~]# nmcli connection up eth2-static Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21) [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link noprefixroute valid_lft forever preferred_lft forever #重设eth2的ip地址 [root@xuzhichao ~]# nmcli connection modify eth2-static ipv4.addresses 11.1.1.1/32 [root@xuzhichao ~]# nmcli connection up eth2-static Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/22) [root@xuzhichao ~]# ip add show eth2 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 11.1.1.1/32 brd 11.1.1.1 scope global noprefixroute eth2 valid_lft forever preferred_lft forever inet6 fe80::80b9:b869:e531:3141/64 scope link tentative noprefixroute valid_lft forever preferred_lft forever -
nmcli管理网卡配置文件
可以直接修改网卡的配置文件然后让nmcli进行识别管理,使用如下方式:
nmcli connection reload
nmlci connection load FILENAME1 FILENAME2
#复制网卡文件 [root@xuzhichao network-scripts]# cp ifcfg-eth2-static ifcfg-eth2-static2 #修改文件中个的NAME为CON-NAME,删除UUID [root@xuzhichao network-scripts]# vim ifcfg-eth2-static2 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none IPADDR=12.1.1.1 PREFIX=32 DNS1=8.8.8.8 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eth2-static2 <==修改此项,此项即为CON-NAME DEVICE=eth2 ONBOOT=yes #重新加载网卡文件 [root@xuzhichao network-scripts]# nmcli connection reload [root@xuzhichao network-scripts]# nmcli connection NAME UUID TYPE DEVICE eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 eth2-static 05070603-5e39-4a9d-b499-9d2efea8556b ethernet eth2 eth2-auto c2e3f414-da5c-4c67-90f4-cdcce74f3c18 ethernet -- eth2-static2 14c65799-d2c3-8fbd-0ce9-496ce1d276e5 ethernet -- #启用网卡文件 [root@xuzhichao network-scripts]# nmcli connection up eth2-static2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/23)
1.8 多网卡绑定:bonding
bonding是将多块网卡绑定为同一个ip对外提供服务,实现网卡的高可用和负载均衡。
通过bonding可以创建一个虚拟网卡master对外提供服务,然后将多个物理网卡以slave角色绑定到bonding接口上,这些接口将共用MAC地址,这样流量将以master虚拟网卡为导向分配给各个slave物理网卡,从而提高主机的网络吞吐量和高可用性。
1.8.1 bonding工作模式
bonding共有7种工作模式。
-
mode 0 (balance-rr):
轮询模式,每个slave网卡按顺序依次接收和发送数据包,第一个数据包由一个接口发送,另一个数据包则由另外一个接口发送,下面依次进行循环,可以提供负载和高可用能力,发出数据包的MAC为Bond0的MAC;
需要对端交换机上配置链路聚合,强制或lacp方式都可以,若交换机未配置链路聚合则会发生交换机上MAC动荡的情况;
-
mode 1 (active-backup):
主备模式,只有一个slave网卡被激活,进行收发包,只有当这个slave网卡down时其他slave网卡才会被激活进行收发包,仅提供备份功能;
此模式下交换机无需配置链路聚合,同一时间只有一个网卡工作;
-
mode 2 (balance-xor):
hash策略,根据源MAC和目的MAC进行hash,相同的hash值分配给一个固定的slave端口,因此同一个发送者和接受者的数据总是由同一个slave发送,此算法在只有一个客户端访问服务器或者服务器和客户端不在同一子网的情况下,负载不会均衡。适合源地址和目的地址是同一网段的情况使用。
此模式需要对端交换机链路聚合功能的支持。
-
mode 3 (broadcast):
广播策略,将数据包发送给所有的slave接口,提供备份能力。
此模式需要对端交换机链路聚合功能的支持。
-
mode 4 (802.3ad):
链路聚合模式,多个slave接口创建一个链路聚合组,共享相同的速度,需要所有的slave接口保持同一速率。
此模式需要交换机上使用LACP协议进行对接。
-
mode 5 (balance-tlb):
在每个slave上根据当前的负载(根据速度计算)分配外出流量。如果正在接受数据的slave出故障了,另一个slave接管失败的slave的MAC地址,流入数据由当前slave承担。该模式不能用于虚拟交换机模式。
此模式不需要交换机的额外支持。
-
mode 6 (balance-alb):
外出流量与balance-tlb模式相同,接收负载均衡是通过ARP协商实现的。bonding驱动截获本机发送的ARP应答,并把源硬件地址改写为bond中某个slave的唯一硬件地址,从而使得不同的对端使用不同的硬件地址进行通信。提供负载和备份能力,该模式不能用于虚拟交换机模式。
此模式不需要交换机的额外支持。
1.8.2 bonding配置
bonding有两种配置方法,在centos6和centos7上可以使用配置文件的方式进行配置,在centos7上可以使用nmcli命令进行配置。
1.8.2.1 使用bonding配置文件方式配置
把eth2和eth3绑定到bonding接口,配置步骤:
- 创建bond0:
-
创建master,增加bonding配置文件/etc/sysconfig/network-scripts/ifcfg-bond0。
root@xuzhichao ~]# cd /etc/sysconfig/network-scripts/ [root@xuzhichao network-scripts]# vim ifcfg-bond0 DEVICE=bond0 <==配置bond0的设备名,需要和文件名中的设备名保持一致 BOOTROTO=none ONBOOT=yes IPADDR=192.168.20.40 PREFIX=24 TYPE=Bond BONDING_MASTER=yes BONDING_OPTS="miimon=100 mode=1" <==配置bond的选项,miimon用于链路监测,表示每100ms监测一下链路状态,一条线路不通就转入另一条线路;mode用于配置bonding的工作模式。 -
