网络基础管理
文章目录
1. 网卡命名
1.1 传统网卡命名机制
传统命名:
以太网eth[0,1,2,...]
wlan[0,1,2,...]
1.2 redhat7网卡命名机制
systemd对网络设备的命名方式:
- 如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测,则根据此索引进行命名,例如eno1
- 如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,例如ens1
- 如果硬件接口的物理位置信息可用,则根据此信息进行命名,例如enp2s0
- 如果用户显式启动,也可根据MAC地址进行命名,例如enx2387a1dc56
- 上述均不可用时,则使用传统命名机制
上述命名机制中,有的需要biosdevname程序的参与。所以必须安装biosdevname程序且启用它。
1.3 网络接口名称组成格式
基于固件、设备结构、设备类型
- 由两个字母开头标示固件
- 设备结构
1.4 网卡设备的命名过程
- udev,辅助工具程序/lib/udev/rename_device会根据/usr/lib/udev/rules.d/60-net.rules中的信息设定网卡名称
- biosdevname会根据/usr/lib/udev/rules.d/71-biosdevname.rules中的信息设定网卡名称
- 通过udev检测网络接口设备,根据/usr/lib/udev/rules.d/75-net-description中的变量信息设定网卡名称
1.5 回归传统命名
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
修改网卡配置文件 [root@wenhs-AWS ~]# cd /etc/sysconfig/network-scripts/ [root@wenhs-AWS network-scripts]# cp ifcfg-ens33 ifcfg-eth0 [root@wenhs-AWS network-scripts]# vim ifcfg-eth0 TYPE=Ethernet BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0 //此处要把ens33改成eht0 DEVICE=eth0 //此处要把ens33改成eht0 ONBOOT=yes 编辑/etc/default/grub配置文件,在以GRUB_CMDLINE_LINUX开头的行内rhgb的前面加上net.ifnames=0 biosdevname=0 [root@wenhs-AWS ~]# vim /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet" GRUB_DISABLE_RECOVERY="true" 为grub2生成其配置文件 [root@wenhs-AWS ~]# grub2-mkconfig -o /etc/grub2.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-957.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-957.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-4b6c5369a989421bb4205cfad603d374 Found initrd image: /boot/initramfs-0-rescue-4b6c5369a989421bb4205cfad603d374.img done 重启系统 [root@localhost ~]# reboot |
2. 网络管理常用命令
2.1 ifconfig
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
查看当前处于活动状态的所有网络接口
[root@wenhs-AWS ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 10.0.100.10 netmask 255.255.255.0 broadcast 10.0.100.255
inet6 fe80::869:6bff:fe89:6872 prefixlen 64 scopeid 0x20<link>
ether 0a:69:6b:89:68:72 txqueuelen 1000 (Ethernet)
RX packets 1187 bytes 128192 (125.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1232 bytes 120424 (117.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 96 bytes 8952 (8.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 96 bytes 8952 (8.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
仅查看eth0网卡状态
[root@wenhs-AWS ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 10.0.100.10 netmask 255.255.255.0 broadcast 10.0.100.255
inet6 fe80::869:6bff:fe89:6872 prefixlen 64 scopeid 0x20<link>
ether 0a:69:6b:89:68:72 txqueuelen 1000 (Ethernet)
RX packets 1221 bytes 130744 (127.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1265 bytes 126274 (123.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
查看所有网卡状态信息, 包括禁用和启用
[root@wenhs-AWS ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 10.0.100.10 netmask 255.255.255.0 broadcast 10.0.100.255
inet6 fe80::869:6bff:fe89:6872 prefixlen 64 scopeid 0x20<link>
ether 0a:69:6b:89:68:72 txqueuelen 1000 (Ethernet)
RX packets 1240 bytes 131850 (128.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1280 bytes 128032 (125.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 96 bytes 8952 (8.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 96 bytes 8952 (8.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
网卡配置信息含义如下:
UP: 网卡处于活动状态
BROADCAST: 支持广播
RUNNING: 网线已接入
MULTICAST: 支持组播
MTU: 最大传输单元(字节),即此接口一次所能传输的最大封包
inet: 显示IPv4地址行
inet6: 显示IPv6地址行
link/enther: 指设备硬件(MAC)地址
txqueuelen: 传输缓存区长度大小
RX packets: 接收的数据包
TX packets: 发送的数据包
errors: 总的收包的错误数量
dropped: 由于各种原因, 导致拷贝在内存过程中被丢弃
collisions: 网络信号冲突情况, 值不为0则可能存在网络故障 |
2.2 ip
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
语法:ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT:
link:网络接口属性
addr:协议地址
route:路由
查看网络接口所有地址
[root@wenhs-AWS ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
