#网络管理
#网络管理
###2.2 IP
//语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT:
link:网络接口属性
addr:协议地址
route:路由
//查看网络接口所有地址
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000link/ether 52:54:00:40:02:68 brd ff:ff:ff:ff:ff:ff
//显示报文统计信息
[root@localhost ~]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffRX: bytes packets errors dropped missed mcast 45067182 35798 0 0 0 0 TX: bytes packets errors dropped carrier collsns 1488813 15209 0 0 0 0
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000link/ether 52:54:00:40:02:68 brd ff:ff:ff:ff:ff:ffRX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0
//启用或禁用网络接口ip link set DEV {up|down}
[root@localhost ~]# ip link set lo down
[root@localhost ~]# ip link set lo up
//ip addr add ADDRESS dev DEV:添加IP地址
[root@localhost ~]# ip addr show eth1
Device "eth1" does not exist.
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1694sec preferred_lft 1694secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.1.1/24 dev eth0
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1751sec preferred_lft 1751secinet 192.168.1.1/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
//ip addr del ADDRESS dev DEV:删除IP地址
[root@localhost ~]# ip addr del 192.168.1.1/24 dev eth0
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1554sec preferred_lft 1554secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
//ip addr show DEV:查看网络接口的地址
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1462sec preferred_lft 1462secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
###2.3 route
Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
//查看当前路由表
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//以数字方式显示各主机或端口等相关信息
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.181.2 0.0.0.0 UG 100 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增加路由
//语法:route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If]
[root@localhost ~]# route add -net 172.16.12.0/24 gw 172.16.12.2 dev eth1
[root@localhost ~]# route add -net 0.0.0.0/0 gw 172.16.12.2 dev eth1
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 _gateway 255.255.255.0 UG 0 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增加主机路由
[root@localhost ~]# route add -host 172.16.12.128 gw 172.16.12.2
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 _gateway 255.255.255.0 UG 0 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.16.12.128 _gateway 255.255.255.255 UGH 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//删除路由
[root@localhost ~]# route del -net 172.16.12.0/24
[root@localhost ~]# route del -net 0.0.0.0/0 gw 172.16.12.2
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.16.12.128 _gateway 255.255.255.255 UGH 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
###2.4 hostname与hostnamectl
生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
公有云: 地区-项目-业务-服务-节点-地址
wh-shop-register-nginx-node1-192.168.56.13
wh-med-pay-mysql-master01-192.168.56.11
wh-med-pay-mysql-slave01-192.168.56.12
//hostname查看主机名
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]#
//hostname临时修改主机名
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# hostname zhan
[root@localhost ~]# cat /etc/hostname
localhost.localdomain
[root@localhost ~]# bash
[root@zhan ~]#
//注意:修改主机名后需要重新登录用户才会显示效果
//查看主机信息
[root@zhan ~]# hostnamectlStatic hostname: localhost.localdomain
Transient hostname: zhanIcon name: computer-vmChassis: vmMachine ID: 2d75326ae4474db3b45880970e29710fBoot ID: 49521acf258e4ad99992ffc6629885e7Virtualization: vmwareOperating System: CentOS Stream 8CPE OS Name: cpe:/o:centos:centos:8Kernel: Linux 4.18.0-365.el8.x86_64Architecture: x86-64
[root@zhan ~]#
###3. 网络相关配置文件
###3.1 网络配置文件
//网络配置文件:/etc/sysconfig/network
NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。
HOSTNAME:设置主机名
###3.2 网络接口配置文件
网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
[root@zhan ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
~
~
//网卡配置说明
//参数 说明
BOOTPROTO=none //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
NM_CONTROLLED //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本
//可选值有{ yes | no }
//此项是设定此网卡是否接受NM控制。CentOS6建议设为“no”
TYPE //接口类型。常见的接口类型有:Ethernet,Bridge
UUID //设备的惟一标识
