第十三章 Linux网络管理

Soul_2016
321 阅读23分钟

@[TOC](第十三章 Linux网络管理)

实验⼀:主机间夸⽹络通信

⽬的

掌握主机间夸网络通信的配置,包括ip地址的配置、网关路由的配置等信息。

前提

4台虚拟机,连接物理网络。

环境:

1、所有主机是干净的系统。
2、关闭所有主机的防火墙。
3、关闭所有主机的selinux。 

1、先关闭SElinux (master和slave负载均衡机都要做)
vim /etc/sysconfig/selinux
SELINUX=disabled

2、关闭防火墙
CentOS7:
systemctl stop firewalld 		#临时关闭
systemctl disable firewalld 	#禁止开机启动
CentOS6:(还要关闭NetworkManager)
service iptables stop	 	#临时关闭
chkconfig iptables off	 	#禁止开机启动
service NetworkManager stop
chkconfig NetworkManager off



3、ntpdate time1.aliyun.com 主机时间同步

在这里插入图片描述

网卡的配置文件。老师用的是别名,如无设置,请输入绝对路径。vie1,同理,命令行只改eth1。

在这里插入图片描述

拓扑结构

实验:
A--VMnet1仅主机--eht0 R1 eht1--NET模式--eht1 R2 eht0--桥接模式--B

A:192.168.36.123/24 GATEWAY:192.168.36.200

R1:
eth0	192.168.36.200/24
eth1	10.0.0.200/8
route add -net 172.22.0.0/16 gw 10.0.0.201
echo 1 > /proc/sys/net/ipv4/ip_forward

R2:
eth0	10.0.0.201/8
eth1	172.22.0.201/16
route add -net 192.168.36.0/24 gw 10.0.0.200
echo 1 > /proc/sys/net/ipv4/ip_forward

B:172.22.0.123/16 GATEWAY:172.22.0.201

实验虚拟机设置

在这里插入图片描述

主机分配情况。

主机A的配置

在这里插入图片描述

#⽹卡
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:07:f7:8f brd ff:ff:ff:ff:ff:ff
    inet 192.168.36.123/24 brd 192.168.36.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe07:f78f/64 scope link 
       valid_lft forever preferred_lft forever

#⽹卡的配置⽂件
[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eht0 
BOOTPROTO=static
NAME=ens0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.36.123
GATEWAY=192.168.36.200
PREFIX=24

A主机ping主机Router1,可以通。

主机Router1的配置

第⼀块⽹卡 在这里插入图片描述 第⼆块⽹卡 在这里插入图片描述

在这里插入图片描述

[root@centos6R1 ~]# cd /etc/sysconfig/network-scripts/
#⽹卡⼀配置⽂件的内容
[root@centos6R1 network-scripts]# cat ifcfg-eth0
BOOTPROTO=static
DEVICE=eth0
NAME=eth0
ONBOOT=yes
IPADDR=192.168.36.200
PREFIX=24

#⽹卡⼆配置⽂件的内容
[root@centos6R1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
IPADDR=10.0.0.200
PREFIX=8

#重启网络
systemctl restart network

如果报错如下【点此查看

Bringing up interface eth1:  Error: Connection activation failed: The connection is not for this device.
                                                           [FAILED]

#Router1主机ping主机A,可以通
[root@centos6R1 ~]# ping 192.168.36.123 -c 2

#查看路由信息
[root@centos6R1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.36.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1

#添加路由
[root@centos6R1 ~]# route add -net 172.22.0.0/16 gw 10.0.0.201
#已经查到了、刚刚添加的路由信息
[root@centos6R1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.36.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
172.22.0.0      10.0.0.201      255.255.0.0     UG    0      0        0 eth1
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1


#开启地址转发功能
[root@centos6R1 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@centos6R1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

主机Router2的配置

#网卡1(NET模式)
[root@centos6R2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
NAME="System eth0"
IPADDR=172.22.0.201
PREFIX=16
#网卡2(桥接模式)
[root@centos6R2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
IPADDR=10.0.0.201
PREFIX=8

#添加路由
[root@centos6R2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
172.22.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1
[root@centos6R2 ~]# route add -net 192.168.36.0/24 gw 10.0.0.200
[root@centos6R2 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.36.0    10.0.0.200      255.255.255.0   UG    0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
172.22.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth1

开启地址转发功能

[root@centos6R2 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@centos6R2 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@centos6R2 ~]# cat /proc/sys/net/ipv4/ip_forward
1

