网络常用配置文件
网卡配置文件
[root@docker1 ~]# vim /usr/share/doc/initscripts-9.49.46/sysconfig.txt #网卡配置文件帮助文档
[root@docker1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0" #此配置文件应用到的设备
HWADDR="00:0c:29:ff:d5:19" #对应的设备的MAC地址
NM_CONTROLLED="no" #NM是NetworkManager的简写,此网卡是否接受NM控制;建议CentOS6为“no”
TYPE="Ethernet" #常见有的Ethernet, Bridge
BOOTPROTO="static" #激活此设备时使用的地址配置协议,常用的dhcp, static,none, bootp
DEFROUTE="yes"
DNS1=8.8.8.8 #配置dns地址到resolv.conf
DNS2=114.114.114.114
NAME="eth0"
ONBOOT="yes" #系统引导时是否激活此设备
IPADDR=192.168.1.14
PREFIX=24
GATEWAY=192.168.1.254
PEERDNS="no" #如果BOOTPROTO的值为“dhcp”,YES将允许dhcp server分配的dns服务器信息直接覆盖至/etc/resolv.conf文件,NO不允许修改resolv.conf
DNS配置文件
# Generated by NetworkManager
search baidu.com #搜索域
nameserver 192.168.1.254 #dns服务器地址,一般配置主备dns服务器地址,配置多行无效
[root@docker1 ~]# ping -c1 www #会自动在末尾补上搜索域设置
PING www.a.shifen.com (180.101.50.188) 56(84) bytes of data.
64 bytes from 180.101.50.188 (180.101.50.188): icmp_seq=1 ttl=128 time=21.4 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.471/21.471/21.471/0.000 ms
[root@docker1 ~]#
路由配置文件
[root@han network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@han network-scripts]# cat /etc/sysconfig/network-scripts/route-lo #手动创建此文件,lo为接口名称
10.0.0.0/8 via 127.0.0.1 #格式:TARGET via GW
[root@han network-scripts]#
bond配置文件
Mode 0 (balance-rr)
轮转(Round-robin)策略:从头到尾顺序的在每一个slave接口上面发送数据包。本模式提供负载均衡和容错的能力。
Mode 1 (active-backup)
活动-备份(主备)策略:只有一个slave被激活,当且仅当活动的slave接口失败时才会激活其他slave.为了避免交换机发生混乱此时绑定的MAC地址只有一个外部端口上可见。
Mode 3 (broadcast)
广播策略:在所有的slave接口上传送所有的报文,提供容错能力。
mode4
active-backup、balance-tlb 和balance-alb 模式不需要交换机的任何特殊配置。其他绑定模式需要配置交换机以便整合链接。如:Cisco 交换机需要在模式0、2 和3 中使用EtherChannel,但在模式4中需要LACP和EtherChannel
MAC地址
网卡绑定后,绑定网卡的mac地址为其中一个网卡的mac。
[root@han ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth{0,1}
#eth0配置文件
TYPE="Ethernet"
BOOTPROTO="dhcp"
NAME="eth0"
DEVICE="eth0"
MASTER=bond0
SLAVE=yes
ONBOOT="yes"
#eth1配置文件
TYPE="Ethernet"
BOOTPROTO="dhcp"
MASTER=bond0
SLAVE=yes
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
[root@han ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=dhcp
BONDING_OPTS="miimon=100 mode=0" #miimon设置心跳检测时间,mode设置绑定模式
[root@han ~]# cat /proc/net/bonding/bond0 #查看网卡绑定状态
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:d3:01:0d
Slave queue ID: 0
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:d3:01:17
Slave queue ID: 0
[root@han ~]# ll /usr/share/doc/kernel-doc-version/Documentation/networking/bonding.txt #网卡绑定帮助文档
常用命令管理
ping
[root@han ~]# ping -c 1 192.168.1.254 #指定ping的次数
[root@han ~]# ping -s 2000 192.168.1.254 #指定包的大小
[root@han ~]# ping -I 192.168.1.1 192.168.1.254 #指定源地址
[root@han ~]# ping -i 0.5 192.168.1.254 #指定两个包的时间间隔,默认为1s
[root@han ~]# ping -w 3 192.168.1.254 #指定ping的超时时间
arping
[root@han ~]# arping -I eth0 192.168.1.17 #本地有多个网卡需要指定网卡
ARPING 192.168.1.17 from 192.168.1.14 eth0
Unicast reply from 192.168.1.17 [00:0C:29:A5:AC:1C] 1.375ms #返回两个mac,说明地址冲突,需要在同网段进行测试
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC] 1.648ms
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC] 1.999ms
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC] 1.748ms
^CSent 3 probes (1 broadcast(s))
Received 4 response(s)
[root@han ~]#
traceroute
[root@han ~]# traceroute 8.8.8.8 #默认使用UDP进行路由追踪
[root@han ~]# traceroute -I 8.8.8.8 #指定使用ICMP进行路由追踪
[root@han ~]# traceroute -T 8.8.8.8 #指定使用TCP方式进行路由追踪
modprobe
[root@han ~]# ethtool -i eth0
driver: e1000 #网卡驱动名称
version: 7.3.21-k8-NAPI
firmware-version:
expansion-rom-version:
bus-info: 0000:02:01.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
[root@han ~]# modprobe -r e1000 #卸载网卡驱动
[root@han ~]# rmmod e1000 #卸载网卡驱动
[root@han ~]# modprobe e1000 #加载网卡驱动
ethtool
[root@han ~]# ethtool eth0 #查看网卡链路连接情况,逻辑或物理端口连接状态均为no
[root@han ~]# ethtool -p eth0 #查看主机网卡位置,指定网卡指示灯会快速闪烁
[root@han ~]# ethtool -i eth0 #查看网卡驱动信息
[root@han ~]# ethtool -S eth0 #查看网卡收发情况
ifconfig
