linux网络相关操作
一、查看firewalld状态、关闭、开启、开机自动关闭、开机自动启动
[root@VM_0_12_centos ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# systemctl stop firewalld
# systemctl start firewalld
# systemctl disable firewalld
# systemctl enable firewalld
二、临时或永久关闭selinux,一般生产线上的服务器也不开selinux
[root@VM_0_12_centos ~]# getenforce
Disabled
[root@VM_0_12_centos ~]# setenforce 0 临时关闭
setenforce: SELinux is disabled
# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled 改这一行永久关闭
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
改完后要reboot
三、网卡类型及操作
在centos7中,网卡以enX表示,en表示以太网,enX有下面三种类型:
o:主板板载网卡
p: 独立网卡,PCI网卡
s: 热插拔网卡,虚机网卡可以随时添加、删除
临时修改IP: ifconfig 网卡名称 x.x.x.x (netmask 子网掩码), 重启后失效
一块网卡添加多个IP
ifconfig 网卡名称:0 x.x.x.x netmask 子网掩码 --增加一个IP
ifconfig 网卡名称:1 x.x.x.x netmask 子网掩码 --再增加一个IP
ifconfig 网卡名称:0 del x.x.x.x --删除IP
ifdown eth0 禁用网卡
ifup eth0 启用网卡
1、编辑配置文件来永久修改IP
[root@VM_0_12_centos ~]# ls /etc/sysconfig/network-scripts/ifcfg-ens33
# vim /etc/sysconfig/network-scripts/ifcfg-ens33 网卡配置文件
BOOTPROTO=dhcp none/static dhcp表示动态获取,static表示静态IP,none表示不指定,就是静态
DEVICE=eth0
HWADDR=52:54:00:e6:38:66
NM_CONTROLLED=no
ONBOOT=yes
PERSISTENT_DHCLIENT=yes
TYPE=Ethernet
USERCTL=no
IPADDR=192.168.1.63
PREFIX=24
GATEWAY=192.168.1.1
DNS1=114.114.114.114
DNS2=8.8.8.8
# systemctl restart network
2、使用nmtui文本框方式来永久修改IP,这种方式需要esc+翻页键配合,不常用。
# systemctl start NetworkManager
# nmtui
四、配置DNS、主机名
[root@VM_0_12_centos ~]# ls /etc/resolv.conf DNS配置文件
/etc/resolv.conf
[root@VM_0_12_centos ~]# cat !$
cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 183.60.83.19
nameserver 183.60.82.98
# cat /etc/hosts 设置主机和IP绑定信息
# cat /etc/hostname 设置主机名
五、配置主机路由
[root@VM_0_12_centos ~]# route -n 主机路由不执行DNS反向查找,直接显示IP地址信息
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.21.0.1 0.0.0.0 UG 0 0 0 eth0 默认路由指向网关172.21.0.1
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
172.21.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
解释:
默认路由指向网关172.21.0.1
172.21.0.0本地子网,不需要通过网关路由。
# route add -net 10.10.10.10 netmask 255.255.255.255 gw 172.21.0.1 dev eth0 添加一条主机路由,机器重启后路由失效
# route del -net 10.10.10.10 netmask 255.255.255.255 删除主机路由
# vim /etc/sysconfig/static-router
语句:
any net 10.10.10.0/24 gw 172.21.0.1
主机路由永久生效,编辑static-router配置文件这种方法是最好的,无论重启系统或service network restart都会生效
六、虚机双网卡绑定做bonding
1、在虚机中再添加一块网卡,确保两块网卡的模式一样。
编辑虚机配置—添加----网络适配器—选择“仅主机模式”
2、使用vim配置网卡,注意这块“从属”网卡服务于“主”网卡,不应该有自己的IP地址
# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
DEVICE=eno16777736
MASTER=bond0
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-eno33554968
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
DEVICE=eno33554968
MASTER=bond0
SLAVE=yes
# vim /etc/sysconfig/network-scripts/ifcfg-bond0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
DEVICE=bond0
IPADDR=192.168.1.63
PREFIX=24
GATEWAY=192.168.1.1
NM_CONTROLLED=no
3、网卡绑定驱动有三种模式
mode0 : 平时两块网卡均工作,且自动备援,需要交换机配置端口聚合。
mode1 : 平时只有一块网卡工作,故障后替换另一块。
mode6 : 平时两块网卡均工作,且自动备援,无需交换机配置。
选择mode6,故障切换时间为100毫秒
# vim /etc/modprobe.d/bond.conf
alias bond0 bonding
options bond0 miimon=100 mode=6
4、重启服务并查看,正常情况下只有bond0网卡才有IP地址。
# systemctl restart network
#ifconfig
5、验证
ping 192.168.1.63能正常ping通,在虚机硬件配置中随机移除一块网卡(可以禁用),可以看到网卡的切换过程(只丢一个包)
[root@VM_0_12_centos ~]# ping 192.168.1.63
PING 192.168.1.63 (192.168.1.63) 56(84) bytes of data.