主机B的配置

#网卡(桥接模式)
[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eht0 
BOOTPROTO=static
NAME=ens0
DEVICE=eth0
ONBOOT=yes
IPADDR=172.22.0.123
GATEWAY=172.22.0.201
PREFIX=16

#ping测试
[root@centos7 ~]# ping 172.22.0.201 -c 2
PING 172.22.0.201 (172.22.0.201) 56(84) bytes of data.
64 bytes from 172.22.0.201: icmp_seq=1 ttl=64 time=0.279 ms
64 bytes from 172.22.0.201: icmp_seq=2 ttl=64 time=0.367 ms

--- 172.22.0.201 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.279/0.323/0.367/0.044 ms

四台主机配置完毕,开始测试

主机A,ping主机B,成功。

[root@centos7 ~]# ping 172.22.0.123 -c 2
PING 172.22.0.123 (172.22.0.123) 56(84) bytes of data.
64 bytes from 172.22.0.123: icmp_seq=1 ttl=62 time=0.916 ms
64 bytes from 172.22.0.123: icmp_seq=2 ttl=62 time=1.08 ms

--- 172.22.0.123 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.916/1.002/1.088/0.086 ms

#查看路由路径
[root@centos7 ~]# traceroute 172.22.0.123
traceroute to 172.22.0.123 (172.22.0.123), 30 hops max, 60 byte packets
 1  gateway (192.168.36.200)  0.314 ms  0.219 ms  0.167 ms
 2  10.0.0.201 (10.0.0.201)  0.525 ms  0.497 ms  0.446 ms
 3  172.22.0.123 (172.22.0.123)  0.958 ms  0.920 ms  0.914 ms

#mtr查看路径,效果
[root@centos7 ~]# mtr 172.22.0.123

在这里插入图片描述

实验⼆:配置centos6系统的⽹络

⽬的:

掌握在centos6系统上配置ip、dns、主机名、修改网卡名称、配置路由、查看网络状态等。

前提

可用虚拟机centos6.9系统,连接物理网络。

步骤:

1、hostname命令:修改主机名,临时有效

【例1】修改主机名为node1

[root@magedu ~]# hostname node1

验证临时⽣效:

[root@magedu ~]# exec bash
[root@node1 ~]#

2、通过配置⽂件修改主机名,重启永久⽣效

【例2】编辑⽂件/etc/sysconfig/network,修改主机名为magedu

[root@node1 ~]# cat /etc/sysconfig/network
HOSTNAME=magedu

3、设置本地解析器/etc/hosts,在使⽤dns前检查

【例3】添加本机地址为172.18.119.74解析映射为magedu.com,172.18.0.1映射为server.com

[root@node1 ~]# vim /etc/hosts
172.18.119.74 magedu.com
172.18.0.1 server.com

4、ifconfig命令:显⽰或配置⽹卡的ip地址

【例4】查看本机的ip地址

[root@magedu ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.36.123  netmask 255.255.255.0  broadcast 192.168.36.255
        inet6 fe80::20c:29ff:fe07:f78f  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:07:f7:8f  txqueuelen 1000  (Ethernet)
        RX packets 2291  bytes 190405 (185.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2168  bytes 238727 (233.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 144  bytes 14864 (14.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144  bytes 14864 (14.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:fd:6c:1b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

【例5】配置eth1⽹卡地址为1.1.1.1/24

[root@magedu ~]# ifconfig eth1 1.1.1.1/24 up

或:

[root@magedu ~]# ifconfig eth1 1.1.1.1 netmask 255.255.255.0

查看eth1⽹卡地址:

[root@magedu ~]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0C:29:E8:7D:C5  
          inet addr:1.1.1.1  Bcast:1.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fee8:7dc5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:652 errors:0 dropped:0 overruns:0 frame:0
          TX packets:667 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:64467 (62.9 KiB)  TX bytes:56436 (55.1 KiB)

【例6】禁⽤eth1⽹卡

[root@magedu ~]# ifconfig eth1 down

查看⽹卡eth1:

[root@magedu ~]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0C:29:E8:7D:C5  
          inet addr:1.1.1.1  Bcast:1.1.1.255  Mask:255.255.255.0
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:652 errors:0 dropped:0 overruns:0 frame:0
          TX packets:667 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:64467 (62.9 KiB)  TX bytes:56436 (55.1 KiB)

【例7】激活eth1⽹卡

[root@magedu ~]# ifconfig eth1 up

查看⽹卡eth1:

[root@magedu ~]# ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:0C:29:E8:7D:C5  
          inet addr:1.1.1.1  Bcast:1.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fee8:7dc5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:652 errors:0 dropped:0 overruns:0 frame:0
          TX packets:672 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:64467 (62.9 KiB)  TX bytes:56874 (55.5 KiB)

【例8】配置eth1的⽹卡别名为eth1:0,ip为10.0.0.100

[root@magedu ~]# ifconfig eth1:0 10.0.0.100/24 up

查看:

[root@magedu ~]# ifconfig
eth1:0 		Link encap:Ethernet HWaddr 00:0C:29:C2:73:B3 
 			inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
 			UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

5、route命令:查看、添加、删除路由

【例9】查看路由表

[root@magedu ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.130.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
172.18.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
0.0.0.0 172.18.0.1 0.0.0.0 UG 0 0 0 eth0

【例10】添加到1.1.1.1的主机路由,下⼀跳为172.18.0.1

[root@magedu ~]# route add -host 1.1.1.1 gw 172.18.0.1
[root@magedu ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
1.1.1.1 172.18.0.1 255.255.255.255 UGH 0 0 0 eth0

【例11】删除主机路由1.1.1.1

[root@magedu ~]# route del -host 1.1.1.1

【例12】添加到1.1.1.0/24的⽹络路由,下⼀跳为172.18.0.1

[root@magedu ~]# route add -net 1.1.1.0/24 gw 172.18.0.1 dev eth0

或:

[root@magedu ~]# route add -net 1.1.1.0 netmask 255.255.255.0 gw 172.18.0.1 dev eth0

查看路由:

[root@magedu ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.130.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1
1.1.1.0         172.18.0.1      255.255.255.0   UG    0      0        0 eth0

【例13】添加默认路由

[root@magedu ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.18.0.1

或;

[root@magedu ~]# route add default gw 172.18.0.1

6、ip命令:可配置⽹卡启⽤或禁⽤、设置ip地址、设置路由

【例14】禁⽤ens38⽹卡

[root@magedu ~]# ip link set dev ens38 down

【例15】查看eth1⽹卡的状态

[root@magedu ~]# ip link show dev eth1
6: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group
default qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff

【例16】启⽤eth1⽹卡

[root@magedu ~]# ip link set dev eth1 up

查看状态:

[root@magedu ~]# ip link show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT
group default qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff

【例17】显⽰所有⽹卡状态信息

[root@magedu ~]# ip link show 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group
default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT
group default qlen 1000
 link/ether 00:0c:29:69:08:b6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT
group default qlen 1000
 link/ether 00:0c:29:69:08:c0 brd ff:ff:ff:ff:ff:ff
...

【例18】删除⽹卡eth1上的地址1.1.1.1/8

[root@magedu ~]# ip addr del 1.1.1.1/8 dev eth1

查看:

[root@magedu ~]# ip addr show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff
 inet6 fe80::20c:29ff:fe69:8ca/64 scope link 
 valid_lft forever preferred_lft forever

【例19】添加⽹卡eth1上的地址3.3.3.3/24

[root@magedu ~]# ip addr add 3.3.3.3/24 dev eth1

【例20】查看⽹卡eth1上的ip地址

[root@magedu ~]# ip add show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff
 inet 3.3.3.3/24 scope global eth1
 valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fe69:8ca/64 scope link 
 valid_lft forever preferred_lft forever

【例21】配置eth1⽹卡别名为ens38:0,地址为4.4.4.4/24

[root@magedu ~]# ip addr add 4.4.4.4/24 dev eth1 label eth1:0

查看:

[root@magedu ~]# ip add show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff
 inet 3.3.3.3/24 scope global eth1
 valid_lft forever preferred_lft forever
 inet 4.4.4.4/24 scope global eth1:0
 valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fe69:8ca/64 scope link 
 valid_lft forever preferred_lft forever

【例22】删除eth1⽹卡别名为eth1:0

[root@magedu ~]# ip addr flush dev eth1 label eth1:0

查看:

[root@magedu ~]# ip add show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff
 inet 3.3.3.3/24 scope global eth1
 valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fe69:8ca/64 scope link 
 valid_lft forever preferred_lft foreve

【例23】删除eth1⽹卡上的使⽤ip地址

[root@magedu ~]# ip addr flush dev eth1

查看:

