配置linux网络命令
ip:show / manipulate routing, devices, policy routing and tunnels
ip [options] OBJECT {COMMAND|help}
OBJECT:={link|addr|route}
ip link - network device configuration
set
dev IFACE
可设置属性:
up和down:激活或禁用指定端口;
show
[dev IFACE]:指定接口;
[up]:仅显示处于激活状态的接口;
ip address - protocol address management
ip addr {add|del} IFADDR dev STRING
例子:ip addr add 192.168.10.0/24 dev ens33
[label LABEL]:添加地址时指定网卡别名;
[scope {global|link|host}]:指定作用域;
global:全局有用;
link:仅直连链接可用;
host:本地可用;
[broadcast ADDRESS]:指明广播地址;
ip addr show - look at protocol address
[dev DEVICE]:显示指定接口;
[label PATTERN]:显示指定label;
[primary and secondary]:显示主辅地址;
ip address flush - flush protocol addresses
使用格式同show;
ip route - routing table management
ip route add
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主机路由:ip地址
网络路由:ip地址/MASK
添加网关:iproute add default via GW dev IFACE
ip route del
删除路由:ip route del TARGET
ip route show
[dev IFACE]:显示指定接口;
[via PREFIX]:显示指定前缀的路由;
ip route flush
[dev IFACE]:清空指定接口;
[via PREFIX]:清空与指定网关相关的信息;
ss:another utility to investigate sockets→类似于netstat
ss [options] [FILTER]
options:
-t:tcp协议相关;
-u:udp协议相关;
-l:listen状态的连接;
-w:裸套接字相关;
-u:unix sock相关;
-a:所有;
-n:数字格式;
-p:相关的程序及PID;
-e:扩展信息;
-m:内存用量;
-o:计时器信息;
FILTER := [ state STATE-FILTER ] [ EXPRESSION ]
例子:ss -o state fin-wait-1 '( sport = :http or sport = :https )' dst 193.233.7/24
TCP的常见状态:
tcp finit state machin(tcp的有限状态机):
LISTEN:监听;
ESTABLISHED:已建立的连接;
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
例子:ss -tnl state ESTABLISHED
EXPRESSION:
dport =
sport =
例子:'( sport = :http or sport = :https )'
常用组合:
-tan、-tanl、-tanlp、-uan
修改配置文件:
IP、GW、DNS、MASK等的配置文件路径:/etc/sysconfig/network-scripts/ifcfg-IFACE
路由相关的配置文件:/etc/sysconfig/network-scripts/route-IFACE(默认不存在,需自己创建)
/etc/sysconfig/network-scripts/ifcfg-IFACE:
DEVICE:此配置文件应用到的设备;
HWADDR:对应设备的硬件地址;
BOOTPROTO:激活此设备时使用的地址配置协议,常用的有dhcp、static、none、bootp;
NM_CONTROLLED:NM是NetworkManager的简写,表示此网卡是否接受NM控制,CentOS6建议“no”;
帮助文档:man NetworkManager
ONBOOT:在系统引导时是否激活此设备;
TYPE:接口类型,常用的有Ethernet,Bridge;
UUID:设备的唯一标识;
IPADDR:指明IP地址;
NETMASK:子网掩码;
GETWAY:默认网关;
DNS1:第一个DNS服务器指向;
DNS2:第二个DNS服务器指向;
USERCTL:普通用户是否可控制此设备;
PEERDNS:如果BOOTPROTO为dhcp,是否允许dhcp server分配的DNS服务器指向信息直接覆盖至/etc/resolv.conf文件中;
/etc/sysconfig/network-scripts/route-IFACE:
两种风格:
(1)TARGET via GW
(2)每三行定义一条路由信息:
ADDRESS#=TARGET
NETMASK#=mask
GATEWAY#=GW
#:为数字,表示第几组路由信息;
给网卡配置多地址:
ifconfig
ifconfig IFACE_ALIAS IPADDR {up|down}
ip
配置文件:
ifcfg-IFACE:#
Note:网卡别名不能使dhcp协议引导,即dhcp不能给别名分配地址;
使用nmtui图形配置ip地址;
配置当前主机的主机名:
hostname [HOSTNAME]
/etc/sysconfig/network(重启主机生效)
HOSTNAME=
Note:无需重启主机,hostname结合配置文件一起用即可;
CentOS6网络接口识别并命名相关的udev配置文件
/etc/udev/rules.d/70-persistent-net.rules
卸载网卡驱动:
modprobe -r e1000
装载网卡驱动:
modprobe e1000
注:根据马哥视频做的学习笔记,如有错误,欢迎指正;侵删