目录
- Linux网络基础管理
- 1. 网卡命名
- 1.1 传统网卡命名机制
- 1.2 redhat7网卡命名机制
- 1.3 网络接口名称组成格式
- 回归传统名
- 2. 网络管理常用命令
- 2.1 ifconfig
- 2.2 ip
- 2.3 route
- 2.4 hostname与hostnamectl
- 3.网络相关配置文件
- 3.2 网络接口配置文件
- 3.3路由配置文件
- 3.4DNS配置文件
- 4. NetworkManager管理网络
- 5. 使用原生network管理网络
- 6.网络检测工具与故障排查
- 6.1 ping
- 6.2 host与nslookup
- 6.3 traceroute
- 6.4 netstat
- 6.5 ss
- 常见端口
- 6.6 网络故障排查
- 作业
- 1. 网卡命名
Linux网络基础管理
@
1. 网卡命名
1.1 传统网卡命名机制
传统命名:
以太网eth[0,1,2,...] wlan[0,1,2,...]1.2 redhat7网卡命名机制
systemd对网络设备的命名方式:
如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测,则根据此索引进行命名,例如eno1
如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,例如ens1 如果硬件接口的物理位置信息可用,则根据此信息进行命名,例如enp2s0 如果用户显式启动,也可根据MAC地址进行命名,例如enx2387a1dc56 上述均不可用时,则使用传统命名机制 上述命名机制中,有的需要biosdevname程序的参与。所以必须安装biosdevname程序且启用它。1.3 网络接口名称组成格式
基于固件、设备结构、设备类型
由两个字母开头标示固件
以太网网卡以 en 开头 无线网卡以 wl 开头 设备结构 o:主板上集成的设备的设备索引号 s:扩展槽的索引号 x:基于MAC地址的命名 p回归传统名
[[email protected] ~]# mv /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-eth0 [[email protected] ~]# ls /etc/sysconfig/network-scripts/ |grep ifcfg-e ifcfg-eth0 [[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 [[email protected] ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee DEVICE=eth0 //修改 NAME=eth0 //修改 ONBOOT=yes //编辑/etc/default/grub配置文件,在以GRUB_CMDLINE_Linux开头的行内rhgb的前面加上net.ifnames=0 biosdevname=0 [[email protected] ~]# vim /etc/default/grub [[email protected] ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_Linux="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet" |------------添加-----------| GRUB_DISABLE_RECOVERY="true" //为grub2生成其配置文件 [[email protected] ~]# grub2-mkconfig -o /etc/grub2.cfg Generating grub configuration file ... Found Linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img Found Linux image: /boot/vmlinuz-0-rescue-56592b1fdc854164b8d6f8107bb3caa0 Found initrd image: /boot/initramfs-0-rescue-56592b1fdc854164b8d6f8107bb3caa0.img done //重启生效 [[email protected] ~]# reboot [[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1694sec preferred_lft 1694sec inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever
2. 网络管理常用命令
2.1 ifconfig
//查看当前处于活动状态的所有网络接口 [[email protected] ~]# ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255 inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet) RX packets 1582 bytes 141335 (138.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 960 bytes 111137 (108.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 68 bytes 5792 (5.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 68 bytes 5792 (5.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//仅查看eth0网卡状态 [[email protected] ~]# ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255 inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet) RX packets 1612 bytes 143825 (140.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 978 bytes 113851 (111.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//查看所有网卡状态信息, 包括禁用和启用 [[email protected] ~]# ifconfig -a eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.213.132 netmask 255.255.255.0 broadcast 192.168.213.255 inet6 fe80::f6f:62de:73a6:fa93 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:84:06:e4 txqueuelen 1000 (Ethernet) RX packets 1657 bytes 147697 (144.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1006 bytes 117125 (114.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 68 bytes 5792 (5.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 68 bytes 5792 (5.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//关闭 (lo) 接口 [[email protected] ~]# ifconfig lo down 打开网卡(lo)接口 [[email protected] ~]# ifconfig lo up
//网卡配置信息含义如下: UP: 网卡处于活动状态 BROADCAST: 支持广播 RUNNING: 网线已接入 MULTICAST: 支持组播 MTU: 最大传输单元(字节),即此接口一次所能传输的最大封包 inet: 显示IPv4地址行 inet6: 显示IPv6地址行 link/enther: 指设备硬件(MAC)地址 txqueuelen: 传输缓存区长度大小 RX packets: 接收的数据包 TX packets: 发送的数据包 errors: 总的收包的错误数量 dropped: 由于各种原因, 导致拷贝在内存过程中被丢弃 collisions: 网络信号冲突情况, 值不为0则可能存在网络故障