[root@magedu ~]# ip add show dev eth1
6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
qlen 1000
 link/ether 00:0c:29:69:08:ca brd ff:ff:ff:ff:ff:ff

【例24】查看路由表

[root@magedu ~]# ip route show


[root@magedu ~]# ip route list
default via 172.18.0.1 dev eth0 proto dhcp metric 100 
default via 192.168.130.2 dev eth1 proto dhcp metric 101 
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.118.87 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
192.168.130.0/24 dev eth1 proto kernel scope link src 192.168.130.130 metric 101

【例25】添加主机路由192.168.1.13

[root@magedu ~]# ip route add 192.168.1.13 via 172.18.0.1

查看:

[root@magedu ~]# ip route show
default via 172.18.0.1 dev eth0 proto dhcp metric 100 
default via 192.168.130.2 dev eth1 proto dhcp metric 101 
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.118.87 metric 100 
192.168.1.13 via 172.18.0.1 dev eth0 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
192.168.130.0/24 dev eth1 proto kernel scope link src 192.168.130.130 metric 101

【例26】添加⽹络路由192.168.0.0/24

[root@magedu ~]# ip route add 192.168.0.0/24 via 172.18.0.1

查看:

[root@magedu ~]# ip route show
default via 172.18.0.1 dev eth0 proto dhcp metric 100 
default via 192.168.130.2 dev eth1 proto dhcp metric 101 
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.118.87 metric 100 
192.168.0.0/24 via 172.18.0.1 dev eth0 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
192.168.130.0/24 dev eth1 proto kernel scope link src 192.168.130.130 metric 101

【例27】添加默认⽹关

[root@magedu ~]# ip route add default via 172.18.0.1

或:

[root@magedu ~]# ip route add default via 172.18.0.1 dev eth0

【例28】删除路由

[root@magedu ~]# ip route del default via 172.18.0.1

【例29】清空⽹卡eth1上的路由

[root@magedu ~]# ip route flush dev eth1

7、编辑⽹卡配置⽂件,⼀次性设定ip、掩码、dns、⽹关,使其重启永久⽣效

【例30】编辑⽹卡eth0的配置⽂件,设置ip为192.168.0.2,掩码为255.255.255.0,⽹关为172.18.0.1,dns为 8.8.8.8

[root@magedu ~]# cd /etc/sysconfig/network-scripts/
[root@magedu ~]# vim ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
HWADDR=00:0C:29:6A:28:CA
IPADDR=192.168.0.2
NETMASK=255.255.0.0
DNS1=8.8.8.8
GATEWAY=172.18.0.1

8、通过修改dns配置⽂件,设置dns服务器的ip地址 【例31】配置dns⽂件,地址为172.18.0.1,重启永久⽣效

[root@magedu ~]# vim /etc/resolv.conf
nameserver 172.18.0.1

9、netstat命令:显⽰⽹络连接

【例32】查看tcp协议,⽤数⼦显⽰ip和端⼝,所有状态⽹络连接

[root@magedu ~]# netstat -tan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:52961               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN

【例33】查看udp协议,⽤数⼦显⽰ip和端⼝,所有状态⽹络连接

[root@magedu ~]# netstat -uan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
udp        0      0 0.0.0.0:70               	0.0.0.0:*

【例34】查看tcp协议,⽤数⼦显⽰ip和端⼝,所有处于监听状态⽹络连接

[root@magedu ~]# netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 0.0.0.0:52961               0.0.0.0:*                   LISTEN

【例35】查看udp协议,⽤数⼦显⽰ip和端⼝,所有处于监听状态⽹络连接

[root@magedu ~]# netstat -unl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
udp        0      0 127.0.0.1:703               0.0.0.0:*       
...

【例36】显⽰所有接⼝统计数据

[root@magedu ~]# netstat -i 
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     2899      0      0      0     2079      0      0      0 BMRU
eth1       1500   0      666      0      0      0      674      0      0      0 BMRU
lo        65536   0      120      0      0      0      120      0      0      0 LRU

【例37】显⽰eth0接⼝是流量数据

[root@magedu ~]# netstat -I=eth0
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500   0     2919      0      0      0     2096      0      0      0 BMRU

此命令等价于 ifconfig -s eth0

10、ss命令:显⽰套接字的⼯具

【例38】显⽰所有tcp协议相关的套接字,以数⼦⽅式显⽰

[root@magedu ~]# ss -tan
State       Recv-Q Send-Q         Local Address:Port           Peer Address:Port 
LISTEN      0      128                        *:52961                     *:*     
...