配置slave网卡的配置文件
[root@xuzhichao network-scripts]# cat ifcfg-eth2 TYPE=Ethernet BOOTPROTO=none DEVICE=eth2 ONBOOT=yes SLAVE=yes <==指定自身为slave角色 MASTER=bond0 <==指定要加入的bond接口 [root@xuzhichao network-scripts]# cat ifcfg-eth3 TYPE=Ethernet BOOTPROTO=none DEVICE=eth3 ONBOOT=yes SLAVE=yes MASTER=bond0 -
重启网络服务
[root@xuzhichao network-scripts]# service network restart如果没有加载bond驱动,使用如下方式加载:
#加载bond驱动 [root@xuzhichao network-scripts]# modprobe bonding #查看bond驱动 [root@xuzhichao network-scripts]# lsmod | grep bonding bonding 152979 0 -
查看bond信息
#查看bond0信息 [root@xuzhichao network-scripts]# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: fault-tolerance (active-backup) Primary Slave: None Currently Active Slave: eth2 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth2 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:2f:d0:e4 Slave queue ID: 0 Slave Interface: eth3 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:2f:d0:ee Slave queue ID: 0 #查看bond0模式: [root@xuzhichao network-scripts]# cat /sys/class/net/bond0/bonding/mode active-backup 1 #注意:bond0和两个网卡的mac地址相同 [root@xuzhichao network-scripts]# ip add 4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff 5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff 7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.40/24 brd 192.168.20.255 scope global noprefixroute bond0 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe2f:d0e4/64 scope link valid_lft forever preferred_lft forever
-
卸载bond0:
#禁用bond0 [root@xuzhichao network-scripts]# ifconfig bond0 down #卸载bond模块 [root@xuzhichao network-scripts]# modprobe -r bonding #删除bond网卡配置文件 [root@xuzhichao network-scripts]# rm /etc/sysconfig/network-scripts/ifcfg-eth{2,3} [root@xuzhichao network-scripts]# rm /etc/sysconfig/network-scripts/ifcfg-bond0
1.8.2.2 使用nmcli方式配置
-
创建bond0:
-
创建bond0master角色
[root@xuzhichao network-scripts]# nmcli connection add type bond con-name bond0 ifname bond0 mode balance-rr ipv4.method auto Connection 'bond0' (eb50c025-bbba-4888-b5e4-ae173a397bd0) successfully added. -
添加slave端口到bond0上
[root@xuzhichao network-scripts]# nmcli connection add type bond-slave ifname eth2 master bond0 Connection 'bond-slave-eth2' (c1ade84b-8d37-4054-9690-75bbddadce2b) successfully added. [root@xuzhichao network-scripts]# nmcli connection add type bond-slave ifname eth3 master bond0 Connection 'bond-slave-eth3' (38b63309-2048-47b2-bd68-fa7db38d37a2) successfully added. #查看connection [root@xuzhichao network-scripts]# nmcli connection NAME UUID TYPE DEVICE eth0-dhcp 3b80adc9-20cb-4da5-8ca2-3049006cdd0a ethernet eth0 Bond bond0 ad33d8b0-1f7b-cab9-9447-ba07f855b143 bond bond0 eth1-static b0b223a0-fa90-4cdb-b762-16d88aeed548 ethernet eth1 System eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2 System eth3 c5ca8081-6db2-4602-4b46-d771f4330a6d ethernet eth3 bond0 eb50c025-bbba-4888-b5e4-ae173a397bd0 bond -- bond-slave-eth2 c1ade84b-8d37-4054-9690-75bbddadce2b ethernet -- bond-slave-eth3 38b63309-2048-47b2-bd68-fa7db38d37a2 ethernet -- -
启动bond0,先启动slave,在启动master
