运维开发网
广告位招商联系QQ:123077622
 
广告位招商联系QQ:123077622

linux网络基础管理

运维开发网 https://www.qedev.com 2020-07-21 11:45 出处:网络
目录 linux网络基础管理 1. 网卡命名 1.1 传统网卡命名机制 1.2 redhat7网卡命名机制

目录

  • Linux网络基础管理
    • 1. 网卡命名
      • 1.1 传统网卡命名机制
      • 1.2 redhat7网卡命名机制
      • 1.3 网络接口名称组成格式
      • 回归传统名
    • 2. 网络管理常用命令
      • 2.1 ifconfig
      • 2.2 ip
      • 2.3 route
      • 2.4 hostname与hostnamectl
    • 3.网络相关配置文件
      • 3.2 网络接口配置文件
      • 3.3路由配置文件
      • 3.4DNS配置文件
    • 4. NetworkManager管理网络
    • 5. 使用原生network管理网络
    • 6.网络检测工具与故障排查
      • 6.1 ping
      • 6.2 host与nslookup
      • 6.3 traceroute
      • 6.4 netstat
      • 6.5 ss
      • 常见端口
      • 6.6 网络故障排查
    • 作业

Linux网络基础管理

@

1. 网卡命名

1.1 传统网卡命名机制

传统命名:

以太网eth[0,1,2,...]

wlan[0,1,2,...]

1.2 redhat7网卡命名机制

systemd对网络设备的命名方式:

如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测,则根据此索引进行命名,例如eno1

如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,例如ens1

如果硬件接口的物理位置信息可用,则根据此信息进行命名,例如enp2s0

如果用户显式启动,也可根据MAC地址进行命名,例如enx2387a1dc56

上述均不可用时,则使用传统命名机制

上述命名机制中,有的需要biosdevname程序的参与。所以必须安装biosdevname程序且启用它。

1.3 网络接口名称组成格式

基于固件、设备结构、设备类型

由两个字母开头标示固件

以太网网卡以 en 开头

无线网卡以 wl 开头

设备结构

o:主板上集成的设备的设备索引号

s:扩展槽的索引号

x:基于MAC地址的命名

p s :基于物理位置拓扑的命名。如enp2s1,表示PCI总线上第2个总线的第1个插槽的设备索引号

1.4 网卡设备的命名过程

udev,辅助工具程序/lib/udev/rename_device会根据/usr/lib/udev/rules.d/60-net.rules中的信息设定网卡名称

biosdevname会根据/usr/lib/udev/rules.d/71-biosdevname.rules中的信息设定网卡名称

通过udev检测网络接口设备,根据/usr/lib/udev/rules.d/75-net-description中的变量信息设定网卡名称

回归传统名

[[email protected] ~]# mv /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-eth0
[[email protected] ~]# ls /etc/sysconfig/network-scripts/ |grep ifcfg-e
ifcfg-eth0
[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee
DEVICE=eth0                                                                         //修改
NAME=eth0                                                                           //修改
ONBOOT=yes


//编辑/etc/default/grub配置文件,在以GRUB_CMDLINE_Linux开头的行内rhgb的前面加上net.ifnames=0 biosdevname=0
[[email protected] ~]# vim /etc/default/grub
[[email protected] ~]# cat /etc/default/grub 
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_Linux="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet"
                                                                            |------------添加-----------|
GRUB_DISABLE_RECOVERY="true"

//为grub2生成其配置文件
[[email protected] ~]# grub2-mkconfig -o /etc/grub2.cfg 
Generating grub configuration file ...
Found Linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found Linux image: /boot/vmlinuz-0-rescue-56592b1fdc854164b8d6f8107bb3caa0
Found initrd image: /boot/initramfs-0-rescue-56592b1fdc854164b8d6f8107bb3caa0.img
done

//重启生效
[[email protected] ~]# reboot

[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1694sec preferred_lft 1694sec
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever

2. 网络管理常用命令

2.1 ifconfig

//查看当前处于活动状态的所有网络接口
[[email protected] ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.213.132  netmask 255.255.255.0  broadcast 192.168.213.255
        inet6 fe80::f6f:62de:73a6:fa93  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:84:06:e4  txqueuelen 1000  (Ethernet)
        RX packets 1582  bytes 141335 (138.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 960  bytes 111137 (108.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 68  bytes 5792 (5.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5792 (5.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
//仅查看eth0网卡状态      
[[email protected] ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.213.132  netmask 255.255.255.0  broadcast 192.168.213.255
        inet6 fe80::f6f:62de:73a6:fa93  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:84:06:e4  txqueuelen 1000  (Ethernet)
        RX packets 1612  bytes 143825 (140.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 978  bytes 113851 (111.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
//查看所有网卡状态信息, 包括禁用和启用
[[email protected] ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.213.132  netmask 255.255.255.0  broadcast 192.168.213.255
        inet6 fe80::f6f:62de:73a6:fa93  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:84:06:e4  txqueuelen 1000  (Ethernet)
        RX packets 1657  bytes 147697 (144.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1006  bytes 117125 (114.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 68  bytes 5792 (5.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 5792 (5.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
//关闭 (lo) 接口
[[email protected] ~]# ifconfig lo down
打开网卡(lo)接口
[[email protected] ~]# ifconfig lo up
//网卡配置信息含义如下:

UP: 网卡处于活动状态
BROADCAST: 支持广播
RUNNING: 网线已接入
MULTICAST: 支持组播
MTU: 最大传输单元(字节),即此接口一次所能传输的最大封包

inet: 显示IPv4地址行
inet6: 显示IPv6地址行
link/enther: 指设备硬件(MAC)地址
txqueuelen: 传输缓存区长度大小
RX packets: 接收的数据包
TX packets: 发送的数据包
errors: 总的收包的错误数量
dropped: 由于各种原因, 导致拷贝在内存过程中被丢弃
collisions: 网络信号冲突情况, 值不为0则可能存在网络故障

2.2 ip

//语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT:
    link:网络接口属性
    addr:协议地址
    route:路由
//查看IP信息
[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1242sec preferred_lft 1242sec
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever
//查看网络接口所有地址 
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:f
//显示报文统计信息
[[email protected] ~]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0       
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast   
    13396      127      0       0       0       0       
    TX: bytes  packets  errors  dropped carrier collsns 
    14967      129      0       0       0       0
//启用或禁用网络接口ip link set DEV {up|down}
[[email protected] ~]# ip link set lo down
[[email protected] ~]# ip link set lo up
//ip addr add ADDRESS dev DEV:添加IP地址
[[email protected] ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1429sec preferred_lft 1429sec
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever
[[email protected] ~]# ip addr add 192.168.213.130/24 dev eth0
[[email protected] ~]# ip addr show eth0
[[email protected] ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1287sec preferred_lft 1287sec
    inet 192.168.213.130/24 scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever

//ip addr del ADDRESS dev DEV:删除IP地址
[[email protected] ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1287sec preferred_lft 1287sec
    inet 192.168.213.130/24 scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever
[[email protected] ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1121sec preferred_lft 1121sec
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever
//ip addr show DEV:查看网络接口的地址
[[email protected] ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0
       valid_lft 1041sec preferred_lft 1041sec
    inet6 fe80::f6f:62de:73a6:fa93/64 scope link 
       valid_lft forever preferred_lft forever
//ip route:routing table management 路由管理                                                    //`在这里插入代码片`
//添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
    TARGET:
        主机路由:IP
        网络路由:NETWORK/MASK 
        
//删除路由:ip route del TARGET
    TARGET:
        主机路由:IP
        网络路由:NETWORK/MASK
                        
//查看路由:ip route show

//刷新路由表:ip route flush
    [dev IFACE]
    [via PREFIX]