HWADDR //硬件地址,要与硬件中的地址保持一致,可省
IPADDR=172.16.12.130 //固定IP地址
PREFIX=24 //子网掩码
NETMASK=255.255.255.0 //子网掩码
GATEWAY=172.16.12.2 //默认网关
DNS1=172.16.12.2 //第一个DNS服务器指向
DNS2 //第二个DNS服务器指向
DNS3 //第三个DNS服务器指向
DEVICE=eth1 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致
NAME=“eth1” //连接名称
ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }
DEFROUTE=yes //将接口设定为默认路由[yes|no]
USERCTL={yes|no} //是否允许普通用户控制此接口的启用与禁用
PEERDNS={yes|no} //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中
###3.3 路由配置文件
路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
//添加格式一:DEST via NEXTHOP
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33
172.16.12.0/24 via 172.16.12.2
###3.4 DNS配置文件
DNS配置文件的路径是/etc/resolv.conf
[root@zhan ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.181.2
nameserver 172.16.12.2
###4. NetworkManager管理网络
RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。
NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connection-editor
device物理设备, 例如 ens33,enp2s0,virbr0,team0
connection连接设置, 具体网络配置方案
1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接
2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了
使用nmcli命令查看设备以及连接情况
//查看设备状态
[root@zhan ~]# nmcli device
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet connected eth1
virbr0 bridge connected (externally) virbr0
lo loopback unmanaged --
//查看指定设备的详细状态
[root@zhan ~]# nmcli device show eth1
GENERAL.DEVICE: eth1
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:08:71:1A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eth1
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.16.12.130/24
IP4.GATEWAY: 172.16.12.2
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 172.16.12.2, mt = 101
IP4.ROUTE[2]: dst = 172.16.12.0/24, nh = 0.0.0.0, mt = 101
IP4.ROUTE[3]: dst = 172.16.12.128/32, nh = 172.16.12.2, mt = 0
IP4.DNS[1]: 172.16.12.2
IP6.ADDRESS[1]: fe80::20c:29ff:fe08:711a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 256
//查看连接状态
[root@zhan ~]# nmcli connection
NAME UUID TYPE DEVICE
eth0 233e5103-03ba-4dbd-8cc3-ef4dbefbb941 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
virbr0 76666f2c-6ae7-45d8-99e6-70d596e4f434 bridge virbr0
//查看所有活动的连接
NAME UUID TYPE DEVICE
eth0 233e5103-03ba-4dbd-8cc3-ef4dbefbb941 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
virbr0 76666f2c-6ae7-45d8-99e6-70d596e4f434 bridge virbr0
//查看指定设备连接的详细情况
[root@zhan ~]# nmcli connection show eth1
connection.id: eth1
connection.uuid: 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: eth1
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1657610060
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method: manual
ipv4.dns: 172.16.12.
###6. 网络检测工具与故障排查
6.1 ping
ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况
//ping命令常用选项:
-c 指定ping的次数
-i 指定ping包的发送间隔
-w 如果ping没有回应, 则在指定超时时间后退出
6.2 host与nslookup
host/nslookup命令用于查询DNS记录
[root@localhost ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 182.61.200.6
www.a.shifen.com has address 182.61.200.7
[root@localhost ~]# nslookup www.baidu.com
Server: 192.168.181.2
Address: 192.168.181.2#53Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 182.61.200.7
Name: www.a.shifen.com
Address: 182.61.200.6
###6.3 netstat
netstat用于查看网络状态
//显示路由表
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//以数字方式显示路由表
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.181.2 0.0.0.0 UG 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//显示建立的tcp连接
[root@localhost ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED
tcp 0 168 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED
//显示udp连接
[root@localhost ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost.locald:bootpc 192.168.181.254:bootps ESTABLISHED
//显示监听状态的连接
[root@localhost ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN
//显示监听指定的套接字的进程的进程号及进程名
[root@localhost ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT -
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED 4535/sshd: root [pr
tcp 0 0 localhost.localdo:37794 _gateway:domain TIME_WAIT -
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED 4460/sshd: root [pr
udp 0 0 localhost.locald:bootpc 192.168.181.254:bootps ESTABLISHED 1166/NetworkManager