显示报文统计信息
[root@wenhs-AWS ~]# ip -s link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
8952 96 0 0 0 0
TX: bytes packets errors dropped carrier collsns
8952 96 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
135805 1306 0 0 0 0
TX: bytes packets errors dropped carrier collsns
135567 1339 0 0 0 0
启用或禁用网络接口ip link set DEV {up|down}
[root@wenhs-AWS ~]# ip link set lo down
[root@wenhs-AWS ~]# ip link set lo up
ip addr add ADDRESS dev DEV:添加IP地址
[root@wenhs-AWS ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.100.10/24 brd 10.0.100.255 scope global noprefixroute dynamic eth0
valid_lft 2924sec preferred_lft 2924sec
inet6 fe80::869:6bff:fe89:6872/64 scope link
valid_lft forever preferred_lft forever
[root@wenhs-AWS ~]# ip addr add 192.168.1.1/24 dev eth0
[root@wenhs-AWS ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.100.10/24 brd 10.0.100.255 scope global noprefixroute dynamic eth0
valid_lft 2871sec preferred_lft 2871sec
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::869:6bff:fe89:6872/64 scope link
valid_lft forever preferred_lft forever
ip addr del ADDRESS dev DEV:删除IP地址
[root@wenhs-AWS ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.100.10/24 brd 10.0.100.255 scope global noprefixroute dynamic eth0
valid_lft 2826sec preferred_lft 2826sec
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::869:6bff:fe89:6872/64 scope link
valid_lft forever preferred_lft forever
[root@wenhs-AWS ~]# ip addr del 192.168.1.1/24 dev eth0
[root@wenhs-AWS ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.100.10/24 brd 10.0.100.255 scope global noprefixroute dynamic eth0
valid_lft 2742sec preferred_lft 2742sec
inet6 fe80::869:6bff:fe89:6872/64 scope link
valid_lft forever preferred_lft forever
ip addr show DEV:查看网络接口的地址
[root@wenhs-AWS ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0a:69:6b:89:68:72 brd ff:ff:ff:ff:ff:ff
inet 10.0.100.10/24 brd 10.0.100.255 scope global noprefixroute dynamic eth0
valid_lft 2694sec preferred_lft 2694sec
inet6 fe80::869:6bff:fe89:6872/64 scope link
valid_lft forever preferred_lft forever
ip route:routing table management 路由管理
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主机路由:IP
网络路由:NETWORK/MASK
删除路由:ip route del TARGET
TARGET:
主机路由:IP
网络路由:NETWORK/MASK
查看路由:ip route show
刷新路由表:ip route flush
[dev IFACE]
[via PREFIX] |
2.3 route
Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
查看当前路由表 [root@wenhs-AWS ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default ip-10-0-100-1.a 0.0.0.0 UG 100 0 0 eth0 10.0.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 以数字方式显示各主机或端口等相关信息 [root@wenhs-AWS ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.100.1 0.0.0.0 UG 100 0 0 eth0 10.0.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 增加路由 语法:route add [-net|-host] target [netmask Nm] [gw Gw] [[dev] If] 增加网段路由 [root@wenhs-AWS ~]# route add -net 10.0.200.0/24 gw 10.0.100.1 dev eth0 增加主机路由 [root@wenhs-AWS ~]# route add -host 10.0.100.100 gw 10.0.100.1 查看添加路由情况 [root@wenhs-AWS ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.100.1 0.0.0.0 UG 100 0 0 eth0 10.0.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 10.0.100.100 10.0.100.1 255.255.255.255 UGH 0 0 0 eth0 10.0.200.0 10.0.100.1 255.255.255.0 UG 0 0 0 eth0 删除路由 [root@wenhs-AWS ~]# route del -host 10.0.100.100 gw 10.0.100.1 [root@wenhs-AWS ~]# route del -net 10.0.200.0/24 [root@wenhs-AWS ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.100.1 0.0.0.0 UG 100 0 0 eth0 10.0.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 |
2.4 hostname与hostnamectl
生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
公有云: 地区-项目-业务-服务-节点-地址
wh-shop-register-nginx-node1-192.168.56.13
wh-med-pay-mysql-master01-192.168.56.11
wh-med-pay-mysql-slave01-192.168.56.12
hostname查看主机名
