网络配置

NAT和仅主机

VMware 中的网络模式

连接模式	特点
桥接	虚拟机和物理机连接同一网络，两者之间是并列关系，通过Vmnet0 这个HUB连接
NAT	虚拟机通过Vmnet8这个HUB互相连接，再通过物理机上的Vmnet8网卡连接物理机，能访问外网，物理机充当路由器
仅主机	虚拟机通过Vmnet1这个HUB互相连接，再通过物理机上的Vmnet1网卡连接物理机，不能访问外网

统一网卡名称

CentOS 6之前，网络接口使用连续号码命名：eth0、eth1等，但是，如果再新增硬件设备，也有可能会被识别成 eth0，eth1 等；

CentOS 7开始，改变了网卡设备命名规则，基于硬件生成网卡名，例如 ens33,ens160 等，可以保证网卡名称稳定且唯一；但是在批量环境中，没办法统一；

出于批量管理，以及脚本的通用性等方面的考虑；

在某些情况下，需要将新的网卡命名规则改成传统的命名方式；即将 ens33,ens160等名称改为 eth0,eth1 这样；

修改方法

修改 /etc/default/grub 在 GRUB_CMDLINE_LINUX 行后面加上 net.ifnames=0
修改网卡配置文件，将原网卡名的相关内容替换成新的
重新读取配置文件，并重启

Rocky8.6

修改 /etc/sysconfig/network-scripts/ifcfg-ens160 将文件内的 ens160 替换成 eth0

并修改文件名，将 ifcfg-ens160 修改成 ifcfg-eth0

重新读取配置文件
基于UEFI模式引导的系统 grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
基于BIOS模式引导的系统 grub2-mkconfig -o /boot/grub2/grub.cfg

再执行重启 reboot

Ubuntu22.04

重新读取配置文件
grub-mkconfig -o /boot/grub/grub.cfg

再执行重启 reboot

Rocky8.6

#查看
[root@rocky86 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:9a brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.158/24 brd 10.0.0.255 scope global dynamic noprefixroute ens160
       valid_lft 1728sec preferred_lft 1728sec
   inet6 fe80::20c:29ff:fef3:449a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000
   link/ether 52:54:00:b3:0b:96 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever


#修改
[root@rocky86 ~]# vim /etc/default/grub 
GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/rl-swap rd.lvm.lv=rl/root rd.lvm.lv=rl/swap rhgb quiet net.ifnames=0"

#修改, 将文件内的ens160改成 eth0
[root@rocky86 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
#修改文件名
[root@rocky86 ~]# mv /etc/sysconfig/network-scripts/ifcfg-ens160 etc/sysconfig/network-scripts/ifcfg-eth0

#重读配置文件并重启
[root@rocky86 ~]# grub2-mkconfig -o /etc/grub2.cfg;reboot
Generating grub configuration file ...
done

#再次查看
[root@rocky86 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:9a brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.158/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
       valid_lft 1776sec preferred_lft 1776sec
   inet6 fe80::20c:29ff:fef3:449a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000
   link/ether 52:54:00:b3:0b:96 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever

Ubuntu22.04

#查看
root@ubuntu22:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:5d brd ff:ff:ff:ff:ff:ff
   altname enp2s1
   inet 10.0.0.159/24 metric 100 brd 10.0.0.255 scope global dynamic ens33
       valid_lft 1695sec preferred_lft 1695sec
   inet6 fe80::20c:29ff:fe29:555d/64 scope link 
       valid_lft forever preferred_lft forever


#修改
root@ubuntu22:~# vim /etc/default/grub
GRUB_CMDLINE_LINUX=" net.ifnames=0"

#重读配置文件并重启
root@ubuntu22:~# grub-mkconfig -o /boot/grub/grub.cfg;reboot
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Found linux image: /boot/vmlinuz-5.15.0-41-generic
Found initrd image: /boot/initrd.img-5.15.0-41-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done

#再次查看
root@ubuntu22:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:5d brd ff:ff:ff:ff:ff:ff
   altname enp2s1
   altname ens33
   inet 10.0.0.159/24 metric 100 brd 10.0.0.255 scope global dynamic eth0
       valid_lft 1551sec preferred_lft 1551sec
   inet6 fe80::20c:29ff:fe29:555d/64 scope link 
       valid_lft forever preferred_lft forever