2.3 route

Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关

//查看当前路由表
[[email protected] ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    100    0        0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
//以数字方式显示各主机或端口等相关信息
[[email protected] ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.213.2   0.0.0.0         UG    100    0        0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
//增加路由
//语法:route add [-net|-host] target [netmask Nm] [gw Gw]  [[dev] If]

//增加网段路由
[[email protected] ~]# route add -net 192.168.1.0/24 gw 192.168.1.254 dev eth0
[[email protected] ~]# route add -net 0.0.0.0/0 gw 192.168.1.254 dev eth0

//增加主机路由
[[email protected] ~]# route add -host 172.16.12.128 gw 172.16.12.2
//例:
[[email protected] ~]# route add -net 192.168.161.0/24 gw 192.168.213.2 dev eth0
[[email protected] ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.213.2   0.0.0.0         UG    100    0        0 eth0
192.168.161.0   192.168.213.2   255.255.255.0   UG    0      0        0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
[[email protected] ~]# route del -net 192.168.161.0/24
[[email protected] ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.213.2   0.0.0.0         UG    100    0        0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U     100    0        0 eth0
//删除路由
[[email protected] ~]# route del -net 192.168.1.0/24
[[email protected] ~]# route del -net 0.0.0.0 gw 192.168.1.254

2.4 hostname与hostnamectl

生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:

公有云: 地区-项目-业务-服务-节点-地址

wh-shop-register-nginx-node1-192.168.56.13

wh-med-pay-mysql-master01-192.168.56.11

wh-med-pay-mysql-slave01-192.168.56.12

//hostname查看主机名
[[email protected] ~]# hostname
localhost.localdomain
//hostname临时修改主机名
[[email protected] ~]# hostname tianxiadiyi
[[email protected] ~]# cat /etc/hostname
localhost.localdomain
//注意:修改主机名后需要重新登录用户才会显示效果
//rhel7系统建议使用hostnamectl修改和查看主机名
//设定永久名称
[[email protected] ~]# hostnamectl set-hostname guilai
[[email protected] ~]# cat /etc/hostname
guilai
//查看主机信息
[[email protected] ~]# hostnamectl
   Static hostname: guilai
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 56592b1fdc854164b8d6f8107bb3caa0
           Boot ID: 9d806f2ea7c54acbb7f100c0bcce2a18
    Virtualization: vmware
  Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_Linux:7.4:GA:server
            Kernel: Linux 3.10.0-693.el7.x86_64
      Architecture: x86-64

注意:

Linux中以命令方式修改网络配置只在当前状态有效,重启后将失效。故若想使修改的配置重启后依然有效,则必须编辑配置文件进行配置的修改。

3.网络相关配置文件

//网络配置文件:/etc/sysconfig/network
    NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。
    HOSTNAME:设置主机名

3.2 网络接口配置文件

网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet                                                                           //接口类型。常见的接口类型有:Ethernet,Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static                                                                        //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
DEFROUTE=yes                                                            //将接口设定为默认路由[yes|no]
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee                                               //设备的惟一标识
DEVICE=eth0                                                                             //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致
NAME=eth0                                                                               //连接名称  
ONBOOT=yes                                                                              //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }                                                            
IPADDR=192.168.213.132                                                                  //固定IP地址
NETMASK=255.255.255.0                                                                   //子网掩码//子网掩码                    PREFIX=24也是子网掩码
GATEWAY=192.168.213.2                                                                   //默认网关
DNS1=192.168.213.2                                                                      //第一个DNS服务器指向,          DNS2 //第二个DNS服务器指向



