Linux网络属性配置
2016-01-02 13:04
627 查看
ifconfig命令:
功能:接口及地址查看和管理ifconfig [INTERFACE]
ifconfig -a:显示所有接口,包括inactive(未激活)状态的接口;
实例:-a参数的使用
[root@Linux_11 ~]# ifconfig -aeth0 Linkencap:Ethernet HWaddr 00:0C:29:06:12:D4(MAC地址) inetaddr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link UP(表示激活状态) BROADCAST (支持广播)RUNNING(正在运行状态)MULTICAST(支持多播或组播) MTU:1500(最大传输单元(字节),即此接口一次所能传输的最大封包) Metric:1( 表示路由度量值,缺省值是0) RX packets:195(表示网络由激活到目前为止接收的数据包) errors:0 dropped:0 overruns:0 (溢出)frame:0(帧) TX packets:125 (表示网络由激活到目前为止发送的数据包)errors:0 dropped:0overruns:0 carrier:0 collisions:0txqueuelen:1000 (传输队列长度) RX bytes:21717 (21.2KiB) TX bytes:15247 (14.8 KiB) Interrupt:19 Baseaddress:0x2024 eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe06:12de/64Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:102errors:0 dropped:0 overruns:0 frame:0 TX packets:96errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:11969 (11.6KiB) TX bytes:8770 (8.5 KiB) Interrupt:19 Baseaddress:0x20a4提示:ip地址中主机号全为1的是广播地址,主机号全为0的是网络地址例如:C类网络地址的前3个字节用来表示网络号,只有一个字节被用来表示主机地址,就是我们通常说的主机。IP地址:192.168.100.102将所有的主机位置都为off,就是全为0,所得到的地址就是192.168.100.0,它是一个网络地址,代表的是一个网段;如果将所有的主机位置都为on,就是全为1,所得到的地址就是192.168.100.255,它是一个广播地址,我们的合法主机地址就是介于网络地址和广播地址之间的地址,比如:在192.168.100.0——192.168.100.255之间都可以。补充一下广播地址的概念:被应用程序和主机用来将信息发送到网络上所有结点的地址:比如192.168.100.255,它用于指向192.168.100的所有主机。lo表示回环测试接口,这个虚拟的interface一定要存在!
实例:查看某一个网卡状态
[root@Linux_11 ~]# ifconfig eth2eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8 inetaddr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:111errors:0 dropped:0 overruns:0 frame:0 TX packets:55errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:11786 (11.5KiB) TX bytes:6778 (6.6 KiB) Interrupt:16 Baseaddress:0x2424ifconfig interface [aftype] options | address ...
设置ip的两种方法:
ifconfig IFACE IP/MASK [up|down]ifconfig IFACE IP netmask NETMASK
options:
[-]promisc混杂模式
-promisc 删除混杂模式
什么是混杂模式?
答:混杂模式就是接收所有经过网卡的数据包,包括不是发给本机的包。默认情况下网卡只把发给本机的包(包括广播包)传递给上层程序,其它的包一律丢弃。简单的讲,混杂模式就是指网卡能接受所有通过它的数据流,不管是什么格式,什么地址的。事实上,计算机收到数据包后,由网络层进行判断,确定是递交上层(传输层),还是丢弃,还是递交下层(数据链路层、MAC子层)转发。
通常在需要用到抓包工具,例如ethereal、sniffer、capsa时,需要把网卡置于混杂模式,需要用到软件Winpcap。winpcap是windows平台下一个免费,公共的网络访问系统。开发winpcap这个项目的目的在于为win32应用程序提供访问网络底层的能力。简单的说,网卡的混杂模式是为网络分析而提供的。
注意:
以上方法立即送往内核中的TCP/IP协议栈,并生效;但是重启网络服务之后不生效了,这个生效只是临时的。
管理IPv6地址:
add addr/prefixlen
del addr/prefixlen
addr:ipv6地址
prefixlen:掩码的长度
实例:第一种形式,设置某网卡的ip地址
[root@Linux_11 ~]# ifconfig eth1192.168.5.2/16 up[root@Linux_11 ~]# ifconfig eth1eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE inetaddr:192.168.5.2 Bcast:192.168.63.255 Mask:255.255.192.0 inet6 addr: fe80::20c:29ff:fe06:12de/64Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:129errors:0 dropped:0 overruns:0 frame:0 TX packets:99errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:15389 (15.0KiB) TX bytes:9496 (9.2 KiB) Interrupt:19 Baseaddress:0x20a4
实例:第二种形式,设置某网卡的ip地址
[root@Linux_11 ~]# ifconfig eth1192.168.6.22 netmask 255.255.255.0 up[root@Linux_11 ~]# ifconfig eth1eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE inetaddr:192.168.6.22 Bcast:192.168.6.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:129errors:0 dropped:0 overruns:0 frame:0 TX packets:99errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15389 (15.0KiB) TX bytes:9496 (9.2 KiB) Interrupt:19 Baseaddress:0x20a4
实例:开启/关闭网卡的promisc(混杂)模式