[root@wenhs-AWS ~]# hostname
ip-10-0-100-10.ap-northeast-1.compute.internal
hostname临时修改主机名
[root@ip-10-0-100-10 ~]# hostname wenhs-AWS
[root@ip-10-0-100-10 ~]# bash
[root@wenhs-AWS ~]#
[root@wenhs-AWS ~]# cat /etc/hostname
ip-10-0-100-10.ap-northeast-1.compute.internal
注意:修改主机名后需要重新登录用户才会显示效果
rhel7系统建议使用hostnamectl修改和查看主机名
设定永久名称
[root@wenhs-AWS ~]# hostnamectl set-hostname wenhs-AWS
[root@wenhs-AWS ~]# cat /etc/hostname
wenhs-aws
查看主机信息
[root@wenhs-AWS ~]# hostnamectl
Static hostname: wenhs-aws
Pretty hostname: wenhs-AWS
Icon name: computer-vm
Chassis: vm
Machine ID: 61ac11bb8b404d10b1df9b6f7cb9f990
Boot ID: 24a44c75a1af4526be89f06e17e7446b
Virtualization: xen
Operating System: Red Hat Enterprise Linux Server 7.6 (Maipo)
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.6:GA:server
Kernel: Linux 3.10.0-957.el7.x86_64
Architecture: x86-64 |
注意:在Linux中以命令方式修改网络配置只在当前状态有效,重启后将失效。故若想使修改的配置重启后依然有效,则必须编辑配置文件进行配置的修改。
3. 网络相关配置文件
3.1 网络配置文件
1 2 3 |
网络配置文件:/etc/sysconfig/network
NETWORKING={yes|no}:设定整个系统是否启用网络功能,若设为no,则不论网卡如何设置都不能使用网络功能。
HOSTNAME:设置主机名 |
3.2 网络接口配置文件
网络接口即网卡,其配置文件的路径是/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@wenhs-AWS ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.2
NETMASK=255.255.255.0
GATEWAY=172.16.1.1
DNS1=172.16.1.1
网卡配置说明
参数 说明
BOOTPROTO=none //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
NM_CONTROLLED //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本
//可选值有{ yes | no }
//此项是设定此网卡是否接受NM控制。CentOS6建议设为“no”
TYPE //接口类型。常见的接口类型有:Ethernet,Bridge
UUID //设备的惟一标识
HWADDR //硬件地址,要与硬件中的地址保持一致,可省
IPADDR=172.16.1.2 //固定IP地址
PREFIX=24 //子网掩码
NETMASK=255.255.255.0 //子网掩码
GATEWAY=172.16.1.1 //默认网关
DNS1=172.16.1.1 //第一个DNS服务器指向
DNS2 //第二个DNS服务器指向
DNS3 //第三个DNS服务器指向
DEVICE=eth1 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致
NAME="eth1" //连接名称
ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }
DEFROUTE=yes //将接口设定为默认路由[yes|no]
USERCTL={yes|no} //是否允许普通用户控制此接口的启用与禁用
PEERDNS={yes|no} //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中 |
3.3 路由配置文件
路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
1 2 3 4 5 6 7 8 9 |
添加格式一:DEST via NEXTHOP
[root@wenhs-AWS ~]# vim /etc/sysconfig/network-scripts/route-eth0
10.0.200.0/24 via 10.0.100.1
添加格式二:
[root@wenhs-AWS ~]# vim /etc/sysconfig/network-scripts/route-eth0
ADDRESS0=10.0.200.0
NETMASK0=255.255.255.0
GATEWAY0=10.0.100.1 |
3.4 DNS配置文件
DNS配置文件的路径是/etc/resolv.conf
1 2 3 4 5 6 7 |
[root@wenhs-AWS ~]# vim /etc/resolv.conf search ap-northeast-1.compute.internal nameserver 10.0.0.2 nameserver DNS_IP_1 nameserver DNS_IP_2 nameserver DNS_IP_3 |
4. NetworkManager管理网络
RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。
NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connect-editor
device物理设备, 例如 ens33,enp2s0,virbr0,team0
connection连接设置, 具体网络配置方案
1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接 2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了
使用nmcli命令查看设备以及连接情况
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 |
查看设备状态 [root@wenhs-AWS ~]# nmcli device DEVICE TYPE STATE CONNECTION eth0 ethernet connected System eth0 lo loopback unmanaged -- 查看指定设备的详细状态 [root@wenhs-AWS ~]# nmcli device show eth0 GENERAL.DEVICE: eth0 GENERAL.TYPE: ethernet GENERAL.HWADDR: 0A:69:6B:89:68:72 GENERAL.MTU: 9001 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: System eth0 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnectio WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 10.0.100.10/24 IP4.GATEWAY: 10.0.100.1 IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 10.0.100.1, mt = 100 IP4.ROUTE[2]: dst = 10.0.100.0/24, nh = 0.0.0.0, mt = 100 IP4.DNS[1]: 10.0.0.2 IP4.DOMAIN[1]: ap-northeast-1.compute.internal IP6.ADDRESS[1]: fe80::869:6bff:fe89:6872/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 lines 