//网卡配置说明
//参数                    说明
BOOTPROTO=none          //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
NM_CONTROLLED           //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本
    //可选值有{ yes | no }
    //此项是设定此网卡是否接受NM控制。CentOS6建议设为“no”
TYPE                    //接口类型。常见的接口类型有:Ethernet,Bridge
UUID                    //设备的惟一标识
HWADDR                  //硬件地址,要与硬件中的地址保持一致,可省
IPADDR=172.16.12.130    //固定IP地址
PREFIX=24               //子网掩码
NETMASK=255.255.255.0   //子网掩码
GATEWAY=172.16.12.2     //默认网关
DNS1=172.16.12.2        //第一个DNS服务器指向
DNS2                    //第二个DNS服务器指向
DNS3                    //第三个DNS服务器指向
DEVICE=eth1             //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致  
NAME="eth1"             //连接名称
ONBOOT=yes              //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }
DEFROUTE=yes            //将接口设定为默认路由[yes|no]
USERCTL={yes|no}        //是否允许普通用户控制此接口的启用与禁用
PEERDNS={yes|no}        //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中

3.3路由配置文件

路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME

//添加格式一:DEST via NEXTHOP
[[email protected] ~]# vi /etc/sysconfig/network-scripts/route-ens33                       //用vi生成编辑
172.16.12.0/24 via 172.16.12.2
                
//添加格式二:
[[email protected] ~]# vi /etc/sysconfig/network-scripts/route-ens33
ADDRESS0=172.16.12.0
NETMASK0=255.255.255.0
GATEWAY0=172.16.12.2

3.4DNS配置文件

DNS配置文件的路径是/etc/resolv.conf

[[email protected] ~]# vi /etc/resolv.conf
nameserver DNS_IP_1
nameserver DNS_IP_2
nameserver DNS_IP_3

没必要配置这个,如果在vi /etc/sysconfig/network-scripts/ifcfg-eth0

4. NetworkManager管理网络

RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。

NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connect-editor

device物理设备, 例如 ens33,enp2s0,virbr0,team0

connection连接设置, 具体网络配置方案

1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接

2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了

使用nmcli命令查看设备以及连接情况

//查看设备状态
[[email protected] ~]# nmcli device
设备  类型      状态    连接 
eth0  ethernet  连接的  eth0 
lo    loopback  未托管  --   

//查看指定设备的详细状态
[[email protected] ~]# nmcli device show eth0
GENERAL.设备:                           eth0
GENERAL.类型:                           ethernet
GENERAL.硬盘:                           00:0C:29:84:06:E4
GENERAL.MTU:                            1500
GENERAL.状态:                           100 (连接的)
GENERAL.连接:                           eth0
GENERAL.连接路径:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.载波:                  开
IP4.地址[1]:                            192.168.213.132/24
IP4.网关:                               192.168.213.2
IP4.DNS[1]:                             192.168.213.2
IP6.地址[1]:                            fe80::f6f:62de:73a6:fa93/64
IP6.网关:                               --

//查看连接状态            //查看所有活动的连接
[[email protected] ~]# nmcli connection
名称  UUID                                  类型            设备 
eth0  52ed696c-ea51-4509-89b8-cfa4a7f22aee  802-3-ethernet  eth0 

//查看指定设备连接的详细情况
[[email protected] ~]# nmcli connection show eth0
connection.id:                          eth0
connection.uuid:                        52ed696c-ea51-4509-89b8-cfa4a7f22aee
connection.stable-id:                   --
connection.interface-name:              eth0
connection.type:                        802-3-ethernet
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (默认)
connection.timestamp:                   1570532473
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
.....................