开启混杂模式[root@Linux_11 ~]# ifconfig eth1 promisc[root@Linux_11 ~]# ifconfig eth1eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link UP BROADCAST RUNNINGPROMISC MULTICAST MTU:1500 Metric:1 RX packets:175errors:0 dropped:0 overruns:0 frame:0 TX packets:123errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:21755 (21.2KiB) TX bytes:13072 (12.7 KiB) Interrupt:19 Baseaddress:0x20a4关闭混杂模式[root@Linux_11 ~]# ifconfig eth1-promisc [root@Linux_11 ~]# ifconfig eth1eth1 Linkencap:Ethernet HWaddr00:0C:29:06:12:DE inetaddr:192.168.174.128 Bcast:192.168.174.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12de/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:178errors:0 dropped:0 overruns:0 frame:0 TX packets:123errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:22342 (21.8 KiB) TX bytes:13072 (12.7 KiB) Interrupt:19 Baseaddress:0x20a4提示:promisc是混杂模式,可以收听网络上非发给你网卡地址的数据报文,可以进行黑客攻击。
route命令:
Linux系统的route命令用于显示和操作IP路由表(show / manipulate the IP routing table)。要实现两个不同的子网之间的通信,需要一台连接两个网络的路由器,或者同时位于两个网络的网关来实现。在Linux系统中,设置路由通常是为了解决以下问题:该Linux系统在一个局域网中,局域网中有一个网关,能够让机器访问Internet,那么就需要将这台机器的IP地址设置为Linux机器的默认路由。要注意的是,直接在命令行下执行route命令来添加路由,不会永久保存,当网卡重启或者机器重启之后,该路由就失效了;可以在/etc/rc.local中添加route命令来保证该路由设置永久有效。命令格式:
route [-f] [-p] [Command [Destination][mask Netmask] [Gateway] [metric Metric]] [if Interface]]
功能:路由查看及管理
-n 不解析名字
-v 显示详细的处理信息
-F 显示发送信息
-C 显示路由缓存
-f 清除所有网关入口的路由表。
-p 与 add 命令一起使用时使路由具有永久性。
add:添加一条新路由。
del:删除一条路由。
-net:目标地址是一个网络。
-host:目标地址是一个主机。
netmask:当添加一个网络路由时,需要使用网络掩码。
gw:路由数据包通过网关。注意,你指定的网关必须能够达到。
metric:设置路由跳数。
路由条目类型:
主机路由:目标地址为单个IP;网络路由:目标地址为IP网络;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0
查看路由表:
route -n-n:表示不解析域名
实例:查看本机路由表
[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0192.168.174.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1以上三行Gateway为0.0.0.0表示不需要任何网关,目标主机为自己的网段,为直连路由。0.0.0.0 192.168.174.2 0.0.0.0 UG 0 0 0 eth1上面一行Destination为0.0.0.0表示这是默认 网关相关说明如下:Destination:目标地址(target)Gateway:网关Genmask:目标地址的子网掩码Flags:路由条目的状态,U表示UP,代表启用状态。UG表示它是一个网关且已经启用。 U U:表示此路由当前为启动状态H Host:表示此网关为一主机G Gateway:表示此网关为一路由器R Reinstate Route:使用动态路由重新初始化的路由D Dynamically:此路由是动态性地写入M Modified:此路由是由路由守护程序或导向器动态修改!:表示此路由当前为关闭状态Metric:度量值,到底目的地的开销Iface:网卡
添加路由:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If]示例:
routeadd -net 10.0.0.0/8 gw 192.168.10.1 dev eth1
routeadd -net 0.0.0.0/0.0.0.0 gw192.168.10.1
routeadd -net 10.0.0.0 netmask 255.0.0.0
routeadd default gw 192.168.10.1 添加默认网关
实例:添加一个路由条目,且目标地址为一个ip网络
[root@Linux_22 ~]# route add -net10.0.0.0/8 gw 192.168.4.33 [root@Linux_22 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth00.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0eth0[root@Linux_22 ~]# route add -net10.0.0.0/8 gw 192.168.44.33 SIOCADDRT: 没有那个进程注意:上面添加路由条目并没有写是在哪个网卡设备上添加,不使用dev参数,则系统会自动判断出来。
添加的路由条目中的网关一定要和主机上某块网卡的ip地址在一个网段中。
实例:添加一条路由,并且屏蔽它
route add -net 224.0.0.0 netmask 240.0.0.0 reject
删除路由:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]示例:
route del -net 10.0.0.0/8
说明:
如果目标地址只有一个可以使用这种方法进行删除,如果有多个的话,则只能删除符合条件的第一个路由条目,有多个则需要指定网卡设备来删除
route del -net 10.0.0.0/8 gw 192.168.10.1
route del -net 224.0.0.0 netmask 240.0.0.0
route del -net 224.0.0.0 netmask 240.0.0.0 reject
route del default
实例:删除一个路由条目
[root@Linux_22 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth010.0.0.0 169.254.12.33 255.0.0.0 UG 0 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth00.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0 [root@Linux_22 ~]# route del -net 10.0.0.0/8 #注意:只删除了一条[root@Linux_22 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth00.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0
