一����、網(wǎng)絡(luò)的意義
創(chuàng)新互聯(lián)公司專業(yè)提供成都主機托管四川主機托管成都服務(wù)器托管四川服務(wù)器托管�,支持按月付款�!我們的承諾:貴族品質(zhì)���、平民價格,機房位于中國電信/網(wǎng)通/移動機房���,眉山服務(wù)器托管服務(wù)有保障���!
時至今日���,互聯(lián)網(wǎng)已經(jīng)成了人類發(fā)展中最重要的資源,在人類還沒有足夠充分的準(zhǔn)備來迎接網(wǎng)絡(luò)時代的來臨時���,它就已經(jīng)成了我們生活中與一切行動緊密相關(guān)的內(nèi)容���。我們已無法離開網(wǎng)絡(luò),就象生活少不了吃飯一樣��。雖然沒有網(wǎng)絡(luò)時代的人也存在了上萬年�����,創(chuàng)造出了種種偉大的文明和輝煌成就�,但是人的欲望和智慧總是相依相伴的�,欲望一旦促使智慧得到開啟后,會變得一發(fā)不可收拾�����,無法再回頭。
隨著網(wǎng)絡(luò)的發(fā)展和壯大�。各互聯(lián)網(wǎng)公司對網(wǎng)絡(luò)的安全,可靠要求也越來越大��。網(wǎng)絡(luò)管理已經(jīng)成為我們必須熟悉掌握的一項基本技能����。
二、Centos 6的網(wǎng)絡(luò)管理(以太網(wǎng))
centos 6網(wǎng)絡(luò)接口的命名方式:eth[0,1,2]����,centos 6的網(wǎng)路接口命名根據(jù)mac地址來識別,第一個識別到的網(wǎng)卡命名為eth0��,第二個識別的為eth2���,以此類推����。這種情況可能會導(dǎo)致當(dāng)你在eth0配置好了網(wǎng)絡(luò)配置文件后�����。當(dāng)eth0這塊網(wǎng)卡壞掉了。我們買了一塊新的網(wǎng)卡還是插回原來的槽中����,但是網(wǎng)卡名字已經(jīng)更改為eth2。這會導(dǎo)致之前的網(wǎng)絡(luò)配置文件無法使用���。這個情況在centos 7上得到了改善����,這個我們第三章再做說明����。
ifconfig命令(立即生效,但是重啟系統(tǒng)后即失效)
ifconfig [interface]
# ifconfig -a
[root@localhost ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 08:00:27:78:CB:FC
inet addr:192.168.0.114 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe78:cbfc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:189 errors:0 dropped:0 overruns:0 frame:0
TX packets:308 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20800 (20.3 KiB) TX bytes:53808 (52.5 KiB)
Base address:0xd010 Memory:f0000000-f0020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
#顯示所有網(wǎng)卡信息
# ifconfig IFACE [up|down]
#禁用或啟用指定的網(wǎng)卡eth0
[root@localhost ~]# ifconfig eth0 down
[root@localhost ~]# ifconfig eth0 up
ifconfig interface [aftype] options | address ...
# ifconfig IFACE IP/mask [up]
#為eth0配置IP地址�����,后面直接指定掩碼位數(shù)
[root@localhost ~]# ifconfig eth0 192.168.1.1/24
# ifconfig IFACE IP netmask MASK
#為eth0配置IP地址,后面直接輸入netmask+掩碼
[root@localhost ~]# ifconfig eth0 192.168.1.1 netmask 255.255.255.0
route命令(路由管理命令)
查看:route -n
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
添加:route add
route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If]
#指定去往192.168.0.88的目標(biāo)主機網(wǎng)關(guān)為192.168.0.1���,經(jīng)由eth0網(wǎng)卡轉(zhuǎn)發(fā)
[root@localhost ~]# route add -host 192.168.0.88 gw 192.168.0.1 dev eth0
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.88 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
其中Flags為路由標(biāo)志,標(biāo)記當(dāng)前網(wǎng)絡(luò)節(jié)點的狀態(tài):
U Up表示此路由當(dāng)前為啟動狀態(tài)
H Host�����,表示此網(wǎng)關(guān)為一主機
G Gateway�,表示此網(wǎng)關(guān)為一路由器
R Reinstate Route�,使用動態(tài)路由重新初始化的路由
D Dynamically,此路由是動態(tài)性地寫入
M Modified����,此路由是由路由守護(hù)程序或?qū)蚱鲃討B(tài)修改
! 表示此路由當(dāng)前為關(guān)閉狀態(tài)
#指定去往192.168.0.0的目標(biāo)網(wǎng)絡(luò)網(wǎng)關(guān)為192.168.0.1,經(jīng)由eth0網(wǎng)卡轉(zhuǎn)發(fā)
[root@localhost ~]# route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1 dev eth0
[root@localhost ~]# route add -net 192.168.0.0/24 gw 192.168.0.1 dev eth0
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth0