5. 使用原生network管理网络

CentOS/RHEL的网络配置文件默认目录为/etc/sysconfig/network-scripts

默认第一块物理网卡配置文件为ifcfg-eth0, 如果有第二块物理网卡, 配置文件则为ifcfg-eth1以此类推。 注意: 如果新增物理网卡没有配置文件,可选择复制系统默认的进行修改。

//设置NetworkManger开机不启动, 同时停止NetworkManger服务
[[email protected] ~]# systemctl disable NetworkManager
[[email protected] ~]# systemctl stop NetworkManager

//添加一块物理网卡, 然后新增网络连接配置文件
//复制配置eth0配置文件为eth1
/添加一块物理网卡, 然后新增网络连接配置文件
//复制配置eth0配置文件为eth1
[[email protected] ~]# cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1}
//编辑网卡配置文件
[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
UUID=03be31f5-a3c1-4f8d-88b3-aea6e85c869f
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2

//重启network网络服务加载网络并设置开机启动
[[email protected] ~]# systemctl restart network
[[email protected] ~]# systemctl enable network

6.网络检测工具与故障排查

6.1 ping

ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况

//ping命令常用选项:
    -c 指定ping的次数
    -i 指定ping包的发送间隔
    -w 如果ping没有回应, 则在指定超时时间后退出
 
 // ping 5 次
[[email protected] ~]# ping -c 5 www.baidu.com
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=1 ttl=128 time=21.8 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=2 ttl=128 time=27.6 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=3 ttl=128 time=47.5 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=4 ttl=128 time=22.4 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=5 ttl=128 time=21.9 ms

--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4008ms
rtt min/avg/max/mdev = 21.837/28.289/47.585/9.893 ms

//每0.1秒ping一次
[[email protected] ~]# ping -i 0.1 www.baidu.com

6.2 host与nslookup

host/nslookup命令用于查询DNS记录

host/nslookup命令用于查询DNS记录
[[email protected] ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 182.61.200.7
www.a.shifen.com has address 182.61.200.6```



[[email protected] ~]# nslookup www.baidu.com
Server:     192.168.213.2
Address:    192.168.213.2#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 182.61.200.6
Name:   www.a.shifen.com
Address: 182.61.200.7

yum provides *bin/nslookup 来查看该命令需要安装什么包

6.3 traceroute

traceroute命令用于路由跟踪, 检测网络故障出现在ISP运营商或是对端服务无法响应

[[email protected] ~]# traceroute www.baidu.com
traceroute to www.baidu.com (182.61.200.7), 30 hops max, 60 byte packets
 1  gateway (192.168.213.2)  0.097 ms  0.066 ms  0.088 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *

6.4 netstat

netstat用于查看网络状态

//显示路由表
[[email protected] ~]# netstat -r
[[email protected] ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         gateway         0.0.0.0         UG        0 0          0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0


//以数字方式显示路由表
[[email protected] ~]# netstat -rn 
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.213.2   0.0.0.0         UG        0 0          0 eth0
192.168.213.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0

//显示建立的tcp连接
[[email protected] ~]# netstat -t
[[email protected] ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0     52 guilai:ssh              192.168.213.1:51255     ESTABLISHED

//显示udp连接
[[email protected] ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State 



//显示监听状态的连接
[[email protected] ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
udp        0      0 localhost:323           0.0.0.0:*                          
udp6       0      0 localhost:323           [::]:*                             
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7          
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     19870    private/trace
unix  2      [ ACC ]     STREAM     LISTENING     19873    private/verify
unix  2      [ ACC ]     STREAM     LISTENING     19879    private/proxymap
unix  2      [ ACC ]     SEQPACKET  LISTENING     14350    /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     19882    private/proxywrite
......

//显示监听指定的套接字的进程的进程号及进程名
[[email protected] ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0     52 guilai:ssh              192.168.213.1:51255     ESTABLISHED 1409/sshd: [email protected] 
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ]         DGRAM                    14373    1/systemd            /run/systemd/shutdownd
unix  2      [ ]         DGRAM                    15922    767/chronyd          /var/run/chrony/chronyd.sock
unix  2      [ ]         DGRAM                    9170     1/systemd            /run/systemd/notify
unix  2      [ ]         DGRAM                    9172     1/systemd            /run/systemd/cgroups-agent
unix  5      [ ]         DGRAM                    9183     1/systemd            /run/systemd/journal/socket
unix  16     [ ]         DGRAM                    9185     1/systemd            /dev/log
unix  3      [ ]         DGRAM                    14889    594/systemd-udevd    
unix  3      [ ]         STREAM     CONNECTED     16123    781/crond            
unix  3      [ ]         STREAM     CONNECTED     19848    1342/master          
.........