实例:删除默认网关
命令:
route del default gw 192.168.120.240 route del default
[root@Linux_22 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth00.0.0.0 192.168.4.1 0.0.0.0 UG 0 0 0 eth0[root@Linux_22 ~]# route del default [root@Linux_22 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
netstat命令:
功能:打印网络连接、路由表,接口统计、伪装连接、多目广播、成员关系[root@Linux_11 ~]# netstatActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 52 192.168.3.1:ssh 192.168.3.254:62423 ESTABLISHED Active UNIX domain sockets (w/o servers)Proto RefCnt Flags Type State I-Node Pathunix 14 [ ] DGRAM 12870 /dev/logunix 2 [ ] DGRAM 9311 @/org/kernel/udev/udevdunix 2 [ ] DGRAM 13775 @/org/freedesktop/hal/udev_eventunix 2 [ ] DGRAM 15524 unix 3 [ ] STREAM CONNECTED 15114 /var/run/dbus/system_bus_socketunix 3 [ ] STREAM CONNECTED 15113 unix 2 [ ] DGRAM 14798 unix 2 [ ] DGRAM 14774 unix 2 [ ] DGRAM 14736 unix 2 [ ] DGRAM 14717 unix 3 [ ] STREAM CONNECTED 14682 unix 3 [ ] STREAM CONNECTED 14681 proto:网络的数据包协议,主要分为TCP和UDP数据包Recv-Q:非由用户进程连接到此socket的复制的总字节数Send-Q:非由远程主机传送过来的acknowledged总字节数LocalAddress:本地的IP端口情况Foreign Address:远程主机的IP端口情况State:连接状态,主要有建立(ESTABLISHED)及监听(LISTEN)Proto:一般就是unixRefCnt:连接到此socket的进程数量Flags:连接的标识Type:socket访问的类型,主要有确认连接的STREAM与不需确认的DGRAM两种State:若为CONNECTED表示多个进程之间已经连接建立Path:连接到此socket的相关程序的路径,或者是相关数据输出的路径
显示路由表:
netstat -rn-r:显示内核路由表
-n:数字格式
实例:显示本机路由表
[root@Linux_22 ~]# netstat -rKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface192.168.4.0 * 255.255.255.0 U 0 0 0 eth0link-local * 255.255.0.0 U 0 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0[root@Linux_22 ~]# netstat -rnKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth010.0.0.0 192.168.4.33 255.0.0.0 UG 0 0 0 eth0
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]-t:TCP协议的相关连接,连接均有其状态;FSM(Finate StateMachine);
-u:UDP相关的连接
-w:raw socket(裸套接字)相关的连接
-l:处于监听状态的连接
-a:所有状态
-n:以数字格式显示IP和Port;
-e:扩展格式
-p:显示相关的进程及PID;
常用组合:
-tan
-uan
以上两者是查看TCP或者UDP所有状态的连接
-tnl
-unl
以上两者是查看TCP或者UDP处于监听状态的连接
-tunlp
以上是查看TCP和UDP处于监听状态的连接并显示相应的进程及PID
传输层协议:
tcp:面向连接的协议;通信开始之前,要建立一个虚链路;通信完成后还要拆除连接;
udp:无连接的协议;直接发送数据报文;
实例:查看TCP相关连接
[root@Linux_22 ~]# netstat –t #不加-a参数,默认只显示ESTABLISHED的状态Active Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.4.22:ssh 192.168.4.1:52839 ESTABLISHED 说明:状态ESTABLISHED说明本主机已经和192.168.4.1这台主机连接上了,且本地的监听端口是22,对方的监听端口是52839
[root@Linux_22 ~]# netstat –ta #显示TCP协议的所有状态Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0*:49731 *:* LISTEN tcp 0 0*:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0localhost:ipp *:* LISTEN tcp 0 0localhost:smtp *:* LISTEN tcp 0 0192.168.4.22:ssh 192.168.4.1:52839 ESTABLISHED tcp 0 0*:37603 *:* LISTEN tcp 0 0*:sunrpc *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0localhost:ipp *:* LISTEN tcp 0 0localhost:smtp *:* LISTEN[root@Linux_22 ~]# netstat –tan #不解析域名,且查看TCP所有状态的连接Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 00.0.0.0:49731 0.0.0.0:* LISTEN tcp 0 00.0.0.0:111 0.0.0.0:* LISTEN tcp 0 00.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0192.168.4.22:22 192.168.4.1:52839 ESTABLISHED tcp 0 0 :::37603 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN[root@Linux_22 ~]# netstat –tnl #仅查看TCP处于监听状态的连接Active Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:49731 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 00.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::37603 :::* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 ::1:631 :::* LISTEN tcp 0 0 ::1:25 :::* LISTEN 说明:-l只查看本机处于监听状态的端口,意思是还没有另外的主机来访问此端口。