[root@xuzhichao network-scripts]# nmcli connection up bond-slave-eth2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/34) [root@xuzhichao network-scripts]# nmcli connection up bond-slave-eth3 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/35) [root@xuzhichao network-scripts]# nmcli connection up bond0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/36) -
查看bond0状态
[root@xuzhichao network-scripts]# cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: load balancing (round-robin) <==模式为rr模式 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth2 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:2f:d0:e4 Slave queue ID: 0 Slave Interface: eth3 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:2f:d0:ee Slave queue ID: 0 [root@xuzhichao network-scripts]# ip add 4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff 5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff 8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0c:29:2f:d0:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute dynamic bond0 valid_lft 1429sec preferred_lft 1429sec inet6 fe80::f124:636:a27:e2c/64 scope link noprefixroute valid_lft forever preferred_lft forever
-
-
删除bond0:
#禁用bond0 [root@xuzhichao network-scripts]# ifconfig bond0 down #卸载bond模块 [root@xuzhichao network-scripts]# modprobe -r bonding #删除配置文件 [root@xuzhichao network-scripts]# nmcli connection delete bond-slave-eth2 Connection 'bond-slave-eth2' (c1ade84b-8d37-4054-9690-75bbddadce2b) successfully deleted. [root@xuzhichao network-scripts]# nmcli connection delete bond-slave-eth3 Connection 'bond-slave-eth3' (38b63309-2048-47b2-bd68-fa7db38d37a2) successfully deleted. [root@xuzhichao network-scripts]# nmcli connection delete bond0 Connection 'bond0' (eb50c025-bbba-4888-b5e4-ae173a397bd0) successfully deleted. Connection 'bond0' (bf4e83d2-6262-48c9-b6be-9ac6b43e4aee) successfully deleted.
1.9 网络状态监控
1.9.1 netstat命令详解
netstat命令用于查看TCP和UDP以及套接字的连接状态信息。
netstat的常用选项如下:
| 选项 | 说明 |
|---|---|
| -t | 显示tcp连接情况 |
| -u | 显示udp连接情况 |
| -w | 显示套接字状态 |
| -a | 显示所有所有连接状态 |
| -l | 显示处于监听的状态的连接 |
| -n | 以数字形式显示ip和端口号 |
| -p | 显示使用该连接的相关进程及PID |
| -e | 扩展格式 |
| -i | 显示网络接口的统计信息 |
| -a | 显示所有网络接口的统计信息,包括down的接口 |
| -r | 显示路由信息 |
netstat命令的使用示例如下:
#示例一:查看tcp的所有连接信息
[root@xuzhichao network-scripts]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 52 192.168.20.17:22 192.168.20.1:56401 ESTABLISHED
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
#示例二:显示udp的所有连接信息
[root@xuzhichao network-scripts]# netstat -uan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 ::1:323 :::*
#示例三:显示tcp的监听状态的信息
[root@xuzhichao network-scripts]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
#示例四:显示udp的监听状态的信息
[root@xuzhichao network-scripts]# netstat -unl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 ::1:323 :::*
#示例五:显示tcp的监听状态的信息即对应的进程
[root@xuzhichao network-scripts]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1326/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1154/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1326/master
tcp6 0 0 :::22 :::* LISTEN 1154/sshd
#示例六:显示所有的网路连接
[root@xuzhichao network-scripts]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 52 192.168.20.17:22 192.168.20.1:56401 ESTABLISHED
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 ::1:323 :::*
raw6 0 0 :::58 :::* 7
raw6 0 0 :::58 :::* 7
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 21745 public/pickup
unix 2 [ ACC ] STREAM LISTENING 21749 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 21752 public/qmgr
.....