1-18/18 (END) 查看连接状态 [[root@wenhs-AWS ~]# nmcli connection NAME UUID TYPE DEVICE System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0 查看所有活动的连接 NAME UUID TYPE DEVICE System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0 查看指定设备连接的详细情况 [root@wenhs-AWS ~]# nmcli connection show eth0 Error: eth0 - no such connection profile. [root@wenhs-AWS ~]# nmcli connection show 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 connection.id: System eth0 connection.uuid: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: eth0 connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (default) connection.auth-retries: -1 connection.timestamp: 1552909406 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: unknown connection.lldp: default connection.mdns: -1 (default) 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: no 802-3-ethernet.mac-address: 0A:69:6B:89:68:72 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: auto 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: default 802-3-ethernet.wake-on-lan-password: -- ipv4.method: auto ipv4.dns: -- ipv4.dns-search: -- ipv4.dns-options: "" ipv4.dns-priority: 0 ipv4.addresses: -- ipv4.gateway: -- ipv4.routes: -- ipv4.route-metric: -1 ipv4.route-table: 0 (unspec) ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id: -- ipv4.dhcp-timeout: 0 (default) ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (default) ipv6.method: ignore ipv6.dns: -- ipv6.dns-search: -- ipv6.dns-options: "" ipv6.dns-priority: 0 ipv6.addresses: -- ipv6.gateway: -- ipv6.routes: -- ipv6.route-metric: -1 ipv6.route-table: 0 (unspec) ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (unknown) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-duid: -- ipv6.dhcp-send-hostname: yes ipv6.dhcp-hostname: -- ipv6.token: -- proxy.method: none proxy.browser-only: no proxy.pac-url: -- proxy.pac-script: -- GENERAL.NAME: System eth0 GENERAL.UUID: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 GENERAL.DEVICES: eth0 GENERAL.STATE: activated GENERAL.DEFAULT: yes GENERAL.DEFAULT6: no GENERAL.SPEC-OBJECT: -- GENERAL.VPN: no GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnectio GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1 GENERAL.ZONE: -- GENERAL.MASTER-PATH: -- IP4.ADDRESS[1]: 10.0.100.10/24 IP4.GATEWAY: 10.0.100.1 IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 10.0.100.1, mt = 100 IP4.ROUTE[2]: dst = 10.0.100.0/24, nh = 0.0.0.0, mt = 100 IP4.DNS[1]: 10.0.0.2 IP4.DOMAIN[1]: ap-northeast-1.compute.internal DHCP4.OPTION[1]: broadcast_address = 10.0.100.255 DHCP4.OPTION[2]: dhcp_lease_time = 3600 DHCP4.OPTION[3]: dhcp_message_type = 5 DHCP4.OPTION[4]: dhcp_server_identifier = 10.0.100.1 DHCP4.OPTION[5]: domain_name = ap-northeast-1.compute.internal DHCP4.OPTION[6]: domain_name_servers = 10.0.0.2 DHCP4.OPTION[7]: expiry = 1552912159 DHCP4.OPTION[8]: host_name = ip-10-0-100-10 DHCP4.OPTION[9]: interface_mtu = 9001 DHCP4.OPTION[10]: ip_address = 10.0.100.10 DHCP4.OPTION[11]: network_number = 10.0.100.0 DHCP4.OPTION[12]: next_server = 0.0.0.0 DHCP4.OPTION[13]: requested_broadcast_address = 1 DHCP4.OPTION[14]: requested_classless_static_routes = 1 DHCP4.OPTION[15]: requested_domain_name = 1 DHCP4.OPTION[16]: requested_domain_name_servers = 1 DHCP4.OPTION[17]: requested_domain_search = 1 DHCP4.OPTION[18]: requested_host_name = 1 DHCP4.OPTION[19]: requested_interface_mtu = 1 DHCP4.OPTION[20]: requested_ms_classless_static_routes = 1 DHCP4.OPTION[21]: requested_nis_domain = 1 DHCP4.OPTION[22]: requested_nis_servers = 1 DHCP4.OPTION[23]: requested_ntp_servers = 1 DHCP4.OPTION[24]: requested_rfc3442_classless_static_routes = 1 DHCP4.OPTION[25]: requested_routers = 1 DHCP4.OPTION[26]: requested_static_routes = 1 DHCP4.OPTION[27]: requested_subnet_mask = 1 DHCP4.OPTION[28]: requested_time_offset = 1 DHCP4.OPTION[29]: requested_wpad = 1 DHCP4.OPTION[30]: routers = 10.0.100.1 DHCP4.OPTION[31]: subnet_mask = 255.255.255.0 IP6.ADDRESS[1]: fe80::869:6bff:fe89:6872/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 lines 110-132/132 (END) |
