2019独角兽企业重金招聘Python工程师标准>>>
Linux网络基础
- ip addr 命令 :查看网口信息
- ifconfig命令:查看网口信息,要比ip addr更明了一些 centos 7默认没安装ifconfig命令,可以使用yum install -y net-tools命令来安装。
- ifconfig -a查看所有的网口信息,包括down掉的网口。
- ifdown 网卡 :禁用该网卡
- ifup 网卡 :启用该网卡 ifdown/ifup命令适用于单独重启一块网卡使用。 当所有网卡和网络服务都需要重启时,使用 systemctl restart network.service 命令。 ip addr / ifconfig:
[root@localhost ~]# ip addr
1: lo:
2: eno16777736:
[root@localhost ~]# ifconfig
eno16777736: flags=4163
lo: flags=73
重启一块网卡,ifdown 网卡 && ifup 网卡
[root@localhost ~]# ifdown eno16777736 && ifup eno16777736
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
重启整个网络服务 systemctl restart network.service
设置虚拟网卡并添加ip
- cp ifcfg-em1 ifcfg-em1:\0
- vim ifcfg-em1:0
HWADDR=00:0C:29:CA:10:BB
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em1:0 改名字
UUID=8fa73c35-53a7-432b-a659-752a2930ee49
ONBOOT=yes
IPADDR=192.168.254.150 该ip
NETMASK=255.255.255.0
查看网口状态
-mii -tool 可以查看网口是否连接网线 -ethtool 可以查看网口信息
[root@localhost network-scripts]# mii-tool eno16777736
eno16777736: negotiated 1000baseT-FD flow-control, link ok
[root@localhost network-scripts]# ethtool eno16777736
Settings for eno16777736:Supported ports: [ TP ]Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: NoSupports auto-negotiation: YesAdvertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: NoAdvertised auto-negotiation: YesSpeed: 1000Mb/sDuplex: FullPort: Twisted PairPHYAD: 0Transceiver: internalAuto-negotiation: onMDI-X: off (auto)Supports Wake-on: dWake-on: dCurrent message level: 0x00000007 (7)drv probe linkLink detected: yes
更改主机名命令
- hostname:查看主机名
- hostnamectl set-hostname name 更改主机名
- 主机名配置文件为/etc/hostname
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# hostnamectl set-hostname llll
[root@localhost ~]# hostname
llll
[root@localhost ~]# cat /etc/hostname
llll
dns配置文件 /etc/resolv.conf
- etc/hosts 为静态域名解析配置文件,仅本机生效
Linux防火墙 netfilter firewalld
centos 7之前用的防火墙是netfilter 之后的防火墙是firewalld ,centos 7一样可以运行netfilter。步骤如下:
- systemctl disable firewalld 开机不启动firewalld
- systemctl stop firewalld 关掉firewalld
- yum install -y iptables-services 安装netfilter
- systemctl enble iptables
- systemctl start iptables 运行netfilter、
[root@localhost ~]# systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum install -y iptables-services
[root@localhost ~]# systemctl enable iptables
ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
[root@localhost ~]# systemctl start iptables
- iptables -nvL 查看默认规则
[root@localhost ~]# systemctl enable iptables
ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
[root@localhost ~]# systemctl start iptables
[root@localhost ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 29 2044 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22161 17185 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT 58 packets, 7996 bytes)pkts bytes target prot opt in out source destination
iptables 有五个表,filter nat mangle raw security 常用的表示filter 和nat iptables 的规则保存在 /etc/sysconfig/iptables 中
- iptables -F 清空规则,不会清空规则文件中的规则,除非使用service iptables save.
- systemctl iptables restart 重启iptables
- iptables -Z 清空计数器
- iptables -t 指定表,不加-t默认是指定到filter
- iptables -A 添加一条规则,会写到最后面
- iptables -I 插入一条规则,会写到最前面,前面匹配到规则直接执行,不会继续向匹配
- iptables -D 删除一条规则
- iptables -nuL --line-number 查看规则编号
- iptables -D 表 编号 通过编号删除规则
- iptables -P 更改默认规则(accept,drop,eject三个选项),最好不要动