#示例七:显示tcp和udp的所有连接信息
[root@xuzhichao network-scripts]# netstat -tuan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 52 192.168.20.17:22 192.168.20.1:56401 ESTABLISHED
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 ::1:323 :::*
#示例八:显示接口的统计信息
[root@xuzhichao network-scripts]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 7514 0 0 0 340 0 0 0 BMRU
eth1 1500 11108 0 0 0 6163 0 0 0 BMRU
eth2 1500 1991 0 0 0 232 0 0 0 BMRU
lo 65536 75 0 0 0 75 0 0 0 LRU
#示例九:显示路由信息
[root@xuzhichao network-scripts]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.1.1.254 0.0.0.0 UG 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
10.1.1.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth2
11.1.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth2
99.0.0.0 192.168.2.1 255.255.255.0 UG 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
1.9.2 ss命令详解
ss命令和netstat命令的功能类似,ss是一个较新的命令,其性能优于netstat,功能也比netstat强大。
ss命令的语法格式为:
ss [ OPTIONS ] [ FILTER ]
ss命令的常用选项如下:
| 选项 | 说明 |
|---|---|
| -t | 显示tcp连接情况 |
| -u | 显示udp连接情况 |
| -w | 显示套接字状态 |
| -a | 显示所有所有连接状态 |
| -l | 显示处于监听的状态的连接 |
| -n | 以数字形式显示ip和端口号 |
| -p | 显示使用该连接的相关进程及PID |
| -e | 扩展格式 |
| -m | 显示内存使用情况 |
| -o | 计时器信息 |
FILTER为过滤器,让ss显示特性状态的连接情况,格式如下:
[ state STATE-FILTER ] [ EXPRESSION ]
其中STATE-FILTER多用于TCP。tcp的常见状态为{established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
EXPRESSION表达式:
dport =:表示目标端口或协议名称,例如dport = :ssh;
sport =:表示源端口或协议名称;
ss命令的使用示例如下:
#示例一:查看tcp中listen状态的连接及对应的进程
[root@xuzhichao ~]# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1326,fd=13))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1154,fd=3))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=1326,fd=14))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1154,fd=4))
#示例二:查看tcp中listen状态的连接
[root@xuzhichao ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:22 [::]:*
#示例三:查看tcp所有的连接状态
[root@xuzhichao ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
ESTAB 0 0 192.168.20.17:22 192.168.20.1:56401
ESTAB 0 52 192.168.20.17:22 192.168.20.1:53185
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:22 [::]:*
#示例四:查看udp的所有连接状态
[root@xuzhichao ~]# ss -uan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:68 *:*
UNCONN 0 0 [::1]:323 [::]:*
#示例五:查看所有建立成功的ssh连接,注意等号和括号两边的空格
[root@xuzhichao ~]# ss -o state established '( dport = :ssh or sport = :ssh )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 0 192.168.20.17:ssh 192.168.20.1:56401 timer:(keepalive,55min,0)
tcp 0 52 192.168.20.17:ssh 192.168.20.1:53185 timer:(on,244ms,0)
#示例六:查看所有建立的http连接
[root@xuzhichao ~]# ss -o state established '( dport = :http or sport = :http )'
#示例七:显示当前socket的统计信息
[root@xuzhichao ~]# ss -s
Total: 575 (kernel 1020)
TCP: 6 (estab 2, closed 0, orphaned 0, synrecv 0, timewait 0/0), ports 0
Transport Total IP IPv6
* 1020 - -
RAW 3 0 3
UDP 3 2 1
TCP 6 4 2
INET 12 6 6
FRAG 0 0 0
#示例八:显示本地打开的所有端口即对应的进程
[root@xuzhichao ~]# ss -lp
1.10 常用网络测试工具
1.10.1 ping命令
ping命令通过发送ICMP报文探测网络的连通性,常见选项如下:
| 选项 | 说明 |
|---|---|
| -c # | 指定发包的个数 |
| -I IFCFG | 指定发包的出接口 |
| -i | 指定两个包之间发包的间隔 |
| -w # | 指定ping的超时时长,即ping命令运行的总时间,单位秒 |
| -W # | 指定等待对方响应的超时时长,单位秒 |
| -s # | 指定发送报文的大小,默认为64字节,单位字节 |
ping命令的使用示例如下:
#示例一:ping1000字节的包
[root@xuzhichao ~]# ping 192.168.2.1 -s 1000
PING 192.168.2.1 (192.168.2.1) 1000(1028) bytes of data.