//显示所有状态的连接
[root@localhost ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdo:37796 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED
tcp 0 0 localhost.localdo:37794 _gateway:domain TIME_WAIT
tcp 0 52 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED
//常用选项
-antlp
[root@localhost ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1185/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1186/cupsd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1913/dnsmasq
tcp 0 0 192.168.181.159:37796 192.168.181.2:53 TIME_WAIT -
tcp 0 0 192.168.181.159:37798 192.168.181.2:53 TIME_WAIT -
tcp 0 0 192.168.181.159:22 192.168.181.1:52040 ESTABLISHED 4535/sshd: root [pr
tcp 0 0 192.168.181.159:37794 192.168.181.2:53 TIME_WAIT -
tcp 0 52 192.168.181.159:22 192.168.181.1:52039 ESTABLISHED 4460/sshd: root [pr
tcp6 0 0 :::22 :::* LISTEN 1185/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1186/cupsd
tcp6 0 0 :::111 :::* LISTEN 1/systemd
###6.4 ss
ss是一种网络状态查看工具,取代netstat
//语法:ss [options] [ FILTER ]
//常用的options:
-t:tcp协议相关
-u:udp协议相关
-w:裸套接字相关
[root@localhost ~]# ss -w
Recv-Q Send-Q Local Address:Port Peer Address:Port Process
-x:unix套接字相关
[root@localhost ~]# ss -x
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739
u_str ESTAB 0 0 * 48223 * 47875
-l:listen状态的连接
-a:所有
-n:数字格式
-p:相关的程序及pid
[root@localhost ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 0.0.0.0:111 0.0.0.0:*
UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
UNCONN 0 0 0.0.0.0:34711 0.0.0.0:*
UNCONN 0 0 192.168.122.1:53 0.0.0.0:* [root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1185,fd=5))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:* [root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:* [root@localhost ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
-e:扩展的信息
[root@localhost ~]# ss -e
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112 -->
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739 <-- ino:12037 dev:0/24
-m:内存用量
[root@localhost ~]# ss -m
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112 skmem:(r0,rb212992,t0,tb425984,f0,w0,o0,bl0,d0)
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
-o:显示计时器信息
[root@localhost ~]# ss -o
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739
u_str ESTAB 0 0 * 48223 * 47875
u_str ESTAB 0 0 * 28832 * 28635
u_str ESTAB 0 0 /run/systemd/journal/stdout 51064 * 52445
u_str ESTAB 0 0 /run/systemd/journal/stdout 50537 * 51248
u_str ESTAB 0 0 /run/dbus/system_bus_socket 28634 * 26899
//常见的FILTER:
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
如:ss -tan state ESTABLISHED
//常见的state:
//tcp finite state machine:有限状态机
LISTENING:监听
ESTABLISHED:已建立的连接
//EXPRESSION:
dport =
sport =
示例:‘( dport = :ssh or sport = :ssh)’,此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格
//常见端口
http 80/tcp
https 443/tcp
ssh 22/tcp
ftp 20,21/tcp
mysql 3306/tcp
rsync 873/rsync
redis 6379/tcp
###作业
1.如何查看系统中每个ip的连接数
[root@zhan ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED
udp 0 0 192.168.181.159:68 192.168.181.254:67 ESTABLISHED
2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
http:80 ftp:20,21 ssh:22 telnet:8080 mysq1:3306 dns:53
3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
[root@zhan network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
4.详细描述dns解析过程,以访问www.baidu.com为例
[root@zhan ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from localhost (182.61.200.6): icmp_seq=1 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=2 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=3 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=4 ttl=128 time=20.7 ms
64 bytes from localhost (182.61.200.6): icmp_seq=5 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=6 ttl=128 time=20.6 ms
5.如何查看系统中运行了多少个进程
[root@zhan ~]# ps aux | less
6.如何查看系统中启动了哪些端口
[root@zhan ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=932,fd=4),("systemd",pid=1,fd=211))
LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1911,fd=6))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1174,fd=5))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=1176,fd=10))
LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=932,fd=6),("systemd",pid=1,fd=213))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1174,fd=7))
LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=1176,fd=9))
7.如何查看是否开启80端口,及查看sshd进程是否存在
[root@zhan ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1911/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1174/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1176/cupsd
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1174/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1176/cupsd
8.列出所有处于监听状态的tcp端口
[root@zhan ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1911/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1174/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1176/cupsd
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1174/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1176/cupsd
[root@zhan ~]# ps -ef | grep 80
root 806 1 0 14:28 ? 00:00:00 vmware-vmblock-fuse /run/vmblock-fuse -o rw,subtype=vmware-vmblock,default_permissions,allow_other,dev,suid
roo 2280 1 0 14:29 ? 00:00:00 /usr/lib/systemd/systemd --user
roo 2283 2280 0 14:29 ? 00:00:00 (sd-pam)
roo 2292 2280 0 14:29 ? 00:00:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal
roo 2316 2280 0 14:29 ? 00:00:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
roo 2402 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd
roo 2417 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
roo 2452 2280 0 14:29 ? 00:00:00 /usr/libexec/at-spi-bus-launcher
roo 2466 2280 0 14:29 ? 00:00:00 /usr/libexec/at-spi2-registryd --use-gnome-session
roo 2517 2280 0 14:29 ? 00:00:00 /usr/libexec/ibus-portal
roo 2524 2280 0 14:29 ? 00:00:00 /usr/libexec/xdg-permission-store
roo 2530 2280 0 14:29 ? 00:00:00 /usr/libexec/gnome-shell-calendar-server
roo 2538 2280 0 14:29 ? 00:00:00 /usr/libexec/dconf-service
roo 2544 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-udisks2-volume-monitor
roo 2554 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-mtp-volume-monitor
roo 2561 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-gphoto2-volume-monitor
roo 2562 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-source-registry
roo 2566 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-afc-volume-monitor
roo 2571 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-goa-volume-monitor
roo 2578 2280 0 14:29 ? 00:00:00 /usr/libexec/goa-daemon
roo 2588 2280 0 14:29 ? 00:00:00 /usr/libexec/goa-identity-service
roo 2624 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-calendar-factory
roo 2743 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-addressbook-factory
roo 2801 2321 0 14:29 tty2 00:00:00 /usr/libexec/gsd-disk-utility-notify
roo 2812 2280 0 14:29 ? 00:00:00 /usr/libexec/tracker-store
roo 2974 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd-metadata
root 313761 86260 0 16:24 pts/0 00:00:00 grep --color=auto 80
9.查看所有的端口信息, 包括 PID 和进程名称
[root@zhan ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 52 zhan:ssh 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 zhan:ssh 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
udp 0 0 zhan:bootpc 192.168.181.254:bootps ESTABLISHED 110886/NetworkManag
#网络管理
#网络管理
###2.2 IP
//语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT:
link:网络接口属性
addr:协议地址
route:路由
//查看网络接口所有地址
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ff
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000link/ether 52:54:00:40:02:68 brd ff:ff:ff:ff:ff:ff
//显示报文统计信息
[root@localhost ~]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00RX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffRX: bytes packets errors dropped missed mcast 45067182 35798 0 0 0 0 TX: bytes packets errors dropped carrier collsns 1488813 15209 0 0 0 0
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000link/ether 52:54:00:40:02:68 brd ff:ff:ff:ff:ff:ffRX: bytes packets errors dropped missed mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0
//启用或禁用网络接口ip link set DEV {up|down}
[root@localhost ~]# ip link set lo down
[root@localhost ~]# ip link set lo up
//ip addr add ADDRESS dev DEV:添加IP地址
[root@localhost ~]# ip addr show eth1
Device "eth1" does not exist.