5. 使用原生network管理网络
CentOS/RHEL的网络配置文件默认目录为/etc/sysconfig/network-scripts
默认第一块物理网卡配置文件为ifcfg-eth0, 如果有第二块物理网卡, 配置文件则为ifcfg-eth1以此类推。 注意: 如果新增物理网卡没有配置文件,可选择复制系统默认的进行修改。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
设置NetworkManger开机不启动, 同时停止NetworkManger服务
[root@wenhs-aws ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@wenhs-aws ~]# systemctl disable NetworkManager
[root@wenhs-aws ~]# systemctl stop NetworkManager
添加一块物理网卡, 然后新增网络连接配置文件
复制配置eth0配置文件为eth1
[root@wenhs-aws ~]# cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1}
[root@wenhs-aws ~]# ls /etc/sysconfig/network-scripts/
ifcfg-eth0 ifup-bnep
ifcfg-eth1 ifup-eth
ifcfg-lo ifup-ippp
ifdown ifup-ipv6
ifdown-bnep ifup-isdn
ifdown-eth ifup-plip
ifdown-ippp ifup-plusb
ifdown-ipv6 ifup-post
ifdown-isdn ifup-ppp
ifdown-post ifup-routes
ifdown-ppp ifup-sit
ifdown-routes ifup-Team
ifdown-sit ifup-TeamPort
ifdown-Team ifup-tunnel
ifdown-TeamPort ifup-wireless
ifdown-tunnel init.ipv6-global
ifup network-functions
ifup-aliases network-functions-ipv6
[root@wenhs-aws ~]#
编辑网卡配置文件
[root@wenhs-aws ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=10.0.100.100
NETMASK=255.255.255.0
GATEWAY=10.0.100.1
DNS1=10.0.100.1
重启network网络服务加载网络并设置开机启动
[root@wenhs-aws ~]# systemctl restart network
[root@wenhs-aws ~]# systemctl enable network |
6. 网络检测工具与故障排查
6.1 ping
ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情况
1 2 3 4 |
ping命令常用选项:
-c 指定ping的次数
-i 指定ping包的发送间隔
-w 如果ping没有回应, 则在指定超时时间后退出 |
6.2 host与nslookup
host/nslookup命令用于查询DNS记录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
host是由bind-utils这个软件包提供,没有这个命令先安装这个软件包 [root@wenhs-aws ~]# host www.baidu.com www.baidu.com is an alias for www.a.shifen.com. www.a.shifen.com is an alias for www.wshifen.com. www.wshifen.com has address 119.63.197.139 www.wshifen.com has address 119.63.197.151 [root@wenhs-aws ~]# nslookup www.baidu.com Server: 10.0.0.2 Address: 10.0.0.2#53 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com. www.a.shifen.com canonical name = www.wshifen.com. Name: www.wshifen.com Address: 119.63.197.139 Name: www.wshifen.com Address: 119.63.197.151 |
6.3 traceroute
traceroute命令用于路由跟踪, 检测网络故障出现在ISP运营商或是对端服务无法响应
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
[root@wenhs-aws ~]# yum -y install traceroute [root@wenhs-aws ~]# traceroute www.google.com traceroute to www.google.com (172.217.161.68), 30 hops max, 60 byte packets 1 ec2-175-41-192-216.ap-northeast-1.compute.amazonaws.com (175.41.192.216) 19.315 ms 19.254 ms ec2-175-41-192-220.ap-northeast-1.compute.amazonaws.com (175.41.192.220) 16.067 ms 2 100.66.8.80 (100.66.8.80) 20.800 ms 100.66.8.62 (100.66.8.62) 11.427 ms 100.66.8.18 (100.66.8.18) 28.192 ms 3 100.66.11.40 (100.66.11.40) 15.950 ms 100.66.11.128 (100.66.11.128) 15.379 ms 100.66.10.108 (100.66.10.108) 14.116 ms 4 100.66.6.47 (100.66.6.47) 11.757 ms 100.66.7.75 (100.66.7.75) 18.120 ms 100.66.7.9 (100.66.7.9) 23.942 ms 5 100.66.4.253 (100.66.4.253) 11.212 ms 100.66.4.15 (100.66.4.15) 20.038 ms 100.66.4.175 (100.66.4.175) 17.110 ms 6 100.65.8.161 (100.65.8.161) 0.327 ms 100.65.9.129 (100.65.9.129) 2.533 ms 100.65.10.1 (100.65.10.1) 0.318 ms 7 27.0.0.73 (27.0.0.73) 1.121 ms 0.619 ms 0.568 ms 8 52.95.31.73 (52.95.31.73) 0.873 ms 52.95.31.79 (52.95.31.79) 1.155 ms 52.95.31.85 (52.95.31.85) 0.867 ms 9 52.95.31.58 (52.95.31.58) 1.211 ms 52.95.31.28 (52.95.31.28) 1.644 ms 52.95.31.42 (52.95.31.42) 0.721 ms 10 100.91.149.16 (100.91.149.16) 6.774 ms 100.91.149.0 (100.91.149.0) 3.297 ms 3.278 ms 11 100.91.3.193 (100.91.3.193) 2.101 ms 100.91.3.199 (100.91.3.199) 16.686 ms 100.91.3.197 (100.91.3.197) 2.074 ms 12 100.91.147.35 (100.91.147.35) 1.647 ms 100.91.147.99 (100.91.147.99) 1.666 ms 100.91.147.35 (100.91.147.35) 1.590 ms 13 52.95.30.69 (52.95.30.69) 1.678 ms 52.95.30.11 (52.95.30.11) 2.329 ms 52.95.30.27 (52.95.30.27) 1.956 ms 14 54.239.53.247 (54.239.53.247) 1.312 ms 54.239.53.251 (54.239.53.251) 2.363 ms 54.239.53.237 (54.239.53.237) 1.701 ms 15 72.14.220.244 (72.14.220.244) 1.465 ms 1.406 ms 1.447 ms 16 108.170.242.193 (108.170.242.193) 3.106 ms 3.108 ms 108.170.242.161 (108.170.242.161) 1.797 ms 17 209.85.243.1 (209.85.243.1) 2.661 ms 2.362 ms 2.388 ms 18 nrt20s09-in-f4.1e100.net (172.217.161.68) 1.647 ms 1.688 ms 1.691 ms [root@wenhs-aws ~]# traceroute www.baidu.com traceroute to www.baidu.com (119.63.197.139), 30 hops max, 60 byte packets 1 ec2-175-41-192-220.ap-northeast-1.compute.amazonaws.com (175.41.192.220) 19.912 ms ec2-175-41-192-216.ap-northeast-1.compute.amazonaws.com (175.41.192.216) 14.914 ms ec2-175-41-192-218.ap-northeast-1.compute.amazonaws.com (175.41.192.218) 21.939 ms 2 100.66.8.90 (100.66.8.90) 22.108 ms 100.66.8.62 (100.66.8.62) 21.366 ms 100.66.8.118 (100.66.8.118) 13.522 ms 3 100.66.10.10 (100.66.10.10) 15.786 ms 100.66.10.192 (100.66.10.192) 12.084 ms 100.66.10.230 (100.66.10.230) 13.922 ms 4 100.66.6.195 (100.66.6.195) 20.764 ms 100.66.6.239 (100.66.6.239) 11.196 ms 100.66.6.195 (100.66.6.195) 20.744 ms 5 100.66.4.51 (100.66.4.51) 15.529 ms 100.66.4.127 (100.66.4.127) 9.056 ms 100.66.4.145 (100.66.4.145) 6.459 ms 6 100.65.9.161 (100.65.9.161) 0.336 ms 100.65.8.1 (100.65.8.1) 0.988 ms 100.65.8.129 (100.65.8.129) 0.408 ms 7 27.0.0.159 (27.0.0.159) 1.532 ms 27.0.0.73 (27.0.0.73) 2.287 ms 27.0.0.159 (27.0.0.159) 2.505 ms 8 52.95.31.83 (52.95.31.83) 0.961 ms 0.807 ms 52.95.31.75 (52.95.31.75) 1.576 ms 9 52.95.31.68 (52.95.31.68) 1.340 ms 52.95.31.8 (52.95.31.8) 0.661 ms 52.95.31.30 (52.95.31.30) 1.618 ms 10 52.93.73.245 (52.93.73.245) 6.652 ms 52.95.31.147 (52.95.31.147) 6.815 ms 6.718 ms 11 54.239.53.19 (54.239.53.19) 14.539 ms 54.239.53.54 (54.239.53.54) 7.296 ms 54.239.53.46 (54.239.53.46) 7.149 ms 12 54.239.53.90 (54.239.53.90) 6.790 ms 54.239.53.98 (54.239.53.98) 6.844 ms 54.239.53.90 (54.239.53.90) 7.629 ms 13 210.132.124.201 (210.132.124.201) 7.064 ms 7.197 ms 7.382 ms 14 27.86.41.109 (27.86.41.109) 8.133 ms 27.85.134.53 (27.85.134.53) 9.559 ms 27.85.228.13 (27.85.228.13) 8.928 ms 15 27.85.196.9 (27.85.196.9) 8.221 ms 27.85.196.5 (27.85.196.5) 8.634 ms 8.597 ms 16 27.85.199.194 (27.85.199.194) 7.574 ms 27.85.199.190 (27.85.199.190) 7.472 ms 7.462 ms 17 118.159.224.162 (118.159.224.162) 10.214 ms 10.623 ms 10.548 ms 18 * * * ..... #看地区,国内运营商大部分屏蔽了路由跟踪,所以是* * * 30 * * * [root@wenhs-aws ~]# |
6.4 netstat
netstat用于查看网络状态
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
显示路由表
[root@wenhs-aws ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default ip-10-0-100-1.a 0.0.0.0 UG 0 0 0 eth0
10.0.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@wenhs-aws ~]#
以数字方式显示路由表
[root@wenhs-aws ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.100.1 0.0.0.0 UG 0 0 0 eth0
10.0.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@wenhs-aws ~]#
显示建立的tcp连接
[root@wenhs-aws ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 36 ip-10-0-100-10.ap-n:ssh 113.57.246.160:36144 ESTABLISHED
[root@wenhs-aws ~]#
显示udp连接
[root@wenhs-aws ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
[root@wenhs-aws ~]#
显示监听状态的连接
[root@wenhs-aws ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 0.0.0.0:bootpc 0.0.0.0:*
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 26787 public/pickup
unix 2 [ ACC ] STREAM LISTENING 8273 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 20536 /run/dbus/system_bus_socket
...