【例39】显⽰所有tcp协议处于监听状态的套接字,以数⼦⽅式显⽰

[root@magedu ~]# ss -tanl
State       Recv-Q Send-Q         Local Address:Port           Peer Address:Port 
LISTEN      0      128                        *:52961                     *:*    
...

【例40】所有tcp协议处于监听状态的套接字,以数⼦⽅式显⽰,并显⽰相关程序和pid

[root@magedu ~]# ss -tanlp
State       Recv-Q Send-Q         Local Address:Port           Peer Address:Port 
LISTEN      0      128                        *:52961                     *:*      users:(("rpc.statd",1789,8))
...

【例41】显⽰所有tudp协议相关的套接字,以数⼦⽅式显⽰ [root@magedu ~]# ss -uan State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:68 :

11、bonding配置

【例42】把eth0和eth1进⾏⽹卡绑定绑定同⼀IP地址对外提供服务,可以实现⾼可⽤或者负载均衡。 前提:关闭NetworkManager服务

[root@magedu ~]# service NetworkManager stop

配置bond0⽂件:

[root@magedu ~]# vim /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
BONDING_OPTS="miimon=100 mode=1"
IPADDR=1.1.1.1
NETMASK=255.255.255.0

配置⽹卡⽂件

[root@magedu ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

添加内容:

DEVICE=eth0
HWADDR=00:50:56:3d:28:04
TYPE=Ethernet
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@magedu ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
EVICE=eth1
HWADDR=00:50:56:37:2b:03
TYPE=Ethernet
ONBOOT=yes
MASTER=bond0
SLAVE=yes

重启⽹络服务

[root@magedu ~]# service network restart

查看bond信息

[root@magedu ~]# cat /proc/net/bonding/bond0

查看bond模式

[root@magedu ~]# cat /sys/class/net/bond0/bonding/mode

实验三:配置centos7系统的⽹络

⽬的:

掌握在centos7系统上配置ip、dns、主机名、修改网卡名称、配置路由、查看网络状态等。

前提

可用虚拟机linux系统,连接网络。

命令介绍:

1、hostnamectl命令设置主机名,永久⽣效

【例1】修改主机名为node1

[root@magedu ~]#hostnamectl set-hostname node1

查看主机名:

[root@magedu ~]# hostname

或:

[root@magedu ~]# hostnamectl status

此⽅法设置主机名后永久⽣效,其实际修改的配置⽂件是/etc/hostname,若删除该⽂件,恢复默认主机名为 localhost.localdomain。

2、nmcli命令

【例2】查看⽹卡信息

[root@magedu ~]# nmcli
ens33: connected to ens33
 	"Intel 82545EM Gigabit Ethernet Controller (Copper) (PRO/1000 MT Single Port
Adapter)"
 	ethernet (e1000), 00:0C:29:69:08:B6, hw, mtu 1500
 	ip4 default
 	inet4 172.18.118.87/16
 	route4 0.0.0.0/0
 	route4 172.18.0.0/16
 	inet6 fe80::20c:29ff:fe69:8b6/64
 	route6 ff00::/8
 	route6 fe80::/64
...

注意:ens33: connected to ens33这句显⽰的意义,第⼀个ens33表⽰⽹卡的设备名称,第⼆个ens33表⽰使⽤的配置 ⽂件名称。

【例3】可通过命令查看使⽤的⽹卡配置⽂件信息如下:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVICE 
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33 
virbr0 d3cf5ef7-3e68-4272-8db4-8df418774ad8 bridge virbr0 
ens34 631d3c53-1f8f-4e9b-be82-b4308e83b859 ethernet -- 
ens35 330979d5-87ac-45fa-9d29-b6ffa0900c76 ethernet --

也就是说,⼀个⽹卡创建多个配置不同的⽹络属性即多个配置名称,使⽤哪个配置名称就连接到该配置名称即可。 此命令 也可缩写为:

[root@magedu ~]# ncmli c s

【例4】查看⽹卡设备信息

[root@magedu ~]# nmcli device 
DEVICE      TYPE      STATE      	CONNECTION 
ens33       ethernet  connected  	eth0       
virbr0      bridge    connected  	virbr0     
ens34 		ethernet  disconnected 	-- 
ens35 		ethernet  disconnected 	-- 
lo 			loopback  unmanaged 	-- 
virbr0-nic 	tun  	  unmanaged 	--