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1694sec preferred_lft 1694secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.1.1/24 dev eth0
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1751sec preferred_lft 1751secinet 192.168.1.1/24 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
//ip addr del ADDRESS dev DEV:删除IP地址
[root@localhost ~]# ip addr del 192.168.1.1/24 dev eth0
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1554sec preferred_lft 1554secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
//ip addr show DEV:查看网络接口的地址
[root@localhost ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:08:71:10 brd ff:ff:ff:ff:ff:ffinet 192.168.181.159/24 brd 192.168.181.255 scope global dynamic noprefixroute eth0valid_lft 1462sec preferred_lft 1462secinet6 fe80::20c:29ff:fe08:7110/64 scope link noprefixroute valid_lft forever preferred_lft forever
###2.3 route
Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
//查看当前路由表
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//以数字方式显示各主机或端口等相关信息
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.181.2 0.0.0.0 UG 100 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增加路由
//语法:route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If]
[root@localhost ~]# route add -net 172.16.12.0/24 gw 172.16.12.2 dev eth1
[root@localhost ~]# route add -net 0.0.0.0/0 gw 172.16.12.2 dev eth1
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 _gateway 255.255.255.0 UG 0 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//增加主机路由
[root@localhost ~]# route add -host 172.16.12.128 gw 172.16.12.2
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 eth1
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 _gateway 255.255.255.0 UG 0 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.16.12.128 _gateway 255.255.255.255 UGH 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//删除路由
[root@localhost ~]# route del -net 172.16.12.0/24
[root@localhost ~]# route del -net 0.0.0.0/0 gw 172.16.12.2
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
default _gateway 0.0.0.0 UG 101 0 0 eth1
172.16.12.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.16.12.128 _gateway 255.255.255.255 UGH 0 0 0 eth1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
###2.4 hostname与hostnamectl
生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
公有云: 地区-项目-业务-服务-节点-地址
wh-shop-register-nginx-node1-192.168.56.13
wh-med-pay-mysql-master01-192.168.56.11
wh-med-pay-mysql-slave01-192.168.56.12
//hostname查看主机名
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]#
//hostname临时修改主机名
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# hostname zhan
[root@localhost ~]# cat /etc/hostname
localhost.localdomain
[root@localhost ~]# bash
[root@zhan ~]#
//注意:修改主机名后需要重新登录用户才会显示效果
//查看主机信息
[root@zhan ~]# hostnamectlStatic hostname: localhost.localdomain
Transient hostname: zhanIcon name: computer-vmChassis: vmMachine ID: 2d75326ae4474db3b45880970e29710fBoot ID: 49521acf258e4ad99992ffc6629885e7Virtualization: vmwareOperating System: CentOS Stream 8CPE OS Name: cpe:/o:centos:centos:8Kernel: Linux 4.18.0-365.el8.x86_64Architecture: x86-64
[root@zhan ~]#
###3. 网络相关配置文件
###3.1 网络配置文件
//网络配置文件:/etc/sysconfig/network
NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。
HOSTNAME:设置主机名
###3.2 网络接口配置文件
网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
[root@zhan ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
~
~
//网卡配置说明
//参数 说明
BOOTPROTO=none //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
NM_CONTROLLED //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本
//可选值有{ yes | no }
//此项是设定此网卡是否接受NM控制。CentOS6建议设为“no”
TYPE //接口类型。常见的接口类型有:Ethernet,Bridge
UUID //设备的惟一标识
HWADDR //硬件地址,要与硬件中的地址保持一致,可省
IPADDR=172.16.12.130 //固定IP地址
PREFIX=24 //子网掩码
NETMASK=255.255.255.0 //子网掩码
GATEWAY=172.16.12.2 //默认网关
DNS1=172.16.12.2 //第一个DNS服务器指向
DNS2 //第二个DNS服务器指向
DNS3 //第三个DNS服务器指向
DEVICE=eth1 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致
NAME=“eth1” //连接名称
ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }
DEFROUTE=yes //将接口设定为默认路由[yes|no]
USERCTL={yes|no} //是否允许普通用户控制此接口的启用与禁用
PEERDNS={yes|no} //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中
###3.3 路由配置文件
路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
//添加格式一:DEST via NEXTHOP
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33
172.16.12.0/24 via 172.16.12.2
###3.4 DNS配置文件
DNS配置文件的路径是/etc/resolv.conf
[root@zhan ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.181.2
nameserver 172.16.12.2
###4. NetworkManager管理网络
RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。
NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connection-editor
device物理设备, 例如 ens33,enp2s0,virbr0,team0
connection连接设置, 具体网络配置方案
1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接
2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了
使用nmcli命令查看设备以及连接情况
//查看设备状态
[root@zhan ~]# nmcli device
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet connected eth1
virbr0 bridge connected (externally) virbr0
lo loopback unmanaged --
//查看指定设备的详细状态
[root@zhan ~]# nmcli device show eth1
GENERAL.DEVICE: eth1
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:08:71:1A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: eth1
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.16.12.130/24
IP4.GATEWAY: 172.16.12.2
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 172.16.12.2, mt = 101
IP4.ROUTE[2]: dst = 172.16.12.0/24, nh = 0.0.0.0, mt = 101
IP4.ROUTE[3]: dst = 172.16.12.128/32, nh = 172.16.12.2, mt = 0
IP4.DNS[1]: 172.16.12.2
IP6.ADDRESS[1]: fe80::20c:29ff:fe08:711a/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 256
//查看连接状态
[root@zhan ~]# nmcli connection
NAME UUID TYPE DEVICE
eth0 233e5103-03ba-4dbd-8cc3-ef4dbefbb941 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
virbr0 76666f2c-6ae7-45d8-99e6-70d596e4f434 bridge virbr0
//查看所有活动的连接
NAME UUID TYPE DEVICE
eth0 233e5103-03ba-4dbd-8cc3-ef4dbefbb941 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
virbr0 76666f2c-6ae7-45d8-99e6-70d596e4f434 bridge virbr0
//查看指定设备连接的详细情况
[root@zhan ~]# nmcli connection show eth1
connection.id: eth1
connection.uuid: 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: eth1
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0 (default)
connection.auth-retries: -1
connection.timestamp: 1657610060
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
connection.llmnr: -1 (default)
connection.dns-over-tls: -1 (default)
connection.wait-device-timeout: -1
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method: manual
ipv4.dns: 172.16.12.
###6. 网络检测工具与故障排查
6.1 ping
ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况
//ping命令常用选项:
-c 指定ping的次数
-i 指定ping包的发送间隔
-w 如果ping没有回应, 则在指定超时时间后退出
6.2 host与nslookup
host/nslookup命令用于查询DNS记录
[root@localhost ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 182.61.200.6
www.a.shifen.com has address 182.61.200.7
[root@localhost ~]# nslookup www.baidu.com
Server: 192.168.181.2
Address: 192.168.181.2#53Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 182.61.200.7
Name: www.a.shifen.com
Address: 182.61.200.6
###6.3 netstat
netstat用于查看网络状态
//显示路由表
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//以数字方式显示路由表
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.181.2 0.0.0.0 UG 0 0 0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.181.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//显示建立的tcp连接
[root@localhost ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED
tcp 0 168 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED
//显示udp连接
[root@localhost ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 localhost.locald:bootpc 192.168.181.254:bootps ESTABLISHED
//显示监听状态的连接
[root@localhost ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN
//显示监听指定的套接字的进程的进程号及进程名
[root@localhost ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT -
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED 4535/sshd: root [pr