/显示所有状态的连接
[[email protected] ~]# netstat -a
[[email protected] ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN     
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN     
tcp        0     52 guilai:ssh              192.168.213.1:51255     ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN     
udp        0      0 guilai:48786            makaki.miuku.net:ntp    ESTABLISHED
udp        0      0 localhost:323           0.0.0.0:*                          
udp6       0      0 localhost:323           [::]:*                             
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     19870    private/trace
unix  2      [ ACC ]     STREAM     LISTENING     19873    private/verify
unix  2      [ ACC ]     STREAM     LISTENING     19879    private/proxymap
unix  2      [ ACC ]     SEQPACKET  LISTENING     14350    /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     19882    private/proxywrite
unix  2      [ ACC ]     STREAM     LISTENING     19885    private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     19888    private/relay
unix  2      [ ACC ]     STREAM     LISTENING     19894    private/error
unix  2      [ ]         DGRAM                    14373    /run/systemd/shutdownd
..................






//常用选项
    -antlp

[[email protected] ~]# netstat -antlp
[[email protected] ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1115/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1342/master         
tcp        0     52 192.168.213.132:22      192.168.213.1:51255     ESTABLISHED 1409/sshd: [email protected] 
tcp6       0      0 :::22                   :::*                    LISTEN      1115/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1342/master

6.5 ss

ss是一种网络状态查看工具,取代netstat

//语法:ss [options] [ FILTER ]
//常用的options:
    -t:tcp协议相关
    -u:udp协议相关
    -w:裸套接字相关
    -x:unix套接字相关
    -l:listen状态的连接
    -a:所有
    -n:数字格式
    -p:相关的程序及pid
    -e:扩展的信息
    -m:内存用量
    -o:显示计时器信息


//常见的FILTER:
    FILTER := [ state TCP-STATE ] [ EXPRESSION ]
    如:ss -tan state ESTABLISHED
                        
//常见的state:
    //tcp finite state machine:有限状态机
        LISTEN:监听
        ESTABLISHED:已建立的连接
        
    //EXPRESSION:
        dport =
        sport =
        示例:'( dport = :ssh or sport = :ssh)',此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格
        



//常用组合:
[[email protected] ~]# ss -tan
[[email protected] ~]# ss -tan
State      Recv-Q Send-Q              Local Address:Port                             Peer Address:Port              
LISTEN     0      128                             *:22                                          *:*                  
LISTEN     0      100                     127.0.0.1:25                                          *:*                  
ESTAB      0      0                 192.168.213.132:22                              192.168.213.1:51255              
LISTEN     0      128                            :::22                                         :::*                  
LISTEN     0      100                           ::1:25                                         :::*       

[[email protected] ~]# ss -tanl
State      Recv-Q Send-Q              Local Address:Port                             Peer Address:Port              
LISTEN     0      128                             *:22                                          *:*                  
LISTEN     0      100                     127.0.0.1:25                                          *:*                  
LISTEN     0      128                            :::22                                         :::*                  
LISTEN     0      100                           ::1:25                                         :::*          


[[email protected] ~]# ss -antlp
State      Recv-Q Send-Q              Local Address:Port                             Peer Address:Port              
LISTEN     0      128                             *:22                                          *:*                   users:(("sshd",pid=1115,fd=3))
LISTEN     0      100                     127.0.0.1:25                                          *:*                   users:(("master",pid=1342,fd=13))
LISTEN     0      128                            :::22                                         :::*                   users:(("sshd",pid=1115,fd=4))
LISTEN     0      100                           ::1:25                                         :::*                   users:(("master",pid=1342,fd=14))