2.2 ip
//语法:ip [ OPTIONS ] OBJECT { COMMAND | help } OBJECT: link:网络接口属性 addr:协议地址 route:路由
//查看IP信息 [[email protected] ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1242sec preferred_lft 1242sec inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever
//查看网络接口所有地址 [[email protected] ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:f
//显示报文统计信息 [[email protected] ~]# ip -s link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 13396 127 0 0 0 0 TX: bytes packets errors dropped carrier collsns 14967 129 0 0 0 0
//启用或禁用网络接口ip link set DEV {up|down} [[email protected] ~]# ip link set lo down [[email protected] ~]# ip link set lo up
//ip addr add ADDRESS dev DEV:添加IP地址 [[email protected] ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1429sec preferred_lft 1429sec inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever [[email protected] ~]# ip addr add 192.168.213.130/24 dev eth0 [[email protected] ~]# ip addr show eth0 [[email protected] ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1287sec preferred_lft 1287sec inet 192.168.213.130/24 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever //ip addr del ADDRESS dev DEV:删除IP地址 [[email protected] ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1287sec preferred_lft 1287sec inet 192.168.213.130/24 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever [[email protected] ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1121sec preferred_lft 1121sec inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever
//ip addr show DEV:查看网络接口的地址 [[email protected] ~]# ip addr show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:84:06:e4 brd ff:ff:ff:ff:ff:ff inet 192.168.213.132/24 brd 192.168.213.255 scope global dynamic eth0 valid_lft 1041sec preferred_lft 1041sec inet6 fe80::f6f:62de:73a6:fa93/64 scope link valid_lft forever preferred_lft forever
//ip route:routing table management 路由管理 //`在这里插入代码片` //添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP TARGET: 主机路由:IP 网络路由:NETWORK/MASK //删除路由:ip route del TARGET TARGET: 主机路由:IP 网络路由:NETWORK/MASK //查看路由:ip route show //刷新路由表:ip route flush [dev IFACE] [via PREFIX]
2.3 route
Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
//查看当前路由表 [[email protected] ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//以数字方式显示各主机或端口等相关信息 [[email protected] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增加路由 //语法:route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If] //增加网段路由 [[email protected] ~]# route add -net 192.168.1.0/24 gw 192.168.1.254 dev eth0 [[email protected] ~]# route add -net 0.0.0.0/0 gw 192.168.1.254 dev eth0 //增加主机路由 [[email protected] ~]# route add -host 172.16.12.128 gw 172.16.12.2
//例: [[email protected] ~]# route add -net 192.168.161.0/24 gw 192.168.213.2 dev eth0 [[email protected] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.161.0 192.168.213.2 255.255.255.0 UG 0 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 [[email protected] ~]# route del -net 192.168.161.0/24 [[email protected] ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 100 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//删除路由 [[email protected] ~]# route del -net 192.168.1.0/24 [[email protected] ~]# route del -net 0.0.0.0 gw 192.168.1.254
2.4 hostname与hostnamectl
生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
公有云: 地区-项目-业务-服务-节点-地址 wh-shop-register-nginx-node1-192.168.56.13 wh-med-pay-mysql-master01-192.168.56.11 wh-med-pay-mysql-slave01-192.168.56.12//hostname查看主机名 [[email protected] ~]# hostname localhost.localdomain
//hostname临时修改主机名 [[email protected] ~]# hostname tianxiadiyi [[email protected] ~]# cat /etc/hostname localhost.localdomain //注意:修改主机名后需要重新登录用户才会显示效果
//rhel7系统建议使用hostnamectl修改和查看主机名 //设定永久名称 [[email protected] ~]# hostnamectl set-hostname guilai [[email protected] ~]# cat /etc/hostname guilai