tcp 0 0 localhost.localdo:37794 _gateway:domain TIME_WAIT -
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED 4460/sshd: root [pr
udp 0 0 localhost.locald:bootpc 192.168.181.254:bootps ESTABLISHED 1166/NetworkManager
//显示所有状态的连接
[root@localhost ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN
tcp 0 0 localhost.locald:domain 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdo:37792 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdo:37796 _gateway:domain TIME_WAIT
tcp 0 0 localhost.localdoma:ssh 192.168.181.1:52040 ESTABLISHED
tcp 0 0 localhost.localdo:37794 _gateway:domain TIME_WAIT
tcp 0 52 localhost.localdoma:ssh 192.168.181.1:52039 ESTABLISHED
//常用选项
-antlp
[root@localhost ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1185/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1186/cupsd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1913/dnsmasq
tcp 0 0 192.168.181.159:37796 192.168.181.2:53 TIME_WAIT -
tcp 0 0 192.168.181.159:37798 192.168.181.2:53 TIME_WAIT -
tcp 0 0 192.168.181.159:22 192.168.181.1:52040 ESTABLISHED 4535/sshd: root [pr
tcp 0 0 192.168.181.159:37794 192.168.181.2:53 TIME_WAIT -
tcp 0 52 192.168.181.159:22 192.168.181.1:52039 ESTABLISHED 4460/sshd: root [pr
tcp6 0 0 :::22 :::* LISTEN 1185/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1186/cupsd
tcp6 0 0 :::111 :::* LISTEN 1/systemd
###6.4 ss
ss是一种网络状态查看工具,取代netstat
//语法:ss [options] [ FILTER ]
//常用的options:
-t:tcp协议相关
-u:udp协议相关
-w:裸套接字相关
[root@localhost ~]# ss -w
Recv-Q Send-Q Local Address:Port Peer Address:Port Process
-x:unix套接字相关
[root@localhost ~]# ss -x
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739
u_str ESTAB 0 0 * 48223 * 47875
-l:listen状态的连接
-a:所有
-n:数字格式
-p:相关的程序及pid
[root@localhost ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
UNCONN 0 0 0.0.0.0:111 0.0.0.0:*
UNCONN 0 0 0.0.0.0:5353 0.0.0.0:*
UNCONN 0 0 0.0.0.0:34711 0.0.0.0:*
UNCONN 0 0 192.168.122.1:53 0.0.0.0:* [root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1185,fd=5))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:* [root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:* [root@localhost ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
-e:扩展的信息
[root@localhost ~]# ss -e
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112 -->
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739 <-- ino:12037 dev:0/24
-m:内存用量
[root@localhost ~]# ss -m
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112 skmem:(r0,rb212992,t0,tb425984,f0,w0,o0,bl0,d0)
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739 skmem:(r0,rb212992,t0,tb212992,f0,w0,o0,bl0,d0)
-o:显示计时器信息
[root@localhost ~]# ss -o
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 56081 * 57112
u_str ESTAB 0 0 /run/systemd/journal/stdout 53741 * 53739
u_str ESTAB 0 0 * 48223 * 47875
u_str ESTAB 0 0 * 28832 * 28635
u_str ESTAB 0 0 /run/systemd/journal/stdout 51064 * 52445
u_str ESTAB 0 0 /run/systemd/journal/stdout 50537 * 51248
u_str ESTAB 0 0 /run/dbus/system_bus_socket 28634 * 26899
//常见的FILTER:
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
如:ss -tan state ESTABLISHED
//常见的state:
//tcp finite state machine:有限状态机
LISTENING:监听
ESTABLISHED:已建立的连接
//EXPRESSION:
dport =
sport =
示例:‘( dport = :ssh or sport = :ssh)’,此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格
//常见端口
http 80/tcp
https 443/tcp
ssh 22/tcp
ftp 20,21/tcp
mysql 3306/tcp
rsync 873/rsync
redis 6379/tcp
###作业
1.如何查看系统中每个ip的连接数
[root@zhan ~]# netstat -n
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED
udp 0 0 192.168.181.159:68 192.168.181.254:67 ESTABLISHED
2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
http:80 ftp:20,21 ssh:22 telnet:8080 mysq1:3306 dns:53
3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
[root@zhan network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
4.详细描述dns解析过程,以访问www.baidu.com为例
