一、网络连通性
一个设备最重要的首先是网络的连通性,网络是连通最基本的保障
设置网络
1、ifconfig命令来配置或查看网络
显示网卡名称,IP地址,子网掩码,广播地址等信息
[root@qianshuiliyu ~]# ifconfig
ifcfg-wang: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
# up:网卡开启状态;RUNNING:网线处理连接状态;MULTICAST:支持组播;mtu:最大传输单元
inet 192.172.168.100 netmask 255.255.255.0 broadcast 192.172.168.255
# IP地址,子网掩码,广播地址
inet6 fe80::20c:29ff:fed2:caf1 prefixlen 64 scopeid 0x20<link>
# IPV6的配置信息
ether 00:0c:29:d2:ca:f1 txqueuelen 1000 (Ethernet)
# 网卡的MAC地址,ether表示连接类型为以太网;txqueuelen :传输队列的长度
RX packets 473 bytes 29867 (29.1 KiB)
# 网卡接收数据包的统计信息
RX errors 0 dropped 0 overruns 0 frame 0
# 网卡接收数据包接收错误的统计信息
TX packets 58 bytes 9082 (8.8 KiB)
# 网卡发送数据包的统计信息
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# 网卡发送数据包发送错误的统计信息
2、临时修改IP,重启失效
[root@qianshuiliyu ~]# ifconfig ifcfg-wang 192.168.1.66
[root@qianshuiliyu ~]# ifconfig ifcfg-wang
ifcfg-wang: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.66 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:0c:29:d2:ca:f1 txqueuelen 1000 (Ethernet)
RX packets 907 bytes 79989 (78.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 577 bytes 96051 (93.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
添加多个临时ip
ifconfig 网卡名字:number ip netmask 掩码
[root@qianshuiliyu ~]# ifconfig ifcfg-wang:1 192.172.168.10 netmask 255.255.255.0
# 不写掩码默认是255.255.255.0
[root@qianshuiliyu ~]# ifconfig
ifcfg-wang: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.172.168.100 netmask 255.255.255.0 broadcast 192.172.168.255
inet6 fe80::20c:29ff:fed2:caf1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d2:ca:f1 txqueuelen 1000 (Ethernet)
RX packets 1116 bytes 72087 (70.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 132 bytes 19776 (19.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ifcfg-wang:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.172.168.10 netmask 255.255.255.0 broadcast 192.172.168.255
ether 00:0c:29:d2:ca:f1 txqueuelen 1000 (Ethernet)
删除
ifconfig 网卡名字 del ip
[root@qianshuiliyu ~]# ifconfig ifcfg-wang del 192.168.1.66
3、重启网络
方法一:
[root@qianshuiliyu ~]# systemctl restart network
#restart start status stop
方法二:
[root@qianshuiliyu ~]# service network restart
等同于
[root@qianshuiliyu ~]# /etc/init.d/network restart
方法三
[root@qianshuiliyu ~]# ifconfig ifcfg-wang down/up
二、网络配置的相关文件
1、网卡配置:
[root@qianshuiliyu ~]# ls /etc/sysconfig/network-scripts/ifcfg-wang
/etc/sysconfig/network-scripts/ifcfg-wang
TYPE=Ethernet
# 接口类型
BOOTPROTO=none
# 激活此设备时使用的地址配置协议,常用的 dhcp,static,none,none等于static
DEFROUTE=yes
DEVICE=ifcfg-wang
# 此配置文件应用到的设备
IPV4_FAILURE_FATAL=no
# yes为禁用设备
NAME=ifcfg-wang
UUID=dd86b67d-caf8-4724-80e5-8009a6892900
# 设备的惟一标识
ONBOOT=yes
# 在系统引导时是否激活此设备
HWADDR= 00:0c:29:d2:ca:f1
# 设备的MAC地址
IPADDR=192.172.168.100
# IP地址
NETMASK=255.255.255.0
# 子网掩码
PREFIX=24
GATEWAY=192.172.168.1
# 网关
DNS1:x.x.x.x
# DNS的配置
USERCTL=no
# 是否允许非root用户控制该设备
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
2、主机名
[root@qianshuiliyu ~]# ls /etc/hostname
/etc/hostname
============================================================
[root@qianshuiliyu ~]# cat /etc/hostname
qianshuiliyu.localdomain
3、主机与ip的绑定信息
[root@qianshuiliyu ~]# ls /etc/hosts
/etc/hosts
============================================================
[root@qianshuiliyu ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
4、DNS
[root@qianshuiliyu ~]# ls /etc/resolv.conf
/etc/resolv.conf
============================================================
[root@qianshuiliyu ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
三、防火墙
在内网和外网之间铸成的一道网络防线,用来保障内网安全的,放置网络受到外部网络的攻击
查看状态
[root@qianshuiluyu ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since 二 2020-09-29 06:29:51 CST; 4min 8s ago
Main PID: 975 (firewalld)
CGroup: /system.slice/firewalld.service
└─975 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
9月 29 06:29:51 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
关闭与重启防火墙
[root@qianshuiluyu ~]# systemctl stop firewalld.service
[root@qianshuiluyu ~]# systemctl start firewalld.service
[root@qianshuiluyu ~]# systemctl restart firewalld.service
开机的启动与关闭设置
[root@qianshuiluyu ~]# systemctl enable firewalld.service
# 开机启动
[root@qianshuiluyu ~]# systemctl disable firewalld.service
# 开机不启动
清空防火墙
[root@qianshuiluyu ~]# iptables -F
selinux
安全增强型 Linux(Security-Enhanced Linux)简称 SELinux,它是一个 Linux 内核模块,也是 Linux 的一个安全子系统。维护安全的机制
查看状态
[root@qianshuiluyu ~]# getenforce
Enforcing #强制执行
[root@qianshuiluyu ~]# getenforce
disable #禁用
[root@qianshuiluyu ~]# getenforce
Permissive # 允许的
临时启动与关闭
[root@qianshuiluyu ~]# setenforce 0
[root@qianshuiluyu ~]# setenforce 1
永久修改
[root@qianshuiluyu ~]# vim /etc/selinux/config
SELINUX=disable