[[email protected] ~]# ss -anu

State      Recv-Q Send-Q              Local Address:Port                             Peer Address:Port              
UNCONN     0      0                       127.0.0.1:323                                         *:*                  
UNCONN     0      0                             ::1:323                                        :::*

常见端口

服务 端口号
http 80/tcp
https 443/tcp
ssh 22/tcp
ftp 20,21/tcp
mysql 3306/tcp
rsync 873/rsync
redis 6379/tcp
Telnet 23/tcp
TFTP 69/udp

6.6 网络故障排查

网络故障分为硬件/软件故障

网卡损坏

链路故障

网卡驱动不兼容

网络排查思路

ping本地回环口, 确定本机TCP/IP协议栈是否正常

ping本机IP地址, 确定本地设备以及驱动是否正常

ping同网段主机, 确定二层网络是否正常工作

ping网关地址, 确定本地与网络是否正常

ping公网地址, 确定本地路由是否正常

ping公网域名, 确定DNS客户端是否正常

服务故障排查思路

使用telnet检测端口是否开放

检查服务端防火墙以及SELinux

检查相应的权限是否配置正常

检查日志是否有异常

检查完毕后持续测试

建议:

所有的排查思路都从OSI七层模型由下往上逐一进行排查(学会看日志)

作业

1.如何查看系统中每个ip的连接数

[[email protected] ~]# netstat -na |awk '{print $5}'|awk -F: '{print $1}'|grep [[:digit:]]
0.0.0.0
0.0.0.0
192.168.213.1
0.0.0.0

2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns

服务 端口号
http 80/tcp
ssh 22/tcp
ftp 20,21/tcp
telent 23/tcp
mysql 3306/tcp
dns 53udp

3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1

[[email protected] ~]# cd /etc/sysconfig/network-scripts/

[[email protected] network-scripts]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
[[email protected] network-scripts]# systemctl stop NetworkManager

[[email protected] network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[[email protected] network-scripts]# vim ifcfg-eth1
[[email protected] network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee
DEVICE=eth1
NAME=eth1
ONBOOT=yes
IPADDR=172.16.0.10
NETMASK=255.255.255.0
GATEWAY=172.16.0.1
DNS1=192.168.213.2

[[email protected]uilai network-scripts]# systemctl enable NetworkManager
[[email protected] network-scripts]# systemctl start NetworkManager
[[email protected] network-scripts]# systemctl restart network

[[email protected] network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.0.10  netmask 255.255.255.0  broadcast 172.16.0.255
        inet6 fe80::f35b:4df0:b42a:4fe9  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:84:06:ee  txqueuelen 1000  (Ethernet)
        RX packets 47  bytes 4035 (3.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 18  bytes 1284 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4.详细描述dns解析过程,以访问www.baidu.com为例

访问www.baidu.com 经过dns域名解析返回www.baidu.com的ip地址

5.如何查看系统中运行了多少个进程

[[email protected] ~]# ps -ef >a  
[[email protected] ~]# cat -n a
用最大行数减一

6.如何查看系统中启动了哪些端口

[[email protected] ~]# netstat -an

7.如何查看是否开启80端口,及查看sshd进程是否存在

[[email protected] ~]# netstat -anp |grep ssh


安装lsof
[[email protected] ~]# lsof -i :80

[[email protected] ~]# lsof -i :ssh

8.列出所有处于监听状态的tcp端口

[[email protected] ~]# netstat -ltpnu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1238/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1472/master         
tcp6       0      0 :::22                   :::*                    LISTEN      1238/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1472/master         
udp        0      0 127.0.0.1:323           0.0.0.0:*                           765/chronyd         
udp6       0      0 ::1:323                 :::*                                765/chronyd

9.查看所有的端口信息, 包括 PID 和进程名称

[[email protected] ~]# netstat -ap

扫码领视频副本.gif

0

上一篇:

:下一篇

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号