unix 2 [ ACC ] STREAM LISTENING 26831 public/showq
unix 2 [ ACC ] SEQPACKET LISTENING 16876 /run/udev/control
[root@wenhs-aws ~]#
显示监听指定的套接字的进程的进程号及进程名
[root@wenhs-aws ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 36 ip-10-0-100-10.ap-n:ssh 113.57.246.160:36144 ESTABLISHED 4376/sshd: root@pts
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 3 [ ] DGRAM 8254 1/systemd /run/systemd/notify
unix 2 [ ] DGRAM 8256 1/systemd /run/systemd/cgroups-agent
.....
unix 3 [ ] STREAM CONNECTED 26832 4013/master
[root@wenhs-aws ~]#
显示所有状态的连接
[root@wenhs-aws ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 36 ip-10-0-100-10.ap-n:ssh 113.57.246.160:36144 ESTABLISHED
tcp 0 0 ip-10-0-100-10.ap-n:ssh 121.143.145.177:47091 TIME_WAIT
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 26787 public/pickup
unix 3 [ ] DGRAM 8254 /run/systemd/notify
.........
常用选项
-antlp
[root@wenhs-aws ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4056/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4013/master
tcp 0 36 10.0.100.10:22 113.57.246.160:36144 ESTABLISHED 4376/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 4056/sshd
tcp6 0 0 ::1:25 :::* LISTEN 4013/master
[root@wenhs-aws ~]# |
6.5 ss
ss是一种网络状态查看工具,取代netstat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
语法:ss [options] [ FILTER ]
常用的options:
-t:tcp协议相关
-u:udp协议相关
-w:裸套接字相关
-x:unix套接字相关
-l:listen状态的连接
-a:所有
-n:数字格式
-p:相关的程序及pid
-e:扩展的信息
-m:内存用量
-o:显示计时器信息
常见的FILTER:
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
如:ss -tan state ESTABLISHED
常见的state:
tcp finite state machine:有限状态机
LISTEN:监听
ESTABLISHED:已建立的连接
EXPRESSION:
dport =
sport =
示例:'( dport = :ssh or sport = :ssh)',此处的ssh也即服务名可以使用其对应的端口号代替,等号两边必须有空格
常用组合:
[root@wenhs-aws ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 168 10.0.100.10:22 113.57.246.160:36144
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@wenhs-aws ~]#
[root@wenhs-aws ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@wenhs-aws ~]#
[root@wenhs-aws ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=4056,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=4013,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=4056,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=4013,fd=14))
[root@wenhs-aws ~]#
[root@wenhs-aws ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 ::1:323 :::*
[root@wenhs-aws ~]# |
1 2 3 4 5 6 7 8 9 |
常见端口 dns 53/udp http 80/tcp https 443/tcp ssh 22/tcp ftp 20,21/tcp mysql 3306/tcp rsync 873/rsync redis 6379/tcp |
6.6 网络故障排查
- 网络故障分为硬件/软件故障
- 网络排查思路
- 服务故障排查思路
建议:
所有的排查思路都从OSI七层模型由下往上逐一进行排查(学会看日志)
实验
1.查看系统中每个ip的连接数
1 2 3 4 5 |
[root@wenhs-aws ~]# netstat -n|awk '/^tcp/{print $5}'
113.57.246.160:36144
[root@wenhs-aws ~]# netstat -n|awk '/^tcp/{print $5}'|wc -l
1
[root@wenhs-aws ~]# |
2.列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
1 2 3 4 5 6 |
http 80/tcp ftp 20,21/tcp ssh 22/tcp telnet 23/tcp mysql 3306/tcp dns 53/udp |
3.在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1}