临时修改网卡名

1
2
3

[root@Rocky86 ~]# ip link set ens160 down
[root@Rocky86 ~]# ip link set ens160 name abc
[root@Rocky86 ~]# ip link set abc up

网络配置

将主机接入到网络，需要进行网络配置，每个网卡，都需要有对应的配置文件，才能永久生效

网络配置的两种方式

静态指定：

static，写在配置文件中，不会根据环境的改变而发生变化

动态分配：

DHCP，Dynamic Host Configuration Protocol，根据动态主机配置协议生成相应的配置

Red Hat 系列网卡配置

配置文件

网卡配置文件存在于 /etc/sysconfig/network-scripts/ 目录中，以 ifcfg-XXX的格式来命名路径是固定的，文件命名规则也是固定的

[root@rocky86 ~]# ll /etc/sysconfig/network-scripts/
total 4
-rw-r--r-- 1 root root 244 Aug 10 14:57 ifcfg-eth0


[root@rocky86 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=5c093cad-84c9-4cfc-8b6f-e1041db357df
DEVICE=eth0
ONBOOT=yes

常用配置项

添加一块网卡，并指定NAT模式

[root@rocky86 ~]# cd /etc/sysconfig/network-scripts
[root@rocky86 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=con-eth1
IPADDR=10.0.0.88
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DNS2=114.114.114

#查看
[root@rocky86 network-scripts]# nmcli connection
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0 77c5c6bc-b04f-4ae4-a8eb-16fdf62e9a70 bridge   virbr0

[root@rocky86 network-scripts]# nmcli connection reload

#再次查看
[root@rocky86 network-scripts]# nmcli connection
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
con-eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1   
virbr0   77c5c6bc-b04f-4ae4-a8eb-16fdf62e9a70 bridge   virbr0

#查看
[root@rocky86 network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.88 netmask 255.255.255.0 broadcast 10.0.0.255
       inet6 fe80::20c:29ff:fef3:44a4 prefixlen 64 scopeid 0x20<link>
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 23 bytes 2911 (2.8 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 51 bytes 5768 (5.6 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

rocky9版本

# 配置文件位置改变了
[root@rocky ~]# head -2 /etc/sysconfig/network-scripts/readme-ifcfg-rh.txt 
NetworkManager stores new network profiles in keyfile format in the
/etc/NetworkManager/system-connections/ directory.

[root@rocky ~]# cd /etc/NetworkManager/system-connections/
[root@rocky system-connections]# ls
ens160.nmconnection


[root@rocky system-connections]# cat ens224.nmconnection 
[connection]
id=ens224
type=ethernet
autoconnect-priority=-999
interface-name=ens224
timestamp=1731977286

[ethernet]

[ipv4]
address1=192.168.100.11/24,192.168.100.2
dns=223.5.5.5;223.6.6.6;114.114.114.114;8.8.8.8;8.8.6.6;
method=manual

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]

[root@rocky system-connections]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
ens160              f334ca6b-bf42-3ab3-ad1f-3aaea7da854c  ethernet  ens160 
Wired connection 1  a4d30586-2de7-3d29-9bcd-591380ded7e7  ethernet  ens224 
lo                  f4b4eedb-3433-44b0-a767-6ba41fef4294  loopback  lo     
ens224              4242c0f6-b9ba-39f4-b11e-fb965a79d709  ethernet  --     

[root@rocky system-connections]# nmcli connection up ens224
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)

[root@rocky system-connections]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6d:49:5a brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.1.11/24 brd 192.168.1.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6d:495a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:6d:49:64 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe6d:4964/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

# 删掉刚开始的网卡
[root@rocky system-connections]# nmcli connection 
NAME                UUID                                  TYPE      DEVICE 
ens160              f334ca6b-bf42-3ab3-ad1f-3aaea7da854c  ethernet  ens160 
ens224              4242c0f6-b9ba-39f4-b11e-fb965a79d709  ethernet  ens224 
lo                  f4b4eedb-3433-44b0-a767-6ba41fef4294  loopback  lo     
Wired connection 1  a4d30586-2de7-3d29-9bcd-591380ded7e7  ethernet  --     

[root@rocky system-connections]# nmcli connection delete Wired\ connection\ 1
Connection 'Wired connection 1' (a4d30586-2de7-3d29-9bcd-591380ded7e7) successfully deleted.