实例:-p参数的使用,显示相关的进程以PID
[root@Linux_22 ~]# netstat -tunplActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:49731 0.0.0.0:* LISTEN 1855/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1810/rpcbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2021/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1889/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2254/master tcp 0 0 :::37603 :::* LISTEN 1855/rpc.statd tcp 0 0 :::111 :::* LISTEN 1810/rpcbind tcp 0 0 :::22 :::* LISTEN 2021/sshd tcp 0 0 ::1:631 :::* LISTEN 1889/cupsd tcp 0 0 ::1:25 :::* LISTEN 2254/master udp 0 0 0.0.0.0:34454 0.0.0.0:* 1855/rpc.statd udp 0 0 0.0.0.0:713 0.0.0.0:* 1810/rpcbind udp 0 0 0.0.0.0:111 0.0.0.0:* 1810/rpcbind udp 0 0 0.0.0.0:631 0.0.0.0:* 1889/cupsd udp 0 0 0.0.0.0:759 0.0.0.0:* 1855/rpc.statd udp 0 0 :::57112 :::* 1855/rpc.statd udp 0 0 :::713 :::* 1810/rpcbind udp 0 0 :::111 :::* 1810/rpcbind
实例:-e参数的使用
[root@Linux_22 ~]# netstat –tne #以扩展格式查看,显示用户UID等信息Active Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 192.168.4.22:22 192.168.4.1:52839 ESTABLISHED 0 20117注意:User:说明启动此进程的用户的UID
Inode:所使用的套接字文件的inode值
实例:查看本机UDP相关连接
[root@Linux_22 ~]# netstat -unActive Internet connections (w/o servers)Proto Recv-Q Send-Q Local Address Foreign Address State [root@Linux_22 ~]# netstat -unlActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State udp 0 0 0.0.0.0:34454 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:713 0.0.0.0:* udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* udp 0 0 0.0.0.0:759 0.0.0.0:* udp 0 0 :::57112 :::* udp 0 0 :::713 :::* udp 0 0 :::111 :::*注意:UDP是无连接的协议,所以没有状态。
显示接口的统计数据:
netstat {--interfaces|-I|-i} [iface] [--all|-a][--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]netstat
-i:显示所有接口的统计数据:
实例:显示所有接口的统计数据
[root@Linux_22 ~]# netstat –i #小写的iKernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeth0 1500 0 1428 0 0 0 870 0 0 0 BMRUeth1 1500 0 6356 0 0 0 368 0 0 0 BMRUlo 16436 0 0 0 0 0 0 0 0 0 LRU
指定接口:
netstat -i<IFace>实例:显示某一接口的统计数据
[root@Linux_22 ~]# netstat -ieth0 Kernel Interface tableIface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flgeth0 1500 0 1397 0 0 0 852 0 0 0 BMRU注意:上面对应的值使用ifconfig eth0也可以显示出来
-i和eth0之间没有空格
ifup/ifdown命令:
注意:这两个命令是通过配置文件/etc/sysconfig/network-scripts/ifcfg-IFACE来识别接口并完成配置;
[root@Linux_1 ~]# ifdown eth1用法: ifdown <设备名>[root@Linux_1 ~]# cd/etc/sysconfig/network-scripts/[root@Linux_1 network-scripts]# lsifcfg-eth0 ifdown-ippp ifdown-routes ifup-bnep ifup-plip ifup-sit network-functionsifcfg-lo ifdown-ipv6 ifdown-sit ifup-eth ifup-plusb ifup-tunnel network-functions-ipv6ifdown ifdown-isdn ifdown-tunnel ifup-ippp ifup-post ifup-wirelessifdown-bnep ifdown-post ifup ifup-ipv6 ifup-ppp init.ipv6-globalifdown-eth ifdown-ppp ifup-aliases ifup-isdn ifup-routes net.hotplug[root@Linux_1 network-scripts]# vimifcfg-loDEVICE=loIPADDR=127.0.0.1NETMASK=255.0.0.0NETWORK=127.0.0.0# If you're having problems with gated making 127.0.0.0/8 a martian,# you can change this to something else (255.255.255.255, forexample)BROADCAST=127.255.255.255ONBOOT=yesNAME=loopback提示如上子网掩码是255.0.0.0,所以只要ip地址是以127开头的就代表是本地回环地址~
hostname命令:
CentOS6的设置方法如下:查看:hostname
配置:hostname HOSTNAME
注意:
C 以上设置方法仅对当前系统有效,重启后无效;
CentOS6需要改配置文件才能永久生效,即hostname配置文件:
/etc/sysconfig/network
HOSTNAME=<HOSTNAME>