#指定網(wǎng)關(guān)為192.168.0.1的默認(rèn)路由���,默認(rèn)路由只需要添加一條�,添加多條以第一條為準(zhǔn)
[root@localhost ~]# route add -net 0.0.0.0/32 gw 192.168.0.1
[root@localhost ~]# route add default gw 192.168.0.1
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
刪除:route del
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
#刪除主機路由
[root@localhost ~]# route del -host 192.168.0.88
#刪除網(wǎng)絡(luò)路由
[root@localhost ~]# route del -net 192.168.0.0 netmask 255.255.255.0
#刪除默認(rèn)路由
[root@localhost ~]# route del default
DNS服務(wù)器指定:
編輯:/etc/resolv.conf
nameserver DNS_SERVER_IP1(nameserver 8.8.8.8)
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3
FQDN:(Fully Qualified Domain Name)完全合格域名/全稱域名���,是指主機名加上全路徑����,全路徑中列出了序列中所有域成員���。全域名可以從邏輯上準(zhǔn)確地表示出主機在什么地方�,也可以說全域名是主機名的一種完全表示形式�����。從全域名中包含的信息可以看出主機在域名樹中的位置�����。DNS解析流程:首先查找本機HOSTS表,有的直接使用表中定義�����,沒有查找網(wǎng)絡(luò)連接中設(shè)置的DNS 服務(wù)器由他來解析����。
正解:FQDN-->IP(www.google.com-->216.58.221.36)
# dig -t A FQDN
[root@localhost ~]# dig -t A www.google.com
; <<>> DiG 9.3.4-P1 <<>> -t A www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38677
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION(這里是我們疑問的問題):
;www.google.com. IN A
;; ANSWER SECTION(這里是我們回答我們的問題):
www.google.com. 370 IN A 216.58.221.36
;; AUTHORITY SECTION:
google.com. 11188 IN NS ns2.google.com.
google.com. 11188 IN NS ns1.google.com.
google.com. 11188 IN NS ns4.google.com.
google.com. 11188 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 30626 IN A 216.239.32.10
ns2.google.com. 12121 IN A 216.239.34.10
ns3.google.com. 21582 IN A 216.239.36.10
ns4.google.com. 10738 IN A 216.239.38.10
;; Query time: 12 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)(這里是我們指定為我們做解析的的DNS服務(wù)器)
;; WHEN: Thu Sep 3 17:27:02 2015
;; MSG SIZE rcvd: 184
# host -t A FQDN
[root@localhost ~]# host -t A www.google.com
www.google.com has address 216.58.221.36
反解:IP-->FQDN(216.58.221.36-->www.google.com)
# dig -x IP
[root@localhost ~]# dig -x 216.58.221.36
; <<>> DiG 9.3.4-P1 <<>> -x 216.58.221.36
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46451
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;36.221.58.216.in-addr.arpa. IN PTR
;; ANSWER SECTION:
36.221.58.216.in-addr.arpa. 281 IN PTR hkg08s13-in-f4.1e100.net.
36.221.58.216.in-addr.arpa. 281 IN PTR hkg08s13-in-f36.1e100.net.
;; AUTHORITY SECTION:
221.58.216.in-addr.arpa. 38624 IN NS ns1.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns3.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns2.google.com.
221.58.216.in-addr.arpa. 38624 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 30015 IN A 216.239.32.10
ns2.google.com. 11510 IN A 216.239.34.10
ns3.google.com. 20971 IN A 216.239.36.10
ns4.google.com. 10127 IN A 216.239.38.10
;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Sep 3 17:37:14 2015
;; MSG SIZE rcvd: 258
# host -t PTR IP
[root@localhost ~]# host -t PTR 216.58.221.36
36.221.58.216.in-addr.arpa domain name pointer hkg08s13-in-f36.1e100.net.