[root@rocky system-connections]# nmcli connection 
NAME    UUID                                  TYPE      DEVICE 
ens160  f334ca6b-bf42-3ab3-ad1f-3aaea7da854c  ethernet  ens160 
ens224  4242c0f6-b9ba-39f4-b11e-fb965a79d709  ethernet  ens224 
lo      f4b4eedb-3433-44b0-a767-6ba41fef4294  loopback  lo

查看DNS

[root@rocky86 network-scripts]# nmcli conn reload
[root@rocky86 network-scripts]# cat /etc/resolv.conf 
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2


#新增114 DNS
[root@rocky86 network-scripts]# nmcli conn up con-eth1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@rocky86 network-scripts]# cat /etc/resolv.conf 
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2
nameserver 114.114.114.114

使用DNS解析域名

# yum install bind-utils -y
[root@rocky86 ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 163.177.151.110
www.a.shifen.com has address 163.177.151.109

[root@rocky86 ~]# host www.baidu.com 114.114.114.114
Using domain server:
Name: 114.114.114.114
Address: 114.114.114.114#53
Aliases: 

www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 163.177.151.109
www.a.shifen.com has address 163.177.151.110

域后缀

#添加域后缀
[root@rocky86 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=con-eth1
IPADDR=10.0.0.88
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DNS2=114.114.114.114
DOMAIN=magedu.com

[root@rocky86 network-scripts]# nmcli conn reload;nmcli conn up con-eth1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/6)

#查看DNS和域后缀
[root@rocky86 network-scripts]# cat /etc/resolv.conf 
# Generated by NetworkManager
search localdomain magedu.com
nameserver 10.0.0.2
nameserver 114.114.114.114

#默认补全
[root@rocky86 network-scripts]# ping www
PING www.magedu.org (160.121.140.246) 56(84) bytes of data.
64 bytes from 160.121.140.246 (160.121.140.246): icmp_seq=1 ttl=128 time=54.3 ms

添加一块网卡，并指定仅主机模式

[root@rocky86 ~]# cd /etc/sysconfig/network-scripts
[root@rocky86 network-scripts]# vim ifcfg-eth2
DEVICE=eth2
NAME=con-eth2
IPADDR=192.168.10.88
PREFIX=8

#查看
[root@rocky86 network-scripts]# nmcli connection
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
con-eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1   
virbr0   77c5c6bc-b04f-4ae4-a8eb-16fdf62e9a70 bridge   virbr0 

[root@rocky86 network-scripts]# nmcli connection reload;nmcli connection
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
con-eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1   
con-eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2   
virbr0   77c5c6bc-b04f-4ae4-a8eb-16fdf62e9a70 bridge   virbr0 

#查看
[root@rocky86 network-scripts]# ifconfig eth2
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 192.168.10.88 netmask 255.0.0.0 broadcast 192.255.255.255
       inet6 fe80::20c:29ff:fef3:44ae prefixlen 64 scopeid 0x20<link>
       ether 00:0c:29:f3:44:ae txqueuelen 1000 (Ethernet)
       RX packets 1 bytes 64 (64.0 B)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 45 bytes 5288 (5.1 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Centos7中的网卡生效方法

#7,8 通用
nmcli connection reload;nmcli connection up eth1

#仅centos7版本支持
systemctl restart network

#centos6
service network restart

修改后确认

#ip 确认
ip a
ip a show device

ifconfig
ifconfig device

#路由确认
route -n

ip route

#DNS确认
cat /etc/resolv.conf

Ubuntu 系列网卡配置

配置文件

网卡配置文件存在于 /etc/netplan/ 目录中，以 XXX.yaml 的格式来命名

路径是固定的，文件命名规则也是固定的

root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# ll
total 12
drwxr-xr-x  2 root root 4096 Jul  3 12:09 ./
drwxr-xr-x 99 root root 4096 Aug  8 12:09 ../
-rw-r--r--  1 root root  116 Jul  3 12:09 00-installer-config.yaml


root@ubuntu22:/etc/netplan# cat 00-installer-config.yaml 
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens33:
      dhcp4: true
  version: 2

yaml语言

yaml 是一种标记性语言，这种语言以数据做为中心，而不是以标记语言为重点。因而yaml本身的定义比简单，是 “一种人性化的语言”。

官方网站 https://yaml.org/

特点：可读性强，易于维护，上手快，写的时候，如果不是同一级，就给缩进，缩进比例保持一致就行

数据结构

#列表 List，以 “-” 开头

- tom
- jerry
- spike

#也可以写成这样
[tom,jerry,spike]