1008 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=6.91 ms
1008 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=19.7 ms
^C
--- 192.168.2.1 ping statistics ---
3 packets transmitted, 2 received, 33% packet loss, time 2011ms
rtt min/avg/max/mdev = 6.915/13.324/19.734/6.410 ms
#只ping1个包,默认会一直ping
[root@xuzhichao ~]# ping 192.168.2.1 -c 1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=3.24 ms
--- 192.168.2.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 3.247/3.247/3.247/0.000 ms
#示例三:ping域名
[root@xuzhichao ~]# ping www.baidu,com
1.10.2 traceroute命令
traceroute命令也用于探测网络,并显示出中间的每一条路径,通过修改数据包的TTL值实现,TTL值从1开始依次增加。
traceroute命令的常用选项如下:
| 选项 | 说明 |
|---|---|
| -I | 使用icmp包进行探测 |
| -T | 使用tcp包进行探测 |
| -U | 使用UDP包进行探测 |
| -n | 以ip地址显示而非主机名,加快traceroute的速度,默认显示域名 |
| -i | 指定发包的出接口 |
| -s ip | 指定发包的源地址 |
| -p port | 指定udp发包的端口 |
traceroute命令的使用示例:
#示例一:跟踪达到www.baidu.com的路径
[root@xuzhichao ~]# traceroute -n www.baidu.com
traceroute to www.baidu.com (110.242.68.4), 30 hops max, 60 byte packets
1 192.168.2.1 56.442 ms 56.351 ms 56.270 ms
2 100.64.0.1 56.196 ms 56.121 ms 56.180 ms
3 115.60.218.101 57.872 ms 57.828 ms 57.725 ms
4 * * *
......
#示例二:指定源接口进行探测路径
[root@xuzhichao ~]# traceroute -n 1.1.1.1 -s 192.168.2.123
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 192.168.2.1 5.046 ms 7.865 ms 7.818 ms
......
1.10.3 tracepath命令
tracepath命令和traceroute命令的作用相似,跟踪网路中的路径,并给出在路径中的每一跳。
tracepath命令的常用选项如下:
| 选项 | 说明 |
|---|---|
| -n | 以ip地址显示而非主机名,加快tracepath的速度,默认显示域名 |
| -b | 同时显示ip地址和域名 |
| -l | 指定包的大小 |
| p | 指定目标地址的UDP端口号 |
tracepath命令的使用示例如下:
[root@xuzhichao ~]# tracepath -n 1.1.1.1
1?: [LOCALHOST] pmtu 1500
1: 192.168.2.1 7.468ms
1: 192.168.2.1 8.437ms
2: 192.168.2.1 3.777ms pmtu 1480
2: 100.64.0.1 5.299ms
3: 115.60.218.101 15.290ms
4: 61.168.37.77 7.053ms
......
[root@xuzhichao ~]# tracepath -n 1.1.1.1 -b
1?: [LOCALHOST] pmtu 1500
1: 192.168.2.1 (phicomm.me) 5.204ms
1: 192.168.2.1 (phicomm.me) 7.817ms
2: 192.168.2.1 (phicomm.me) 7.141ms pmtu 1480
2: 100.64.0.1 (100.64.0.1) 10.965ms
3: 115.60.218.101 (hn.kd.ny.adsl) 6.009ms
......