36.221.58.216.in-addr.arpa domain name pointer hkg08s13-in-f4.1e100.net
netstat命令:
netstat - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
顯示網(wǎng)絡(luò)連接:
netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
-t: tcp協(xié)議相關(guān)
-u: udp協(xié)議相關(guān)
-w: raw socket相關(guān)
-l: 處于監(jiān)聽狀態(tài)
-a: 所有狀態(tài)
-n: 以數(shù)字顯示IP和端口;
-e:擴展格式
-p: 顯示相關(guān)進(jìn)程及PID
常用組合:
-tan, -uan, -tnl, -unl
#顯示tcp協(xié)議相關(guān)的所有連接狀態(tài)信息�,以數(shù)字顯示IP和端口
[root@localhost ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:833 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:6010 :::* LISTEN
tcp 0 0 ::ffff:192.168.0.114:22 ::ffff:192.168.0.107:62362 ESTABLISHED
#顯示tcp協(xié)議相關(guān)的所有連接狀態(tài)信息的相關(guān)進(jìn)程及PID,以數(shù)字顯示IP和端口
[root@localhost ~]# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:833 0.0.0.0:* LISTEN 1923/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1894/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2182/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2206/sendmail: acce
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2508/0
tcp 0 0 :::22 :::* LISTEN 2167/sshd
tcp 0 0 ::1:6010 :::* LISTEN 2508/0
tcp 0 0 ::ffff:192.168.0.114:22 ::ffff:192.168.0.107:62362 ESTABLISHED 2508/0
顯示路由表:
netstat {--route|-r} [--numeric|-n]
-r: 顯示內(nèi)核路由表
-n: 數(shù)字格式
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
顯示接口統(tǒng)計數(shù)據(jù):
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]
-i:顯示所有接口的統(tǒng)計數(shù)據(jù)
[root@localhost ~]# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 8234 0 0 0 6545 0 0 0 BMRU
lo 16436 0 34 0 0 0 34 0 0 0 LRU
-I IFACE:顯示IFACE接口的統(tǒng)計數(shù)據(jù)(-I接口�����,參數(shù)和接口之間不用空格����,直接連著打)
[root@localhost ~]# netstat -Ieth0
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 8265 0 0 0 6559 0 0 0 BMRU
ip命令:
ip - show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route }
link OBJECT:
ip link - network device configuration
set dev IFACE up:禁用指定接口
set dev IFACE down:禁用指定接口
[root@localhost ~]# ip link set dev eth0 down
[root@localhost ~]# ip link set dev eth0 up
show
[dev IFACE]:指定接口
[root@localhost ~]# ip link show eth0
2: eth0: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 08:00:27:4d:f1:47 brd ff:ff:ff:ff:ff:ff
ip addr - protocol address management
ip addr { add | del } IFADDR dev STRING
[label LABEL]:添加地址時指明網(wǎng)卡別名
[scope {global(全局可用)|link(僅鏈接可用)|host(本機可用)}]:指明作用域
[broadcast ADDRESS]:指明廣播地址
#add為添加多一個新IP地址
[root@localhost ~]# ip addr add 192.168.0.222/24 label eth0:0 scope global dev eth0
[root@localhost ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:78:cb:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.114/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.222/24 scope global secondary eth0:0
inet6 fe80::a00:27ff:fe78:cbfc/64 scope link
valid_lft forever preferred_lft forever
ip addr show - look at protocol addresses
[dev DEVICE]
[label PATTERN]
[root@localhost ~]# ip addr show eth0
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:78:cb:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.114/24 brd 192.168.0.255 scope global eth0
inet 192.168.0.222/24 scope global secondary eth0:0
inet6 fe80::a00:27ff:fe78:cbfc/64 scope link
valid_lft forever preferred_lft forever
ip addr flush - flush protocol addresses
[dev DEVICE]:清空指定設(shè)備的所有IP地址,慎用�����,一執(zhí)行所有IP地址都清空
ip route - routing table management
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:主機路由直接輸入IP�����。網(wǎng)絡(luò)路由:NETWORK/MASK����,地址加掩碼
[root@localhost ~]# ip route add 192.168.0.88 via 192.168.0.1
[root@localhost ~]# ip route show
192.168.0.88 via 192.168.0.1 dev eth0
添加網(wǎng)關(guān):ip route add defalt via GW dev IFACE
ip route delete
刪除路由:ip route del TARGET
[root@localhost ~]# ip route del 192.168.0.99
ip route show
[root@localhost ~]# ip route show
192.168.0.88 via 192.168.0.1 dev eth0
ip route flush
dev IFACE:清空指定設(shè)備的所有路由條目
ss和netstat都是用來查看網(wǎng)絡(luò)狀態(tài)的。但是在連接數(shù)異常多的時候ss的性能會比netstat快幾倍�����。所以在連接數(shù)很多的時候建議使用ss
ss查看網(wǎng)絡(luò)狀態(tài)工具命令:
格式:ss [OPTION]... [FILTER]
選項:
-t: tcp協(xié)議相關(guān)
-u: udp協(xié)議相關(guān)
-w: 裸套接字相關(guān)
-x:unix sock相關(guān)
-l: listen狀態(tài)的連接
-a: 所有
-n: 數(shù)字格式
-p: 相關(guān)的程序及PID
-e: 擴展的信息
-m:內(nèi)存用量
-o:計時器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常見狀態(tài):
tcp finite state machine:
LISTEN: 監(jiān)聽
ESTABLISHED:已建立的連接
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
EXPRESSION:
dport =
sport =
示例:’( dport = :ssh or sport = :ssh )’
常用組合:
-tan, -tanl, -tanlp, -uan
網(wǎng)頁名稱:LINUX網(wǎng)絡(luò)管理之Centos6&&Centos7
轉(zhuǎn)載注明:
http://weahome.cn/article/psceoh.html
重慶分公司
重慶分公司