//查看主机信息 [[email protected] ~]# hostnamectl Static hostname: guilai Icon name: computer-vm Chassis: vm Machine ID: 56592b1fdc854164b8d6f8107bb3caa0 Boot ID: 9d806f2ea7c54acbb7f100c0bcce2a18 Virtualization: vmware Operating System: Red Hat Enterprise Linux Server 7.4 (Maipo) CPE OS Name: cpe:/o:redhat:enterprise_Linux:7.4:GA:server Kernel: Linux 3.10.0-693.el7.x86_64 Architecture: x86-64
注意:
在Linux中以命令方式修改网络配置只在当前状态有效,重启后将失效。故若想使修改的配置重启后依然有效,则必须编辑配置文件进行配置的修改。
3.网络相关配置文件
//网络配置文件:/etc/sysconfig/network NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。 HOSTNAME:设置主机名
3.2 网络接口配置文件
网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet //接口类型。常见的接口类型有:Ethernet,Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以 DEFROUTE=yes //将接口设定为默认路由[yes|no] IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee //设备的惟一标识 DEVICE=eth0 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致 NAME=eth0 //连接名称 ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no } IPADDR=192.168.213.132 //固定IP地址 NETMASK=255.255.255.0 //子网掩码//子网掩码 PREFIX=24也是子网掩码 GATEWAY=192.168.213.2 //默认网关 DNS1=192.168.213.2 //第一个DNS服务器指向, DNS2 //第二个DNS服务器指向 //网卡配置说明 //参数 说明 BOOTPROTO=none //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以 NM_CONTROLLED //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本 //可选值有{ yes | no } //此项是设定此网卡是否接受NM控制。CentOS6建议设为“no” TYPE //接口类型。常见的接口类型有:Ethernet,Bridge UUID //设备的惟一标识 HWADDR //硬件地址,要与硬件中的地址保持一致,可省 IPADDR=172.16.12.130 //固定IP地址 PREFIX=24 //子网掩码 NETMASK=255.255.255.0 //子网掩码 GATEWAY=172.16.12.2 //默认网关 DNS1=172.16.12.2 //第一个DNS服务器指向 DNS2 //第二个DNS服务器指向 DNS3 //第三个DNS服务器指向 DEVICE=eth1 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致 NAME="eth1" //连接名称 ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no } DEFROUTE=yes //将接口设定为默认路由[yes|no] USERCTL={yes|no} //是否允许普通用户控制此接口的启用与禁用 PEERDNS={yes|no} //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中
3.3路由配置文件
路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
//添加格式一:DEST via NEXTHOP [[email protected] ~]# vi /etc/sysconfig/network-scripts/route-ens33 //用vi生成编辑 172.16.12.0/24 via 172.16.12.2 //添加格式二: [[email protected] ~]# vi /etc/sysconfig/network-scripts/route-ens33 ADDRESS0=172.16.12.0 NETMASK0=255.255.255.0 GATEWAY0=172.16.12.2
3.4DNS配置文件
DNS配置文件的路径是/etc/resolv.conf
[[email protected] ~]# vi /etc/resolv.conf nameserver DNS_IP_1 nameserver DNS_IP_2 nameserver DNS_IP_3
没必要配置这个,如果在vi /etc/sysconfig/network-scripts/ifcfg-eth0
4. NetworkManager管理网络
RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。
NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connect-editordevice物理设备, 例如 ens33,enp2s0,virbr0,team0
connection连接设置, 具体网络配置方案1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接
2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了
使用nmcli命令查看设备以及连接情况
//查看设备状态 [[email protected] ~]# nmcli device 设备 类型 状态 连接 eth0 ethernet 连接的 eth0 lo loopback 未托管 -- //查看指定设备的详细状态 [[email protected] ~]# nmcli device show eth0 GENERAL.设备: eth0 GENERAL.类型: ethernet GENERAL.硬盘: 00:0C:29:84:06:E4 GENERAL.MTU: 1500 GENERAL.状态: 100 (连接的) GENERAL.连接: eth0 GENERAL.连接路径: /org/freedesktop/NetworkManager/ActiveConnection/2 WIRED-PROPERTIES.载波: 开 IP4.地址[1]: 192.168.213.132/24 IP4.网关: 192.168.213.2 IP4.DNS[1]: 192.168.213.2 IP6.地址[1]: fe80::f6f:62de:73a6:fa93/64 IP6.网关: -- //查看连接状态 //查看所有活动的连接 [[email protected] ~]# nmcli connection 名称 UUID 类型 设备 eth0 52ed696c-ea51-4509-89b8-cfa4a7f22aee 802-3-ethernet eth0 //查看指定设备连接的详细情况 [[email protected] ~]# nmcli connection show eth0 connection.id: eth0 connection.uuid: 52ed696c-ea51-4509-89b8-cfa4a7f22aee connection.stable-id: -- connection.interface-name: eth0 connection.type: 802-3-ethernet connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (默认) connection.timestamp: 1570532473 connection.read-only: no connection.permissions: -- connection.zone: -- .....................