1.11 tcpdump抓包工具详解
tcpdump命令可以对网络上的数据包进行截获抓取,对数据包进行分析,故障排查常用工具。
使用前需要安装数据包
[root@xuzhichao ~]# yum install tcpdump
语法格式为:
tcpdump [OPTIONS] [EXPRESSION]
若不给选项,则抓取的是第一个非lo接口的数据包。
1.11.1 tcpdump的选项说明
tcpdump的选项如下:
| 选项 | 说明 |
|---|---|
| -c # | 指定抓取的数据包的数量,抓取结束后直接退出 |
| -e | 在每列的显示数据链路层的头部信息,如MAC地址等 |
| -i IFCFG | 指定抓包的网卡接口 |
| -n | 不把主机的网络地址转化成主机名 |
| -nn | 不把协议或端口号转化成协议名称 |
| -P in|out | 指定抓包的方向,in为接收的包,out为发出的包 |
| -r | 从指定的文件中读取数据包信息 |
| -tttt | 显示时间戳,格式为YYYY-MM-DD hour:min:s.现在距离午夜的秒数 |
| -ttt | 显示当前行和前一行的时间差,单位为微秒 |
| -X | 输出包的头部信息 |
| -XX | 输出包的头部信息,更加详细 |
| -v | 显示详细的数据包内容 |
| -vv | 比-v显示更详细 |
| -vvv | 比vv显示更详细 |
| -w FILE | 把抓取的数据包写入指定的文件中 |
1.11.2 tcpdump表达式说明
表达式用于筛选出输出哪些类型的数据包。
表达式由一个或多个“单元”组成,有三种类型的单元:proto,dir,type。每个单元包括一个值的类型和对用的值。
-
proto:指定数据包的协议类型
常用的协议类型有tcp/udp/ip/icmp/arp等,未给定协议,会显示所有的协议。
-
dir:指定的源还是目的
源为src,目的为dst,可以组合使用,同时匹配源和目的使用src and dst;匹配源或目的使用src or dst,不指定为源和目的都匹配。
-
type:指定ID值的类型
常用的type为host/net/port/portrange
例如host 1.1.1.1;net 10.0.0.0/24;port 21;portrange 100-200
一个表示式的完整格式为 proto dir type ID
例如“tcp src port 21” ;“udp port 63”;“ip dst net 11.1.1.0/24”
1.11.3 tcpdump使用示例
tcpdump常用使用示例如下:
#示例一:抓取eth1口的所有报文
[root@xuzhichao ~]# tcpdump -i eth1
11:41:25.365209 IP xuzhichao.ssh > 192.168.20.1.53654: Flags [P.], seq 20472:20636, ack 1, win 251, length 164
11:41:25.365292 IP xuzhichao.ssh > 192.168.20.1.53654: Flags [P.], seq 20636:20800, ack 1, win 251, length 164
......
#示例二:只抓取eth1口的icmp包,以ip形式显示
[root@xuzhichao ~]# tcpdump -i eth1 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:47:05.291181 IP 192.168.20.1 > 192.168.20.17: ICMP echo request, id 1, seq 1, length 40
11:47:05.291288 IP 192.168.20.17 > 192.168.20.1: ICMP echo reply, id 1, seq 1, length 40
#示例三:抓取源ip是192.168.20.1的数据包
[root@xuzhichao ~]# tcpdump src host 192.168.20.1
#示例四:抓取源或目的ip是192.168.20.1的数据包
[root@xuzhichao ~]# tcpdump host 192.168.20.1
#示例五:抓取eth1口上tcp80端口的相关协议数据包
[root@xuzhichao ~]# tcpdump -i eth1 tcp port 80
#示例六:抓取eth1口上主机192,168.20.1和tcp端口22相关的数据包
[root@xuzhichao ~]# tcpdump -i eth1 host 192.168.20.1 and tcp port 22
#示例七:抓取eth1口上主机192.168.20.1的所有数据包,除了tcp端口80和22的数据包
[root@xuzhichao ~]# tcpdump -i eth1 host 192.168.20.1 and tcp port not 22 and not 80
#示例八:抓取eth1口上主机192.168.20.1上目的端口为tcp80和22的数据包
[root@xuzhichao ~]# tcpdump -i eth1 host 192.168.20.1 and dst tcp port 22 or 80
#示例九:抓取来自192,168.20.1的ping包
[root@xuzhichao ~]# tcpdump icmp and src host 192.168.20.1
#示例十:抓取数据包时显示详细信息
[root@xuzhichao ~]# tcpdump -i eth1 -nn -XX -vvv icmp
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:59:17.719123 IP (tos 0x0, ttl 128, id 39256, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.1 > 192.168.20.17: ICMP echo request, id 1, seq 3, length 40
0x0000: 000c 292f d0da 0050 56c0 0001 0800 4500 ..)/...PV.....E.