[root@zhan ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from localhost (182.61.200.6): icmp_seq=1 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=2 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=3 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=4 ttl=128 time=20.7 ms
64 bytes from localhost (182.61.200.6): icmp_seq=5 ttl=128 time=20.6 ms
64 bytes from localhost (182.61.200.6): icmp_seq=6 ttl=128 time=20.6 ms
5.如何查看系统中运行了多少个进程
[root@zhan ~]# ps aux | less
6.如何查看系统中启动了哪些端口
[root@zhan ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=932,fd=4),("systemd",pid=1,fd=211))
LISTEN 0 32 192.168.122.1:53 0.0.0.0:* users:(("dnsmasq",pid=1911,fd=6))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1174,fd=5))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=1176,fd=10))
LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=932,fd=6),("systemd",pid=1,fd=213))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1174,fd=7))
LISTEN 0 5 [::1]:631 [::]:* users:(("cupsd",pid=1176,fd=9))
7.如何查看是否开启80端口,及查看sshd进程是否存在
[root@zhan ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1911/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1174/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1176/cupsd
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1174/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1176/cupsd
8.列出所有处于监听状态的tcp端口
[root@zhan ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1911/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1174/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1176/cupsd
tcp 0 52 192.168.181.159:22 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 192.168.181.159:22 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1174/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1176/cupsd
[root@zhan ~]# ps -ef | grep 80
root 806 1 0 14:28 ? 00:00:00 vmware-vmblock-fuse /run/vmblock-fuse -o rw,subtype=vmware-vmblock,default_permissions,allow_other,dev,suid
roo 2280 1 0 14:29 ? 00:00:00 /usr/lib/systemd/systemd --user
roo 2283 2280 0 14:29 ? 00:00:00 (sd-pam)
roo 2292 2280 0 14:29 ? 00:00:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal
roo 2316 2280 0 14:29 ? 00:00:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
roo 2402 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd
roo 2417 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
roo 2452 2280 0 14:29 ? 00:00:00 /usr/libexec/at-spi-bus-launcher
roo 2466 2280 0 14:29 ? 00:00:00 /usr/libexec/at-spi2-registryd --use-gnome-session
roo 2517 2280 0 14:29 ? 00:00:00 /usr/libexec/ibus-portal
roo 2524 2280 0 14:29 ? 00:00:00 /usr/libexec/xdg-permission-store
roo 2530 2280 0 14:29 ? 00:00:00 /usr/libexec/gnome-shell-calendar-server
roo 2538 2280 0 14:29 ? 00:00:00 /usr/libexec/dconf-service
roo 2544 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-udisks2-volume-monitor
roo 2554 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-mtp-volume-monitor
roo 2561 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-gphoto2-volume-monitor
roo 2562 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-source-registry
roo 2566 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-afc-volume-monitor
roo 2571 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfs-goa-volume-monitor
roo 2578 2280 0 14:29 ? 00:00:00 /usr/libexec/goa-daemon
roo 2588 2280 0 14:29 ? 00:00:00 /usr/libexec/goa-identity-service
roo 2624 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-calendar-factory
roo 2743 2280 0 14:29 ? 00:00:00 /usr/libexec/evolution-addressbook-factory
roo 2801 2321 0 14:29 tty2 00:00:00 /usr/libexec/gsd-disk-utility-notify
roo 2812 2280 0 14:29 ? 00:00:00 /usr/libexec/tracker-store
roo 2974 2280 0 14:29 ? 00:00:00 /usr/libexec/gvfsd-metadata
root 313761 86260 0 16:24 pts/0 00:00:00 grep --color=auto 80
9.查看所有的端口信息, 包括 PID 和进程名称
[root@zhan ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 52 zhan:ssh 192.168.181.1:55945 ESTABLISHED 3004/sshd: root [pr
tcp 0 0 zhan:ssh 192.168.181.1:60347 ESTABLISHED 13068/sshd: root [p
udp 0 0 zhan:bootpc 192.168.181.254:bootps ESTABLISHED 110886/NetworkManag