5. 使用原生network管理网络
CentOS/RHEL的网络配置文件默认目录为/etc/sysconfig/network-scripts
默认第一块物理网卡配置文件为ifcfg-eth0, 如果有第二块物理网卡, 配置文件则为ifcfg-eth1以此类推。 注意: 如果新增物理网卡没有配置文件,可选择复制系统默认的进行修改。//设置NetworkManger开机不启动, 同时停止NetworkManger服务 [[email protected] ~]# systemctl disable NetworkManager [[email protected] ~]# systemctl stop NetworkManager //添加一块物理网卡, 然后新增网络连接配置文件 //复制配置eth0配置文件为eth1 /添加一块物理网卡, 然后新增网络连接配置文件 //复制配置eth0配置文件为eth1 [[email protected] ~]# cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1} //编辑网卡配置文件 [[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1 TYPE=Ethernet BOOTPROTO=static NAME=eth1 UUID=03be31f5-a3c1-4f8d-88b3-aea6e85c869f DEVICE=eth1 NM_CONTROLLED=no ONBOOT=yes IPADDR=172.16.12.130 NETMASK=255.255.255.0 GATEWAY=172.16.12.2 DNS1=172.16.12.2 //重启network网络服务加载网络并设置开机启动 [[email protected] ~]# systemctl restart network [[email protected] ~]# systemctl enable network
6.网络检测工具与故障排查
6.1 ping
ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况
//ping命令常用选项: -c 指定ping的次数 -i 指定ping包的发送间隔 -w 如果ping没有回应, 则在指定超时时间后退出 // ping 5 次 [[email protected] ~]# ping -c 5 www.baidu.com PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data. 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=1 ttl=128 time=21.8 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=2 ttl=128 time=27.6 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=3 ttl=128 time=47.5 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=4 ttl=128 time=22.4 ms 64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=5 ttl=128 time=21.9 ms --- www.a.shifen.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4008ms rtt min/avg/max/mdev = 21.837/28.289/47.585/9.893 ms //每0.1秒ping一次 [[email protected] ~]# ping -i 0.1 www.baidu.com
6.2 host与nslookup
host/nslookup命令用于查询DNS记录
host/nslookup命令用于查询DNS记录 [[email protected] ~]# host www.baidu.com www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com has address 182.61.200.7 www.a.shifen.com has address 182.61.200.6``` [[email protected] ~]# nslookup www.baidu.com Server: 192.168.213.2 Address: 192.168.213.2#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. Name: www.a.shifen.com Address: 182.61.200.6 Name: www.a.shifen.com Address: 182.61.200.7
yum provides *bin/nslookup 来查看该命令需要安装什么包
6.3 traceroute
traceroute命令用于路由跟踪, 检测网络故障出现在ISP运营商或是对端服务无法响应
[[email protected] ~]# traceroute www.baidu.com traceroute to www.baidu.com (182.61.200.7), 30 hops max, 60 byte packets 1 gateway (192.168.213.2) 0.097 ms 0.066 ms 0.088 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * *
6.4 netstat
netstat用于查看网络状态
//显示路由表 [[email protected] ~]# netstat -r [[email protected] ~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 //以数字方式显示路由表 [[email protected] ~]# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.213.2 0.0.0.0 UG 0 0 0 eth0 192.168.213.