0x0010: 003c 9958 0000 8001 f805 c0a8 1401 c0a8 .<.X............
0x0020: 1411 0800 4d58 0001 0003 6162 6364 6566 ....MX....abcdef
0x0030: 6768 696a 6b6c 6d6e 6f70 7172 7374 7576 ghijklmnopqrstuv
0x0040: 7761 6263 6465 6667 6869 wabcdefghi
11:59:17.719196 IP (tos 0x0, ttl 64, id 62569, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.17 > 192.168.20.1: ICMP echo reply, id 1, seq 3, length 40
0x0000: 0050 56c0 0001 000c 292f d0da 0800 4500 .PV.....)/....E.
0x0010: 003c f469 0000 4001 dcf4 c0a8 1411 c0a8 .<.i..@.........
0x0020: 1401 0000 5558 0001 0003 6162 6364 6566 ....UX....abcdef
0x0030: 6768 696a 6b6c 6d6e 6f70 7172 7374 7576 ghijklmnopqrstuv
0x0040: 7761 6263 6465 6667 6869 wabcdefghi
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
[root@xuzhichao ~]# tcpdump -i eth1 -nn -vvv icmp
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
11:59:37.043046 IP (tos 0x0, ttl 128, id 39295, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.1 > 192.168.20.17: ICMP echo request, id 1, seq 4, length 40
11:59:37.043084 IP (tos 0x0, ttl 64, id 7449, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.17 > 192.168.20.1: ICMP echo reply, id 1, seq 4, length 40
11:59:38.052999 IP (tos 0x0, ttl 128, id 39297, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.1 > 192.168.20.17: ICMP echo request, id 1, seq 5, length 40
11:59:38.053061 IP (tos 0x0, ttl 64, id 7468, offset 0, flags [none], proto ICMP (1), length 60)
192.168.20.17 > 192.168.20.1: ICMP echo reply, id 1, seq 5, length 40
#示例十一:抓取数据包时显示mac地址信息
[root@xuzhichao ~]# tcpdump -c 2 -i eth1 -nn -e icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
12:01:05.633392 00:50:56:c0:00:01 > 00:0c:29:2f:d0:da, ethertype IPv4 (0x0800), length 74: 192.168.20.1 > 192.168.20.17: ICMP echo request, id 1, seq 6, length 40
12:01:05.633441 00:0c:29:2f:d0:da > 00:50:56:c0:00:01, ethertype IPv4 (0x0800), length 74: 192.168.20.17 > 192.168.20.1: ICMP echo reply, id 1, seq 6, length 40
1.12 wget命令详解
wget是一个强大的命令行的下载工具,具有如下特点:
- 支持断点下传功能;
- 同时支持FTP和HTTP下载方式;
- 支持代理服务器;
- 程序小,完全免费;
wget命令的常用选项如下:
| 选项 | 说明 |
|---|---|
| -b | 后台下载 |
| -i FILE | 从FILE中获取URL信息 |
| -O FILE | 下载文件保存为别的文件名 |
| -t | 指定尝试下载的次数 |
| -N | 只下载比本地新的文件 |
| -c | 断点续传 |
| --http-user=USER | 设置网页上的用户 |
| --http-passwd=PASS | 设置网页上的密码 |
| -r | 下载整个网站、目录(小心使用) |
| -A | 可以接受的文件类型 |
| -R | 拒绝接受的文件类型 |
wget的使用示例如下:
#示例一:使用wget下载单个文件
[root@xuzhichao ~]# wget http://cn.wordpress.org/wordpress-3.1-zh_CN.zip
#示例二:下载文件并重命名
[root@xuzhichao ~]# wget -0 wordpress.zip http://cn.wordpress.org/wordpress-3.1-zh_CN.zip
#示例三:下载一个网址内容,除了图片
[root@xuzhichao ~]#wget -–reject=gif url
#示例四:下载一个网站的所有PDF文件
[root@xuzhichao ~]#wget -r -A .pdf url
2021-06-07 15:05:21 星期一
浙公网安备 33010602011771号