注意:此方法的设置不会立即生效; 需要重启以后会一直有效;
CentOS7的设置方法如下:
hostnamectl status:显示当前主机名信息;
hostnamectl set-hostname:设定主机名,永久有效;
注意:
C CentOS的设置方法是永久有效的,不需要改配置文件。
配置DNS服务器指向:
配置文件:/etc/resolv.conf
nameserver DNS_SERVER_IP
dig命令
功能:Dig是一个在类Unix命令行模式下查询DNS包括NS记录,A记录,MX记录等相关信息的工具。DNS lookup utility全名:domain information groper
如何测试(host/nslookup/dig):
A:把主机名解析为IP
-x:反解析,把IP地址解析为域名
注意:
dig不会检查host文件,而是直接使用DNS服务器。
# dig -t A FQDN
FQDN --> IP
示例:把域名解析为ip地址
[root@Linux_1 ~]# dig -t A www.baidu.com; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6<<>> -t A www.baidu.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3994;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5;; QUESTION SECTION:;www.baidu.com. IN A;; ANSWER SECTION:www.baidu.com. 5 IN CNAME www.a.shifen.com.www.a.shifen.com. 5 IN A 119.75.217.109www.a.shifen.com. 5 IN A 119.75.218.70;; AUTHORITY SECTION:a.shifen.com. 5 IN NS ns3.a.shifen.com.a.shifen.com. 5 IN NS ns4.a.shifen.com.a.shifen.com. 5 IN NS ns5.a.shifen.com.a.shifen.com. 5 IN NS ns2.a.shifen.com.a.shifen.com. 5 IN NS ns1.a.shifen.com.;; ADDITIONAL SECTION:ns1.a.shifen.com. 5 IN A 61.135.165.224ns2.a.shifen.com. 5 IN A 180.149.133.241ns3.a.shifen.com. 5 IN A 61.135.162.215ns4.a.shifen.com. 5 IN A 115.239.210.176ns5.a.shifen.com. 5 IN A 119.75.222.17;; Query time: 54 msec;; SERVER: 192.168.174.2#53(192.168.174.2);; WHEN: Fri Jan 1 09:08:182016;; MSG SIZE rcvd: 260
# dig -x IP
IP --> FQDN
示例:把ip地址反解成域名
[root@Linux_1 ~]# dig -x 119.75.217.109; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6<<>> -x 119.75.217.109;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:42731;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;109.217.75.119.in-addr.arpa. IN PTR;; AUTHORITY SECTION:119.in-addr.arpa. 5 IN SOA ns1.apnic.net.read-txt-record-of-zone-first-dns-admin.apnic.net. 3006087382 7200 1800 604800172800;; Query time: 4024 msec;; SERVER: 192.168.174.2#53(192.168.174.2);; WHEN: Fri Jan 1 09:09:222016;; MSG SIZE rcvd: 134注意:大多数ip不支持反解
nslookup命令
host命令
iproute家族:
ip命令:
功能:操作管理路由、设备、策略路由和隧道show manipulate routing, devices, policy routing and tunnelsip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route |netns }
提示:
OBJECT可简写,各OBJECT的子命令也可简写;
ip link子命令:
功能:网络设备配置(network device configuration)ip link set功能:改变设备的属性(changedevice attributes)
dev NAME (default):指明要管理的设备,dev关键字可省略;
up和down:
multicast on或multicastoff:启用或禁用多播(即组播)功能;
name NAME:重命名接口
mtu NUMBER:设置MTU的大小,默认为1500;
netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
实例:禁用网卡
[root@Linux_11 route]# ip link set eth1down 或者 ip link dev eht1 down # dev关键字可省略[root@Linux_11 route]# ip link show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000 link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
实例:启用网卡的多播功能
[root@Linux_11 route]# ip link set eth2multicast on[root@Linux_11 route]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000 link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
实例:给网卡接口改名
[root@Linux_11 route]# ip link set eth2name eth222RTNETLINK answers: Device or resource busy[root@Linux_11 route]# ip link set eth2down #需要先停止网卡再改名[root@Linux_11 route]# ip link set eth2name eth222[root@Linux_11 route]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast stateDOWN qlen 1000 link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff4: eth222:<BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000link/ether 00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff注意:必须先禁用此网卡才能够改名
知识点:什么是MTU?