[root@han ~]# ifconfig #查看在线网卡地址
[root@han ~]# ifconfig -a #查看所有网卡信息,包括离线网卡
[root@han ~]# ifconfig -s #查看数据包发送情况,与netstat -i类似
[root@han ~]# ifconfig eth0 up/down #启动和关闭网卡
[root@han ~]# ifconfig eth0 mtu 1200 #设置网卡MTU值
[root@han ~]# ifconfig eth0:1 1.1.1.1/24 #设置网卡地址,包括网卡子接口
ip
ip address
[root@han ~]# ip address show #查询所有接口地址
[root@han ~]# ip address add/del 1.1.1.1/32 dev eth0 label eth0:1 [scope {global|link|host}] #创建/删除子接口,scope为作用域,global:全局作用域,默认;link:仅链接可以;host:本机可用,lo口为此作用域
ip link
[root@han ~]# ip link #显示链路层信息,不显示IP地址
[root@han ~]# ip link set down/up dev eth1 #down/up网卡
[root@han ~]# ip link set mtu 1300 dev eth1 #设置网卡MTU值
ip route
# ip route add TARGET via GW dev IFACE src SOURCE_IP
[root@han ~]# ip route add 192.168.1.0/24 via 172.16.1.1
[root@han ~]# ip route add default via 192.168.1.1 dev eth0
[root@han ~]# ip route del 192.168.1.0/24
[root@han ~]# ip route show|list
[root@han ~]# ip route flush dev eth0 #清空对应接口的路由,不指定接口,清空所有路由
[root@han ~]# ip route show table 100 #100为策略路由的ID
ip rule
[root@han ~]# ip rule list #查看主机策略路由,默认只有3条策略路由
0: from all lookup local #ID 255;优先级:0
32766: from all lookup main #ID 254;优先级:32766
32767: from all lookup default #ID 253;优先级:32767
[root@han ~]# ip rule add fwmark 3 table 3
[root@han ~]# iptables -A PREROUTING -t mangle -i eth0 -s 192.168.3.0/24 -j MARK --set-mark 3 #创建mark规则
[root@han ~]# ip route add 192.168.3.0/24 via 192.168.1.254 dev eth0 table 3 #在策略路由3中添加路由
[root@han ~]# ip rule list #查看新添加的策略路由
0: from all lookup local
32765: from all fwmark 0x3 lookup 3
32766: from all lookup main
32767: from all lookup default
[root@han ~]# ip route show tables 3 #查看策略路由3中的路由
192.168.3.0/24 via 192.168.1.254 dev eth0
ss
#格式:ss [OPTION]…… [FILTER]
#ss使用netlink与tcp_diag模块通信获取socket信息,FILTER:[state TCP-STATE] [EXPRESSION];EXPRESSION: dport = ,sport = ,示例:‘(dport = :ssh or sport = :ssh)’
[root@han ~]# ss -ntl #查看端口监听状态
[root@han ~]# ss -ntlp #查看端口监听对应的进行信息
[root@han ~]# ss -n -o state established '( sport = :22 )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 36 192.168.1.14:22 192.168.1.100:5687 timer:(on,240ms,0)
[root@han ~]#
nmcli
#创建bond端口
[root@han ~]# nmcli con add type bond con-name bond0 ifname bond0 mode active-backup #创建主备bond,名称为bond0
[root@han ~]# nmcli con add type bond-slave ifname eth0 master bond0 #把eth0加入bond0
[root@han ~]# nmcli con add type bond-slave ifname eth1 master bond0 #把eth1加入bond0
[root@han ~]# nmcli con up bond-slave-eth0 #启动bond从属接口
[root@han ~]# nmcli con up bond-slave-eth1
[root@han ~]# nmcli con up bond0 #启动bond口
[root@han ~]# nmcli dev show bond0 #显示bond0接口属性
最佳实践
测试端口连通性
- telnet
[root@han ~]# telnet 192.168.1.17 22
Trying 192.168.1.17...
Connected to 192.168.1.17. #表示端口被监听
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4
^Cx^H^Hexit
Connection closed by foreign host.
[root@han ~]#
- ssh
[root@han ~]# ssh -v -p 22 192.168.1.17
OpenSSH_7.9p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.17 [192.168.1.17] port 22.
debug1: Connection established. #表示端口被监听
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
- curl
[root@han ~]# curl -v 192.168.1.17:22
- About to connect() to 192.168.1.17 port 22 (#0)
- Trying 192.168.1.17...
- Connected to 192.168.1.17 (192.168.1.17) port 22 (#0) #表示端口被监听
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.1.17:22
> Accept: */*
>
SSH-2.0-OpenSSH_7.4
- Recv failure: Connection reset by peer
- Closing connection 0
curl: (56) Recv failure: Connection reset by peer
[root@han ~]#
- wget
[root@han ~]# wget 192.168.1.17:22
--2023-08-01 13:53:32-- http://192.168.1.17:22/
Connecting to 192.168.1.17:22... connected. #表示端口被监听
HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9
- nc
[root@docker1 ~]# nc -vuz 192.168.1.4 514 #测试udp端口连通性
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.4:514.
Ncat: UDP packet sent successfully #successfully表示连接成功
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.