此命令也可缩写为:

[root@magedu ~]# nmcli d

【例5】禁⽤ens34⽹卡设备 禁⽤前,查看ens34⽹卡正常:

[root@magedu ~]# ip address show ens34
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
 link/ether 00:0c:29:69:08:c0 brd ff:ff:ff:ff:ff:ff
 inet 192.168.130.130/24 brd 192.168.130.255 scope global noprefixroute dynamic ens34
 valid_lft 1299sec preferred_lft 1299sec
 inet6 fe80::b926:d6d6:2b39:12ff/64 scope link noprefixroute 
 valid_lft forever preferred_lft forever

禁⽤ens34⽹卡:

[root@magedu ~]# nmcli device disconnect ens34
Device 'ens34' successfully disconnected.

注意:此命令等价于:

[root@magedu ~]# ifdown ens34

验证是否禁⽤了ens34⽹卡:

[root@magedu ~]# ip address show ens34
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group
default qlen 1000
 link/ether 00:0c:29:69:08:c0 brd ff:ff:ff:ff:ff:ff

【例6】启⽤ens34⽹卡

[root@magedu ~]# nmcli device connect ens34
Device 'ens34' successfully activated with '631d3c53-1f8f-4e9b-be82-b4308e83b859'.

【例7】给ens34⽹卡增加⼀个配置名称为zhangsan

[root@magedu ~]# nmcli connection add con-name zhangsan type ethernet ifname ens34
Connection 'zhangsan' (e3e9c2f7-15fa-4d47-add4-c6667b0dbc33) successfully added.

查看⽹卡使⽤的配置名称:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVICE 
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33 
ens34 631d3c53-1f8f-4e9b-be82-b4308e83b859 ethernet ens34 
ens35 330979d5-87ac-45fa-9d29-b6ffa0900c76 ethernet ens35 
virbr0 d3cf5ef7-3e68-4272-8db4-8df418774ad8 bridge virbr0 
zhangsan e3e9c2f7-15fa-4d47-add4-c6667b0dbc33 ethernet --

此时,会⾃动创建⼀个⽹卡配置⽂件名为ifcfg-zhangsan:

[root@magedu ~]# ls /etc/sysconfig/network-scripts/

会看到的其中有⼀个⽂件名为:ifcfg-zhangsan。 【例8】切换⽹卡配置,使⽤配置名称为zhangsan的⽹卡配置

[root@magedu ~]# nmcli connection up zhangsan
Connection successfully activated (D-Bus active path:
/org/freedesktop/NetworkManager/ActiveConnection/42)

查看⽹卡使⽤的配置名称:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVICE 
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33 
virbr0 d3cf5ef7-3e68-4272-8db4-8df418774ad8 bridge virbr0 
zhangsan e3e9c2f7-15fa-4d47-add4-c6667b0dbc33 ethernet ens34 
ens34 631d3c53-1f8f-4e9b-be82-b4308e83b859 ethernet --
ens35 330979d5-87ac-45fa-9d29-b6ffa0900c76 ethernet --

【例9】把⽹卡的配置名称zhangsan修改为ens33-office 修改前查看:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVICE 
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33 
virbr0 f470a79b-022b-4b48-a4c8-eb506b72465b bridge virbr0 
zhangsan e3e9c2f7-15fa-4d47-add4-c6667b0dbc33 ethernet ens34 
ens34 631d3c53-1f8f-4e9b-be82-b4308e83b859 ethernet -- 
ens35 330979d5-87ac-45fa-9d29-b6ffa0900c76 ethernet --

修改:

[root@magedu ~]# nmcli connection modify zhangsan connection.id ens34-office

修改后查看:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVI
ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens3
ens34-office e3e9c2f7-15fa-4d47-add4-c6667b0dbc33 ethernet ens3
virbr0 f470a79b-022b-4b48-a4c8-eb506b72465b bridge virb
ens34 631d3c53-1f8f-4e9b-be82-b4308e83b859 ethernet -- 
ens35 330979d5-87ac-45fa-9d29-b6ffa0900c76 ethernet --

【例10】⼿动设定⽹卡配置名称为ens34-office的相关信息:ip地址为1.1.1.1/24,⽹关为1.1.1.254,dns为8.8.8.8 设定前查看:

[root@magedu ~]# nmcli connection show ens34-office

或:

[root@magedu ~]# ip address show ens34
[root@magedu ~]# nmcli connection modify ens34-office ipv4.method manual ipv4.addresses
1.1.1.1/24 ipv4.gateway 1.1.1.254 ipv4.dns 8.8.8.8