通信术语,最大传输单元(Maximum Transmission Unit,MTU)是指一种通信协议的某一层上面所能通过的最大数据包大小(以字节为单位)。最大传输单元这个参数通常与通信接口有关(网络接口卡、串口等)“MTU=最大传输单元单位:字节 英文:MaximumTransmission Unit”我们平时上网时的各种操作,都是通过一个又一个“数据包”传输来实现的。而MTU指定了网络中可传输数据包的最大尺寸,在我们常用的以太网中,MTU是1500字节。超过此大小的数据包就会将多余的部分拆分再单独传输。就像货车通过限高的桥洞一样,货物高度超过限制高度了,就需要卸下一些货物,分两批通过限高路段。
ip link show 功能:显示设备的属性( display device attributes)
与ip link list作用完全相同
实例:显示所有设备的属性
[root@Linux_11 route]# ip link show #显示所有的设备的属性1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc(队列) pfifo_fast(队列类型) stateUP(当前状态) qlen 1000(支持的队列长度) link/ether00:0c:29:06:12:de brd ff:ff:ff:ff:ff:ff(广播地址)4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
实例:仅显示某一个设备的属性
[root@Linux_11 ~]# ip link show eth24: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
ip link help - 显示简要使用帮助;
ip netns子命令
功能:管理网络命名空间(manage network namespaces)用于将接口移动到指定的网络名称空间;全名:net name space
提示:
CentOS6默认不支持
ip netns list:列出所有的netns
[root@localhost ~]# ip netns add mynet[root@localhost ~]# ip netns listmynetip netns addip netns add NAME:创建指定的netns
实例:增加一个网络命名空间,并且将一个网卡加入此网络命令空间
[root@localhost ~]# ip netns add mynet[root@localhost ~]# ip netns listmynet[root@localhost system]# ip link setens38 netns mynet[root@localhost system]# ifconfig #此时ens38放到网络命令空间中了,使用ifconfig看不见ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.71 netmask 255.255.255.0 broadcast 192.168.3.255 inet6fe80::20c:29ff:fec7:1712 prefixlen64 scopeid 0x20<link> ether00:0c:29:c7:17:12 txqueuelen 1000 (Ethernet) RX packets 1440 bytes 145012 (141.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1015 bytes 133509 (130.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether00:0c:29:c7:17:1c txqueuelen 1000 (Ethernet) RX packets 98 bytes 10247 (10.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 50 bytes 8652 (8.4 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 1944 bytes 169256 (165.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1944 bytes 169256 (165.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost system]# ip netns execmynet ip link show #使用此命令显示网络命令空间中的网卡1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:004: ens38: <BROADCAST,MULTICAST> mtu 1500qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:c7:17:26 brd ff:ff:ff:ff:ff:ff
ip netns delip netns del NAME:删除指定的netns
[root@localhost ~]# ip netns showmynet[root@localhost ~]# ip netns del mynet[root@localhost ~]# ip netns show[root@localhost ~]#ip netns execip netns exec NAME COMMAND:在指定的netns中运行命令
[root@localhost system]# ip netns execmynet ip link show #使用此命令显示网络命令空间中的网卡1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:004: ens38: <BROADCAST,MULTICAST> mtu 1500qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:0c:29:c7:17:26 brd ff:ff:ff:ff:ff:ff
ip address 子命令
功能:协议地址管理(protocoladdress management)ip address add功能:给网卡设备添加一个ip地址add new protocol address
ip addr add IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名,即在一个接口上添加多个ip地址
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:作用域,适用范围。scope的值有如下几个:
global:全局可用;
site:仅ipv6可用
link:接口可用;
host:仅本机可用;
实例:给网卡添加一个地址
[root@Linux_11 ~]# ip addr add192.168.4.12/24 dev eth2[root@Linux_11 ~]# ip addr show eth24: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff inet 192.168.4.12/24 scopeglobal eth2 inet6fe80::20c:29ff:fe06:12e8/64 scope link valid_lft foreverpreferred_lft forever [root@Linux_11 ~]# ifconfig eth2eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8 inetaddr:192.168.4.12 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:13errors:0 dropped:0 overruns:0 frame:0 TX packets:12errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:4446 (4.3 KiB) TX bytes:831 (831.0 b) Interrupt:16 Baseaddress:0x2424注意:如上eth2前面的dev是不能省略的
实例:在一个网卡上设置多个ip地址
