CentOS7系统网络配置基础
来源:互联网 发布:手机淘宝在哪装修 编辑:程序博客网 时间:2024/06/02 03:54
!基于Linux
网络管理命令
检查网络是否畅通及连接速速 ping
-c 指定发送包数
-i 指定ping包间隔时间(默认1s)
-s 指定包长度单位为 byte
显示接口状态 ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.23.130 netmask 255.255.255.0 broadcast 192.168.23.255 inet6 fe80::20c:29ff:fed7:9f88 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d7:9f:88 txqueuelen 1000 (Ethernet) RX packets 38398 bytes 3959286 (3.7 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 42008 bytes 4427890 (4.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 1348 bytes 111404 (108.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1348 bytes 111404 (108.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
设置/启用网卡IP地址
ifconfig eno16777736:0 192.168.100.100 netmask 255.255.255.0 up
ifconfig eno16777736:0 192.168.100.100/24 up
禁用某网络接口ifconfig eno16777736:0 down
更改网卡MAC地址ifconfig eno16777736:0 hw ether 00:0c:29:d7:90:88
注:上面的设置会在设备重启后失效
显示添加或修改路由表 route
Kernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.23.1 0.0.0.0 UG 100 0 0 eno16777736192.168.23.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
添加一条路由:发往192.168.60.0网段的全部要经过网关192.168.19.1
route add -net 192.168.60.0 netmask 255.255.255.0 gw 192.168.19.1
删除一条路由
route del -net 192.168.60.0 netmask 255.255.255.0
复制文件到其他系统 scp
-P 指定远程连接端口
-r 递归地复制整个文件夹
- 将本地文件传送至远程主机192.168.3.100的/usr路径下
scp -P 12345 test.txt root@192.168.3.100:/usr
- 拉取远程主机文件到本地当前路径下
scp -P 12345 root@192.168.3.100:/etc/hosts ./
- 传送目录可以使用参数 -r
scp -r -P 12345 root@192.168.3.100:/usr/local ./
显示网络连接、路由表或接口状态 netstat
-a 显示所有连接中的Socket
-t 显示TCP端口情况
-u 显示UDP端口情况
//显示所有TCP端口情况 netstat -at //显示所有UDP端口情况 netstat -au //以数字形式n持续c显示所有a TCP和UDP tu的Socket情况 netstat -autnc //持续显示路由表 netstat -rc
探测至目的地址的路由信息 traceroute
traceroute -n www.baidu.com
测试登录或控制远程主机
telnet IPaddress
下载网络文件 wget
普通下载
wget http://www.xxx.com/download/test.txt
-c 断点续传wget -c http://www.xxx.com/download/test.txt
-i 批量下载wget -i download.txt
(download.txt文件中是一系列网址)
网络配置
配置linux的ip地址
/etc/sysconfig/network-scripts/ifcfg-eth0
设置主机名
/etc/hostname
设置默认网关
使用route
route add default gw 192.168.23.1
修改接口文件
/etc/sysconfig/network-scripts/ifcfg-eth0
添加:GATEWAY=192.168.23.1
注:修改了脚本文件需执行service network restart
使其生效。
设置DNS服务器
/etc/resolv.conf
注:修改了脚本文件需执行service network restart
使其生效。
Linux 高级网络配置工具
高级网络管理工具 iproute2
//命令语法如下[root@local ~]# ip -helpUsage: ip [ OPTIONS ] OBJECT { COMMAND | help } ip [ -force ] -batch filenamewhere OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm | netns | l2tp | tcp_metrics | token } OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | -h[uman-readable] | -iec | -f[amily] { inet | inet6 | ipx | dnet | bridge | link } | -4 | -6 | -I | -D | -B | -0 | -l[oops] { maximum-addr-flush-attempts } | -o[neline] | -t[imestamp] | -b[atch] [filename] | -rc[vbuf] [size] | -n[etns] name | -a[ll] }
使用ip命令来查看网络配置
ip addr list
[root@local ~]# ip -s addr list //-s 显示详细信息1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 386202 4760 0 0 0 0 TX: bytes packets errors dropped carrier collsns 386202 4760 0 0 0 0 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d7:9f:88 brd ff:ff:ff:ff:ff:ff inet 192.168.23.130/24 brd 192.168.23.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fed7:9f88/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 15477091 59902 0 0 0 0 TX: bytes packets errors dropped carrier collsns 2019368 17809 0 0 0 0
添加新的网络地址:
ip addr add 192.168.1.12/24 dev eth1
删除网络地址:ip addr del 192.168.1.12/24 dev eth1
显示路由信息:ip route list
网络数据采集与分析工具 tcpdump
-a:尝试将网络和广播地址转换成名称;
-c<数据包数目>:收到指定的数据包数目后,就停止进行倾倒操作;
-d:把编译过的数据包编码转换成可阅读的格式,并倾倒到标准输出;
-dd:把编译过的数据包编码转换成C语言的格式,并倾倒到标准输出; -ddd:把编译过的数据包编码转换成十进制数字的格式,并倾倒到标准输出;
-e:在每列倾倒资料上显示连接层级的文件头;
-f:用数字显示网际网络地址;
-F<表达文件>:指定内含表达方式的文件;
-i<网络界面>:使用指定的网络截面送出数据包;
-l:使用标准输出列的缓冲区;
-n:不把主机的网络地址转换成名字;
-N:不列出域名;
-O:不将数据包编码最佳化;
-p:不让网络界面进入混杂模式;
-q :快速输出,仅列出少数的传输协议信息;
-r<数据包文件>:从指定的文件读取数据包数据;
-s<数据包大小>:设置每个数据包的大小;
-S:用绝对而非相对数值列出TCP关联数;
-t:在每列倾倒资料上不显示时间戳记;
-tt: 在每列倾倒资料上显示未经格式化的时间戳记;