使其⽣效:

[root@magedu ~]# nmcli connection up ens34-office

注意:因为现在正在使⽤的是就是ens34-office这个⽹卡的配置名称,所以设定后,要重新up使其⽣效。 设定后查看:

[root@magedu ~]# ip a s ens34

【例11】修改⽹卡配置名称ens34-office中ip地址为9.9.9.9/24

[root@magedu ~]# nmcli connection modify ens34-office ipv4.addresses 9.9.9.9/24

使其⽣效:

[root@magedu ~]# nmcli connection up ens34-office

【例12】给⽹卡配置名称ens34-office中添加多个ip地址

[root@magedu ~]# nmcli connection modify ens34-office +ipv4.addresses 2.2.2.2/24
[root@magedu ~]# nmcli connection modify ens34-office +ipv4.addresses 3.3.3.3/24

使其⽣效:

[root@magedu ~]# nmcli connection up ens34-office

查看:

[root@magedu ~]# nmcli connection show ens34-office

或:

[root@magedu ~]# ip a s ens34

【例13】从⽹卡配置名称ens34-office中删除ip地址2.2.2.2/24

[root@magedu ~]# nmcli connection modify ens34-office -ipv4.addresses 2.2.2.2/24

【例14】删除⽹卡的⼀个配置名称即删除⽹卡的⼀个配置⽂件

[root@magedu ~]# nmcli connection delete ens34-office

【例15】使⽤nmcli命令实现把ens35和ens36⽹卡进⾏bonding,ip地址为1.1.1.1/24 第⼀步:添加bonding接⼝,配置名为bond0,接⼝名为bond0,使⽤主备模式:

[root@magedu ~]# nmcli connection add type bond con-name bond0 ifname bond0 mode activebackup

查看:

[root@magedu ~]# nmcli connection show
NAME UUID TYPE DEVICE 
bond0 b062dc15-b61f-44e4-9acb-66c6358124e6 bond bond0

第⼆步:给配置名为bond0⼿动添加ip地址1.1.1.1/24:

[root@magedu ~]# nmcli connection modify bond0 ipv4.method manual ipv4.addresses 1.1.1.1/24

查看:

[root@magedu ~]# nmcli connection show

或:

[root@magedu ~]# ip a s bond0

第三步:启⽤bond0:

[root@magedu ~]# nmcli connection up bond0

第四步:分别把ens35和ens36物理⽹卡作为slave添加到bond0上 配置前查看:

[root@magedu ~]# cat /proc/net/bonding/bond0
[root@magedu ~]# nmcli connection add type bond-slave ifname ens35 con-name bond-slaveens35 master bond0
[root@magedu ~]# nmcli connection add type bond-slave ifname ens36 con-name bond-slaveens36 master bond0

配置后查看:

[root@magedu ~]# nmcli connection show

或:

[root@magedu ~]# cat /proc/net/bonding/bond0

【例15】禁⽤bond0

[root@magedu ~]# nmcli connection down bond0

如果不使⽤bond可删除相关配置:

[root@magedu ~]# nmcli connection delete bond0
[root@magedu ~]# nmcli connection delete bond-slave-ens35

【例16】使⽤nmcli命令创建⽹络组,把ens35和ens36⽹卡添加进⼊⽹络组中 创建物理组team0:⽹络组配置名称为 team0,接⼝名称为team0,使⽤负载均衡模式

[root@magedu ~]# nmcli connection add type team con-name team0 ifname team0 config
'{"runner":{"name":"loadbalance"}}'

把⽹卡ens35和ens36添加到⽹络组team0中:

[root@magedu ~]# nmcli connection add type team-slave con-name team0-slave-ens35 ifname
ens35 master team0
[root@magedu ~]# nmcli connection add type team-slave con-name team0-slave-ens36 ifname
ens36 master team0

给team0⽹络组添加ip地址:

[root@magedu ~]# nmcli connection modify team0 ipv4.method manual ipv4.addresses 1.1.1.1/24

启⽤team0:

[root@magedu ~]# nmcli connection up team0

查看:

[root@magedu ~]# nmcli connection show

或:

[root@magedu ~]# ip a s team0

查看⽹络组状态:

[root@magedu ~]# teamdctl team0 state

【例17】修改⽹络组team0的⼯作模式为主备

[root@magedu ~]# nmcli connection modify team0 team.config '{"runner":
{"name":"activebackup"}}'
[root@magedu ~]# nmcli connection up team0