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 //显示建立的tcp连接 [[email protected] ~]# netstat -t [[email protected] ~]# netstat -t Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED //显示udp连接 [[email protected] ~]# netstat -u Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State //显示监听状态的连接 [[email protected] ~]# netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 localhost:323 0.0.0.0:* udp6 0 0 localhost:323 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 19870 private/trace unix 2 [ ACC ] STREAM LISTENING 19873 private/verify unix 2 [ ACC ] STREAM LISTENING 19879 private/proxymap unix 2 [ ACC ] SEQPACKET LISTENING 14350 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 19882 private/proxywrite ...... //显示监听指定的套接字的进程的进程号及进程名 [[email protected] ~]# netstat -p Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED 1409/sshd: [email protected] Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ] DGRAM 14373 1/systemd /run/systemd/shutdownd unix 2 [ ] DGRAM 15922 767/chronyd /var/run/chrony/chronyd.sock unix 2 [ ] DGRAM 9170 1/systemd /run/systemd/notify unix 2 [ ] DGRAM 9172 1/systemd /run/systemd/cgroups-agent unix 5 [ ] DGRAM 9183 1/systemd /run/systemd/journal/socket unix 16 [ ] DGRAM 9185 1/systemd /dev/log unix 3 [ ] DGRAM 14889 594/systemd-udevd unix 3 [ ] STREAM CONNECTED 16123 781/crond unix 3 [ ] STREAM CONNECTED 19848 1342/master ......... /显示所有状态的连接 [[email protected] ~]# netstat -a [[email protected] ~]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN tcp 0 52 guilai:ssh 192.168.213.1:51255 ESTABLISHED tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN udp 0 0 guilai:48786 makaki.miuku.net:ntp ESTABLISHED udp 0 0 localhost:323 0.0.0.0:* udp6 0 0 localhost:323 [::]:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 19870 private/trace unix 2 [ ACC ] STREAM LISTENING 19873 private/verify unix 2 [ ACC ] STREAM LISTENING 19879 private/proxymap unix 2 [ ACC ] SEQPACKET LISTENING 14350 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 19882 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 19885 private/smtp unix 2 [ ACC ] STREAM LISTENING 19888 private/relay unix 2 [ ACC ] STREAM LISTENING 19894 private/error unix 2 [ ] DGRAM 14373 /run/systemd/shutdownd .................. //常用选项 -antlp [[email protected] ~]# netstat -antlp [[email protected] ~]# netstat -antlp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1115/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1342/master tcp 0 52 192.168.213.132:22 192.168.213.1:51255 ESTABLISHED 1409/sshd: [email protected] tcp6 0 0 :::22 :::* LISTEN 1115/sshd tcp6 0 0 ::1:25 :::* LISTEN 1342/master
6.5 ss
ss是一种网络状态查看工具,取代netstat
//语法:ss [options] [ FILTER ] //常用的options: -t:tcp协议相关 -u:udp协议相关 -w:裸套接字相关 -x:unix套接字相关 -l:listen状态的连接 -a:所有 -n:数字格式 -p:相关的程序及pid -e:扩展的信息 -m:内存用量 -o:显示计时器信息 //常见的FILTER: FILTER := [ state TCP-STATE ] [ EXPRESSION ] 如:ss -tan state ESTABLISHED //常见的state: //tcp finite state machine:有限状态机 LISTEN:监听 ESTABLISHED:已建立的连接 //EXPRESSION: dport = sport = 示例:'( dport = :ssh or sport = :ssh)',此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格 //常用组合: [[email protected] ~]# ss -tan [[email protected] ~]# ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 0 192.168.213.132:22 192.168.213.1:51255 LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [[email protected] ~]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [[email protected] ~]# ss -antlp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* users:(("sshd",pid=1115,fd=3)) LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1342,fd=13)) LISTEN 0 128 :::22 :::* users:(("sshd",pid=1115,fd=4)) LISTEN 0 100 ::1:25 :::* users:(("master",pid=1342,fd=14)) [[email protected] ~]# ss -anu State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 ::1:323 :::*