-T<数据包类型>:强制将表达方式所指定的数据包转译成设置的数据包类型;
-v:详细显示指令执行过程;
-vv:更详细显示指令执行过程;
-x:用十六进制字码列出数据包资料;
-w<数据包文件>:把数据包数据写入指定的文件。
//dst 目的地址//src 源地址//host 主机//net 网络地址//-s100 抓包长度为100个字节,默认68//-n 不对IP地址或端口号进行到名字的转换//-XX 以十六进制和ASCII码打印每个包的数据[root@local ~]# tcpdump -i any tcp and dst host 192.168.23.130 and dst port 22 -XX -n -s100tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on any, link-type LINUX_SLL (Linux cooked), capture size 100 bytes17:13:54.266279 IP 192.168.23.1.54679 > 192.168.23.130.ssh: Flags [.], ack 4146320238, win 16284, length 0 0x0000: 0000 0001 0006 0050 56c0 0008 0000 0800 .......PV....... 0x0010: 4500 0028 5799 4000 4006 3363 c0a8 1701 E..(W.@.@.3c.... 0x0020: c0a8 1782 d597 0016 1092 04a6 f723 d36e .............#.n 0x0030: 5010 3f9c 0aec 0000 0000 0000 0000 0000 P.?............. 0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
动态主机配置协议 DHCP
/etc/dhcp/dhcpd.conf //参考 man dhcpd.conf配置
systemctl start dhcpd.service //启动服务端
//客户端网卡配置为自动获取IP[root@localhost network-scripts]# pwd/etc/sysconfig/network-scripts[root@localhost network-scripts]# cat ifcfg-eno16777736 TYPE=EthernetBOOTPROTO=dhcpDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=eno16777736UUID=408a5a74-5e01-4cc1-9c83-491b6cb6f7d3DEVICE=eno16777736ONBOOT=no
Linux 域名服务DNS
主机名配置
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4192.168.23.130 zx zx.com
cat /etc/sysconfig/network
# Created by anacondaNETWORKING=yesHOSTNAME=zx.com
DNS 服务器配置
cat /etc/resolv.conf
search zx.comnameserver 192.168.23.130nameserver 192.168.23.1
编辑DNS主配置文件 /etc/named.conf
options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};zone "zx.com" IN { type master; file "named.zx.com"; allow-update { none; };};zone "23.168.192.in-addr.arpa" IN { type master; file "named.192.168.23.zone"; allow-update { none; };};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
directory "/var/named";
指定从 /var/named 下读取DNS数据文件
allow-query { any; };
允许那些客户端可以访问DNS服务 any 为任意主机
zone 每一个zone就是定义了一个域的相关信息及指定named文件从哪些文件获取
检查语法named-checkconf
创建 DNS 正向区域文件 /var/named/named.zx.com
$TTL 3600@ IN SOA ns.zx.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS ns.zx.com.zx.com. A 192.168.23.130ns A 192.168.23.130wc A 192.168.23.131uc A 192.168.23.132
创建 DNS 反向区域文件 /var/named/named.192.168.23.zone
$TTL 3600@ IN SOA ns.zx.com. rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum IN NS ns.zx.com. IN NS wc.zx.com. IN NS uc.zx.com.130 IN PTR ns.zx.com.131 IN PTR wc.zx.com.132 IN PTR uc.zx.com.
检查语法 named-checkzone named.zx.com /var/named/named.zx.com
检查语法 named-checkzone named.192.168.23.zone /var/named/named.192.168.23.zone
重启 named 服务
systemctl start named
验证 DNS 服务
[root@zx named]# nslookup> zx.comServer: 192.168.23.130Address: 192.168.23.130#53Name: zx.comAddress: 192.168.23.130> ns.zx.comServer: 192.168.23.130Address: 192.168.23.130#53Name: ns.zx.comAddress: 192.168.23.130> wc.zx.comServer: 192.168.23.130Address: 192.168.23.130#53Name: wc.zx.comAddress: 192.168.23.131> uc.zx.comServer: 192.168.23.130Address: 192.168.23.130#53Name: uc.zx.comAddress: 192.168.23.132> 192.168.23.130Server: 192.168.23.130Address: 192.168.23.130#53130.23.168.192.in-addr.arpa name = ns.zx.com.> 192.168.23.131 Server: 192.168.23.130Address: 192.168.23.130#53131.23.168.192.in-addr.arpa name = wc.zx.com.> 192.168.23.132 Server: 192.168.23.130Address: 192.168.23.130#53132.23.168.192.in-addr.arpa name = uc.zx.com.
- CentOS7系统网络配置基础
- centos7新装系统基础配置
- Linux系统基础网络配置
- Centos7系统安装设置网络、防火墙配置、自动启动配置
- Centos7网络配置
- vmware网络配置,centos7
- centOS7网络配置
- CentOS7网络配置
- CentOS7 网络配置问题
- CentOS7 网络配置
- vmware配置centos7网络
- CentOS7 网络配置
- centos7.2配置网络
- CentOS7 DHCP网络配置
- centos7.mini 网络配置
- Centos7网络配置
- centos7虚拟机网络配置
- centos7 界面配置网络
- 推荐的前端学习计划
- Unity3D自学笔记——架构应用(九)加载角色数据
- Android 线程
- fastjson (json解析/生成框架)
- 在Centos7下安装部署Zabbix3.2
- CentOS7系统网络配置基础
- Redis内部数据结构总结(3)ziplist
- android-input
- adb连接不上真机的解决办法
- Vijos P1987 游戏(DP)
- myStackOverflow
- 【codevs】 1314 寻宝 模拟
- C语言经典初级例题
- log4j 自定义日志等级