查看:

[root@magedu ~]# nmcli connection show team0
[root@magedu ~]# teamdctl team0 state

【例18】关闭⽹络组team0

[root@magedu ~]# nmcli connection down team0

【例19】创建虚拟交换机(也称软件⽹桥)

查看:

[root@magedu ~]# nmcli device status

创建⽹桥接⼝名称为br0,配置名称为br0:

[root@magedu ~]# nmcli connection add type bridge con-name br0 ifname br0

把ens35⽹卡桥接到br0上:

[root@magedu ~]# nmcli connection add type bridge-slave con-name br0-ens35 ifname ens35
master br0

给br0添加ip地址1.1.1.1/24:

[root@magedu ~]# nmcli connection modify br0 ipv4.method manual ipv4.addresses 1.1.1.1/24

启⽤br0接⼝:

[root@magedu ~]# nmcli connection up br0

查看:

[root@magedu ~]# brctl show
[root@magedu ~]# nmcli connection show

【例20】从br0⽹桥中删除ens35接⼝

[root@magedu ~]# brctl delif br0 ens35

实验四:测试⽹络

⽬的:

掌握网络连通性、路由跟踪测试、抓包等。

前提

可用虚拟机centos7.5系统,连接网络。

命令介绍:

1、ping命令设置测试⽹络连通性

【例1】测试连接172.18.0.1的连通性

[root@magedu ~]# ping 172.18.0.1
PING 172.18.0.1 (172.18.0.1) 56(84) bytes of data.
64 bytes from 172.18.0.1: icmp_seq=1 ttl=64 time=0.359 ms
64 bytes from 172.18.0.1: icmp_seq=2 ttl=64 time=0.229 ms
64 bytes from 172.18.0.1: icmp_seq=3 ttl=64 time=0.461 ms
....

2、traceroute命令测试路由

【例2】测试百度的路由

[root@magedu ~]# traceroute www.baidu.com
traceroute to www.baidu.com (61.135.169.121), 30 hops max, 60 byte packets
 1 gateway (172.18.0.1) 0.210 ms 0.141 ms 0.154 ms
 2 192.168.0.1 (192.168.0.1) 0.476 ms 0.528 ms 0.843 ms
 3 111.196.56.1 (111.196.56.1) 95.256 ms 95.214 ms 95.148 ms
 4 123.126.25.233 (123.126.25.233) 51.826 ms 51.705 ms 51.607 ms
 5 61.148.4.213 (61.148.4.213) 56.130 ms bt-230-081.bta.net.cn (202.106.230.81) 55.733
ms 202.106.36.145 (202.106.36.145) 62.081 ms
 6 123.126.9.118 (123.126.9.118) 147.779 ms 61.148.147.254 (61.148.147.254) 78.618 ms
61.148.146.170 (61.148.146.170) 82.177 ms
 7 * 123.125.248.126 (123.125.248.126) 78.309 ms *
 8 * * *
...

3、tracepath命令测试路由

【例3】测试百度的路由

[root@magedu ~]# tracepath www.baidu.com
 1?: [LOCALHOST] pmtu 1500
 1: gateway 0.388ms 
 1: gateway 0.589ms 
 2: 192.168.0.1 1.107ms 
 3: 192.168.0.1 1.276ms pmtu 1480
 3: 111.196.56.1 62.967ms 
 4: 123.126.25.233 63.747ms asymm 5 
 5: 202.106.36.145 89.912ms 
 6: 124.65.59.114 150.413ms 
 7: 123.125.248.90 105.149ms 
 8: no reply
...
30: no reply
 Too many hops: pmtu 1480
 Resume: pmtu 1480

4、tcpdump命令抓包测试**

【例4】在ens33接⼝上抓icmp协议的数据包

[root@magedu ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
04:44:23.609524 IP 172.18.118.87 > 172.18.0.1: ICMP echo request, id 13039, seq 5, length
64
04:44:23.609836 IP 172.18.0.1 > 172.18.118.87: ICMP echo reply, id 13039, seq 5, length 64
04:44:24.610624 IP 172.18.118.87 > 172.18.0.1: ICMP echo request, id 13039, seq 6, length
64
04:44:24.610882 IP 172.18.0.1 > 172.18.118.87: ICMP echo reply, id 13039, seq 6, length 64
avatar
文章
阅读
粉丝