常见端口
服务 | 端口号 |
---|---|
http | 80/tcp |
https | 443/tcp |
ssh | 22/tcp |
ftp | 20,21/tcp |
mysql | 3306/tcp |
rsync | 873/rsync |
redis | 6379/tcp |
Telnet | 23/tcp |
TFTP | 69/udp |
6.6 网络故障排查
网络故障分为硬件/软件故障
网卡损坏 链路故障 网卡驱动不兼容 网络排查思路 ping本地回环口, 确定本机TCP/IP协议栈是否正常 ping本机IP地址, 确定本地设备以及驱动是否正常 ping同网段主机, 确定二层网络是否正常工作 ping网关地址, 确定本地与网络是否正常 ping公网地址, 确定本地路由是否正常 ping公网域名, 确定DNS客户端是否正常 服务故障排查思路 使用telnet检测端口是否开放 检查服务端防火墙以及SELinux 检查相应的权限是否配置正常 检查日志是否有异常 检查完毕后持续测试建议:
所有的排查思路都从OSI七层模型由下往上逐一进行排查(学会看日志)
作业
1.如何查看系统中每个ip的连接数
[[email protected] ~]# netstat -na |awk '{print $5}'|awk -F: '{print $1}'|grep [[:digit:]] 0.0.0.0 0.0.0.0 192.168.213.1 0.0.0.0
2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
服务 | 端口号 |
---|---|
http | 80/tcp |
ssh | 22/tcp |
ftp | 20,21/tcp |
telent | 23/tcp |
mysql | 3306/tcp |
dns | 53udp |
3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
[[email protected] ~]# cd /etc/sysconfig/network-scripts/ [[email protected] network-scripts]# systemctl disable NetworkManager Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service. Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service. [[email protected] network-scripts]# systemctl stop NetworkManager [[email protected] network-scripts]# cp ifcfg-eth0 ifcfg-eth1 [[email protected] network-scripts]# vim ifcfg-eth1 [[email protected] network-scripts]# cat ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy UUID=52ed696c-ea51-4509-89b8-cfa4a7f22aee DEVICE=eth1 NAME=eth1 ONBOOT=yes IPADDR=172.16.0.10 NETMASK=255.255.255.0 GATEWAY=172.16.0.1 DNS1=192.168.213.2 [[email protected]uilai network-scripts]# systemctl enable NetworkManager [[email protected] network-scripts]# systemctl start NetworkManager [[email protected] network-scripts]# systemctl restart network [[email protected] network-scripts]# ifconfig eth1 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.0.10 netmask 255.255.255.0 broadcast 172.16.0.255 inet6 fe80::f35b:4df0:b42a:4fe9 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:84:06:ee txqueuelen 1000 (Ethernet) RX packets 47 bytes 4035 (3.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18 bytes 1284 (1.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4.详细描述dns解析过程,以访问www.baidu.com为例
访问www.baidu.com 经过dns域名解析返回www.baidu.com的ip地址
5.如何查看系统中运行了多少个进程
[[email protected] ~]# ps -ef >a [[email protected] ~]# cat -n a 用最大行数减一
6.如何查看系统中启动了哪些端口
[[email protected] ~]# netstat -an
7.如何查看是否开启80端口,及查看sshd进程是否存在
[[email protected] ~]# netstat -anp |grep ssh 安装lsof [[email protected] ~]# lsof -i :80 [[email protected] ~]# lsof -i :ssh
8.列出所有处于监听状态的tcp端口
[[email protected] ~]# netstat -ltpnu Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1238/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1472/master tcp6 0 0 :::22 :::* LISTEN 1238/sshd tcp6 0 0 ::1:25 :::* LISTEN 1472/master udp 0 0 127.0.0.1:323 0.0.0.0:* 765/chronyd udp6 0 0 ::1:323 :::* 765/chronyd
9.查看所有的端口信息, 包括 PID 和进程名称
[[email protected] ~]# netstat -ap
精彩评论