[root@Linux_11 ~]# ip addr add192.168.2.10/24 dev eth2[root@Linux_11 ~]# ip addr show eth24: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff inet 192.168.4.12/24 scope global eth2 inet192.168.2.10/24 scope global eth2 inet6fe80::20c:29ff:fe06:12e8/64 scope link valid_lft foreverpreferred_lft forever[root@Linux_11 network-scripts]# ifconfigeth2eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8 inetaddr:192.168.4.12 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:39errors:0 dropped:0 overruns:0 frame:0 TX packets:12errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:13338 (13.0 KiB) TX bytes:831 (831.0 b) Interrupt:16 Baseaddress:0x2424注意:如上所示,此时ifconfig显示不了第二个设置的地址,所以必须给后来添加的ip地址加一个标签,即接口别名。[root@Linux_11 ~]# ifconfig eth0eth0 Linkencap:Ethernet HWaddr00:0C:29:06:12:D4 inet addr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:919errors:0 dropped:0 overruns:0 frame:0 TX packets:761errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:86494 (84.4KiB) TX bytes:94107 (91.9 KiB) Interrupt:19 Baseaddress:0x2024 [root@Linux_11 ~]# ip addr add192.168.2.10/24 dev eth0 label eth0:7[root@Linux_11 ~]# ip addr show eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.3.11/24 brd 192.168.3.255 scopeglobal eth0 inet192.168.2.10/24 scope global eth0:7 inet6fe80::20c:29ff:fe06:12d4/64 scope link valid_lft foreverpreferred_lft forever[root@Linux_11 ~]# ifconfig eth0 Linkencap:Ethernet HWaddr00:0C:29:06:12:D4 inetaddr:192.168.3.11 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr:fe80::20c:29ff:fe06:12d4/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:1195errors:0 dropped:0 overruns:0 frame:0 TX packets:966 errors:0 dropped:0 overruns:0carrier:0 collisions:0txqueuelen:1000 RX bytes:111564(108.9 KiB) TX bytes:117285 (114.5 KiB) Interrupt:19 Baseaddress:0x2024 eth0:7 Link encap:Ethernet HWaddr 00:0C:29:06:12:D4 inetaddr:192.168.2.10 Bcast:0.0.0.0 Mask:255.255.255.0 UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 Interrupt:19 Baseaddress:0x2024
ip address delete功能:删除ip地址delete protocol address
ip addr delete IFADDR dev IFACE
实例:使用ifconfig删除ip地址
[root@Linux_11 ~]# ifconfig eth2 0 #直接在eth2后面加一个0即可[root@Linux_11 ~]# ifconfig eth2eth2 Linkencap:Ethernet HWaddr00:0C:29:06:12:E8 inet6 addr:fe80::20c:29ff:fe06:12e8/64 Scope:Link UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1 RX packets:2errors:0 dropped:0 overruns:0 frame:0 TX packets:12errors:0 dropped:0 overruns:0 carrier:0 collisions:0txqueuelen:1000 RX bytes:684 (684.0b) TX bytes:831 (831.0 b) Interrupt:16 Baseaddress:0x2424
实例:使用ip命令删除
[root@Linux_11 ~]# ip addr delete192.168.2.10/24 dev eth0 #delete可以写成del[root@Linux_11 ~]# ip addr show eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.3.11/24 brd 192.168.3.255scope global eth0 inet6fe80::20c:29ff:fe06:12d4/64 scope link valid_lft foreverpreferred_lft forever
ip address show功能:显示网卡的ip地址look at protocol addresses
ip addr list [IFACE]:显示接口的地址;
注意:ip addrlist 和ip addr how作用一样
实例:显示网卡的地址
[root@Linux_11 ~]# ip ad list #注意这个地方可以简写,只要可以唯一的识别出来就可以了1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue stateUNKNOWN link/loopback00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scopehost lo inet6 ::1/128 scope host valid_lft foreverpreferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.3.11/24 brd 192.168.3.255 scope globaleth0 inet6fe80::20c:29ff:fe06:12d4/64 scope link valid_lft foreverpreferred_lft forever
ip address flush功能:清空ip地址(flush protocol addresses)
ip addr flush dev IFACE
实例:清空地址
[root@Linux_11 ~]# ip addr show eth24: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff inet 192.168.4.1/24 brd192.168.4.255 scope global eth2 inet6fe80::20c:29ff:fe06:12e8/64 scope link valid_lft foreverpreferred_lft forever[root@Linux_11 ~]# ip addr flu dev eth2[root@Linux_11 ~]# ip addr show eth24: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:e8 brd ff:ff:ff:ff:ff:ff
ip route 子命令
功能:路由表管理器(routing table management)ip route add功能:add new route
提示:
使用这种方法添加路由不用指定是主机路由(host)还是网络路由(net)
可以使用src指定源地址
如:
iproute add 192.168.0.0/24 via 10.0.0.1 dev eth0 src 10.0.0.100
实例:添加一条路由
[root@Linux_11 ~]# ip addr add10.0.0.100/8 dev eth0[root@Linux_11 ~]# ip addr list eth02: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdiscpfifo_fast state UNKNOWN qlen 1000 link/ether00:0c:29:06:12:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.3.11/24 brd 192.168.3.255 scopeglobal eth0 inet10.0.0.100/8 scope global eth0 inet6fe80::20c:29ff:fe06:12d4/64 scope link valid_lft foreverpreferred_lft forever[root@Linux_11 ~]# ip route add192.168.0.0/24 via 10.0.0.1 dev eth0[root@Linux_11 ~]# ip route list 192.168.4.0/24 dev eth2 protokernel scope link src 192.168.4.1 192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11 192.168.0.0/24 via 10.0.0.1 dev eth0 169.254.0.0/16 dev eth0 scopelink metric 1002 169.254.0.0/16 dev eth2 scopelink metric 1004 10.0.0.0/8 dev eth0 proto kernel scope link src 10.0.0.100提示:via指的是网关
实例:添加默认网关
[root@Linux_11 ~]# ip route add defaultvia 192.168.4.100 dev eth2[root@Linux_11 ~]# ip route list 192.168.4.0/24 dev eth2 protokernel scope link src 192.168.4.1 metric 1 192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11 metric 1 default via 192.168.4.100 dev eth2 提示:后面的dev eth2都不能省略[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
注意:
添加的网关ip必须和某一个网卡上的ip在同一个网段内,否则添加不了。
ip route change功能:修改路由条目change route
ip route replace功能:change or add new one
提示:
若路由已经存在则改变,不存在则添加
ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
ip route deletedelete route
ip route del TYPE PRIFIX
示例:
# ip route delete 192.168.1.0/24
实例:删除一条路由
[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2[root@Linux_11 ~]# ip route delete172.16.0.0/24[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2
实例:删除默认网关
[root@Linux_1 network-scripts]# ip routeadd default via 192.168.3.12 dev eth0[root@Linux_1 network-scripts]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth00.0.0.0 192.168.3.12 0.0.0.0 UG 0 0 0 eth0[root@Linux_1 network-scripts]# ip routedelete default[root@Linux_1 network-scripts]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
ip route showip route list
list routes
TYPE PRIFIX
实例:显示路由
[root@Linux_11 ~]# ip route list 192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.1 metric 1 192.168.3.0/24 dev eth0 protokernel scope link src 192.168.3.11 metric 1 default via 192.168.4.100 dev eth2 [root@Linux_11 ~]# ip route show src192.168.4.1192.168.4.0/24 dev eth2 proto kernel scope link metric 1ip route flush功能:flush routing tables
[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2[root@Linux_11 ~]# ip route flush172.16/24[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2[root@Linux_11 ~]#ip route get功能:获取单条路由get a single route
ip route get TYPE PRIFIX
示例:ip route get 192.168.0.0/24
实例:获取单条路由
[root@Linux_11 ~]# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface192.168.4.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2192.168.3.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0172.16.0.0 192.168.3.88 255.255.255.0 UG 0 0 0 eth00.0.0.0 192.168.4.100 0.0.0.0 UG 0 0 0 eth2[root@Linux_11 ~]# ip route get172.16.0.0/24172.16.0.0 via 192.168.3.88 dev eth0 src 192.168.3.11 cache mtu 1500 advmss 1460 hoplimit 64
本文出自 “静心&清心” 博客,谢绝转载!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- W5500EVB TCP Client模式设置说明
- apache httpclient CacheStorage的一个自定义实现
- 20个漂亮的单页传单设计欣赏
- 网络取证原理与实战
- 深度学习方法(五):卷积神经网络CNN经典模型整理Lenet,Alexnet,Googlenet,VGG,Deep Residual Learning
- 深度学习方法(五):卷积神经网络CNN经典模型整理Lenet,Alexnet,Googlenet,VGG,Deep Residual Learning
- 深度学习方法(五):卷积神经网络CNN经典模型整理Lenet,Alexnet,Googlenet,VGG,Deep Residual Learning
- 从输入网址到显示网页的全过程分析
- Caffe学习记录:Cifar-10 自定义网络训练记录
- 【Linux探索之旅】第四部分第四课:分析网络,隔离防火
- 【Linux探索之旅】第四部分第四课:分析网络,隔离防火
- https提供安全的web通讯
- 如何监测Apache http
- TCP编程
- MD5Util开发工具类
- debian网络设置
- 使用ASIHTTPRequest 编译提示找不到"libxml/HTMLparser.h"的解决
- http协议常用功能整理
- http协议常用功能整理之web缓存
- 高性能httpClient