vim /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.116.0.10
NETMASK=255.255.255.0
GATEWAY=172.16.0.1
DNS1=172.16.0.1
或者一步,参数都记住自己写:
cat <<EOF>>/etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.116.0.10
NETMASK=255.255.255.0
GATEWAY=172.16.0.1
DNS1=172.16.0.1
EOF |
4.详细描述dns解析过程,以访问www.baidu.com为例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
①用户主机上运行着DNS的客户端,就是我们的PC机或者手机客户端运行着DNS客户端了 ②浏览器将接收到的url中抽取出域名字段,就是访问的主机名,比如http://www.baidu.com/, 并将这个主机名传送给DNS应用的客户端 ③DNS客户机端向DNS服务器端发送一份查询报文,报文中包含着要访问的主机名字段(中间包括一些列缓存查询以及分布式DNS集群的工作) ④该DNS客户机最终会收到一份回答报文,其中包含有该主机名对应的IP地址 ⑤一旦该浏览器收到来自DNS的IP地址,就可以向该IP地址定位的HTTP服务器发起TCP连接 [root@wenhs-aws ~]# dig +trace www.baidu.com ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> +trace www.baidu.com ;; global options: +cmd . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. ;; Received 811 bytes from 10.0.0.2#53(10.0.0.2) in 7 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20190331170000 20190318160000 16749 . XOWxpjf7b0ZVxRoIr2eJvXzd/jAAYk+wyfLk9tyUrUWsBcm2KPeZW9z4 vd1LVzZKZG68Hd/SGdbjmwB5SVS3MJ4OhLCl/GjongZqYQ1LXUMFl4JK H715rc37vUT+3qVq9vjKs/dm4560fCXcph1XzYtj0EhdPHm0pme9tjyl 7xay1HqtGD62e9odTgDapDeYg1p6OZZ8BypYagG/EOCi1tJSwmXnn5V4 YpTrKXZ36/2cGnFIQbApjkEbCB+nesjeHIIMnOdYFb1ufYtFdvhMrr1v PAL2VHqYlYqZt93kfLnynSkxA6UXWzKttvyuJqrjb/xtMKkUPD6Mit03 Kf0qRA== ;; Received 1173 bytes from 199.9.14.201#53(B.ROOT-SERVERS.NET) in 116 ms baidu.com. 172800 IN NS ns2.baidu.com. baidu.com. 172800 IN NS ns3.baidu.com. baidu.com. 172800 IN NS ns4.baidu.com. baidu.com. 172800 IN NS ns1.baidu.com. baidu.com. 172800 IN NS ns7.baidu.com. CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190324044646 20190317033646 16883 com. f2hJ7tw/8vfb5zFICChoxKLDH4OYgiVlVrPqujnu7iFMqHfv3CYGqXsw w9un0N7NZy1l99VRfxVwiihNWIaJtEkPCBDxsN9VxyqFuDS/x6H1gTwA 3xvjAWsdUbmqZdUISVLu0E1oifIx1IcIwIceGPRSUq3bxAKQUOMCdyAV 43Q= HPVV2B5N85O7HJJRB7690IB5UVF9O9UA.com. 86400 IN NSEC3 1 1 0 - HPVVN3Q5E5GOQP2QFE2LEM4SVB9C0SJ6 NS DS RRSIG HPVV2B5N85O7HJJRB7690IB5UVF9O9UA.com. 86400 IN RRSIG NSEC3 8 2 86400 20190322050600 20190315035600 16883 com. dXvLamIne0cO6SIn/6qnH+0DmAjbAvwizXxcdnYeAjxRvrt4GXIsgljC amDSCtlvtZF+4i2EEgmEF3DXIuWef8Yp0YqRXlAsxFnOk4BY4hhD1Gno hH8MVb5ZV6moGREbPu8U+qzwgXugej/EfyNt6LlURHRoOCFi55EdCqgw eZo= ;; Received 697 bytes from 192.33.14.30#53(b.gtld-servers.net) in 37 ms www.baidu.com. 1200 IN CNAME www.a.shifen.com. a.shifen.com. 1200 IN NS ns5.a.shifen.com. a.shifen.com. 1200 IN NS ns3.a.shifen.com. a.shifen.com. 1200 IN NS ns4.a.shifen.com. a.shifen.com. 1200 IN NS ns2.a.shifen.com. a.shifen.com. 1200 IN NS ns1.a.shifen.com. ;; Received 239 bytes from 14.215.178.80#53(ns4.baidu.com) in 64 ms [root@wenhs-aws ~]# |
5.如何查看系统中运行了多少个进程
1 2 3 |
netstat -nap 或者 ps -aux |
6.如何查看系统中启动了哪些端口
1
|
netstat -antlp |
7.如何查看是否开启80端口,及查看sshd进程是否存在
1 2 |
通过"netstat -anp" 来查看哪些端口被打开 netstat -anp | grep :22 |
8.列出所有处于监听状态的tcp端口
1
|
netstat -lt |
9.查看所有的端口信息, 包括 PID 和进程名称
1
|
netstat -antlp |