64 bytes from 192.168.1.63: icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from 192.168.1.63: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 192.168.1.63: icmp_seq=3 ttl=64 time=0.024 ms
ping: sendmsg: Network is unreachable
64 bytes from 192.168.1.63: icmp_seq=4 ttl=64 time=0.023 ms
64 bytes from 192.168.1.63: icmp_seq=5 ttl=64 time=0.022 ms
七、配置sshd服务
1、编辑sshd服务的主配置文件,主要关注身份验证部分。
# vim /etc/ssh/sshd_config
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes #号去掉,改为no后就不再允许root管理员远程登录了。
#StrictModes yes 当远程用户的私钥改变时直接拒绝连接
#MaxAuthTries 6 最大密码尝试次数
#MaxSessions 10 最大终端数
#PubkeyAuthentication yes 是否允许密码验证
2、 重启服务并加入到开机启动项
# systemctl restart sshd
# systemctl enable sshd
3、排障
查看 sshd 服务端口
# netstat -tnlp | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 20762/sshd
查看 sshd 服务是否启动
#systemctl status sshd.service
4、安全秘钥验证。
4.1、在客户端主机中生成“秘钥对”
4.2、把客户端主机中生成的公钥文件传送到远程主机
4.3、对服务器进行设置,使其只允许秘钥验证,拒绝传统的口令验证方式
4.4、服务器端重启sshd服务并将入到开机启动项
4.5、在客户端尝试登陆到服务器,此时无须输入密码也可成功登陆
八、其他网络相关命令
[root@VM_0_12_centos ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.21.0.12 netmask 255.255.240.0 broadcast 172.21.15.255
inet6 fe80::5054:ff:fee6:3866 prefixlen 64 scopeid 0x20
ether 52:54:00:e6:38:66 txqueuelen 1000 (Ethernet)
RX packets 976813 bytes 151599065 (144.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 918875 bytes 120251689 (114.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 1144 bytes 56056 (54.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1144 bytes 56056 (54.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@VM_0_12_centos ~]# arp
Address HWtype HWaddress Flags Mask Iface
169.254.0.2 ether fe:ee:0b:ca:e5:69 C eth0
169.254.0.15 ether fe:ee:0b:ca:e5:69 C eth0
[root@VM_0_12_centos ~]# traceroute 220.181.38.150
traceroute to 220.181.38.150 (220.181.38.150), 30 hops max, 60 byte packets
1 9.102.189.130 (9.102.189.130) 0.648 ms 0.876 ms 1.102 ms
2 9.102.251.102 (9.102.251.102) 1.093 ms 0.779 ms 1.215 ms
3 10.196.67.13 (10.196.67.13) 0.840 ms 10.196.66.253 (10.196.66.253) 1.744 ms 0.751 ms
4 * * 10.196.89.113 (10.196.89.113) 0.679 ms
5 * * *
linux机器下$ telnet 10.10.10.10 8443
Escape character is ‘^]’
ctrl + ] 回车
telnet>quit
connection closed
又退回到linux机器下$
来源:oschina
链接:https://my.oschina.net/u/4275902/blog/3229244