#字典 Dict，由k/v 构成
name: tom
age: 123

#也可以写成这样
{name: tom, age: 123}

列表和字典可以嵌套使用

name:
- tom
- jerry

age: [123,456]

{name: [tom,jerry],age: [123,456]}

常用配置项

添加一块网卡，并指定NAT模式

root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# ls
00-installer-config.yaml

#新增网卡配置文件
root@ubuntu22:/etc/netplan# vim eth1.yaml
network:
  renderer: networkd
  ethernets:
    eth1:
      addresses: [10.0.0.6/24,10.0.0.66/24]
      nameservers:
        search: [magedu.com,magedu.org]
        addresses: [10.0.0.2,180.76.76.76]
  version: 2
  
  
#让网卡生效  
root@ubuntu22:/etc/netplan# netplan apply

#查看
root@ubuntu22:/etc/netplan# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:67 brd ff:ff:ff:ff:ff:ff
   altname enp2s5
   altname ens37
   inet 10.0.0.6/24 brd 10.0.0.255 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.66/24 brd 10.0.0.255 scope global secondary eth1
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fe29:5567/64 scope link 
       valid_lft forever preferred_lft forever

添加一块网卡，并指定仅主机模式

root@ubuntu22:/etc/netplan# cd /etc/netplan/
root@ubuntu22:/etc/netplan# ls
00-installer-config.yaml eth1.yaml

#新增配置
root@ubuntu22:/etc/netplan# vim eth2.yaml
network:
  renderer: networkd
  ethernets:
    eth2:
      addresses:
        - 192.168.10.66/24
  version: 2


#生效
root@ubuntu22:/etc/netplan# netplan apply

#查看
root@ubuntu22:/etc/netplan# ip a show eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:71 brd ff:ff:ff:ff:ff:ff
   altname enp2s6
   altname ens38
   inet 192.168.10.66/24 brd 192.168.10.255 scope global eth2
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fe29:5571/64 scope link 
       valid_lft forever preferred_lft forever

查看路由

root@ubuntu22:/etc/netplan# route -n
Command 'route' not found, but can be installed with:
apt install net-tools
root@ubuntu22:/etc/netplan# apt install -y net-tools


root@ubuntu22:/etc/netplan# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
0.0.0.0         10.0.0.2        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.0.0.2        0.0.0.0         255.255.255.255 UH    100    0        0 eth0
192.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 eth2

查看DNS

#这里看不到
root@ubuntu22:/etc/netplan# cat /etc/resolv.conf

nameserver 127.0.0.53
options edns0 trust-ad
search magedu.com magedu.org localdomain


root@ubuntu22:~# resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
   Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.2
       DNS Servers: 10.0.0.2
       DNS Domain: localdomain
       
Link 3 (eth1)
   Current Scopes: DNS
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.2
       DNS Servers: 10.0.0.2 180.76.76.76
       DNS Domain: magedu.com magedu.org
       
Link 4 (eth2)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

网络配置命令

主机名

hostname

hostname是临时有效，重启后消失

hostname [-b] {hostname|-F file}         set host name (from file)
hostname [-a|-A|-d|-f|-i|-I|-s|-y]       display formatted name
hostname                                 display host name


#常用选项
-a|--alias                     #显示别名
-F|--file                      #从文件中读取
-i|--ip-address                #显示IP地址，仅显示能解析的地址
-I|--all-ip-addresses          #显示所有IP地址，包含不能被解析的，但不显示IPV6地址，不显示回环地址

范例：

#显示主机名
[root@rocky86 ~]# hostname
rocky86

#显示别名
[root@rocky86 ~]# hostname -a

#设置，从文件中读取
[root@rocky86 ~]# hostname -F name.txt

#显示IP地址
[root@rocky86 ~]# hostname -i
10.0.0.88

#显示所有IPV4地址
[root@rocky86 ~]# hostname -I
10.0.0.88 192.168.10.254 192.168.122.1

hostnamectl

写配置文件，永久有效

#查看
[root@rocky86 ~]# hostnamectl status
   Static hostname: n/a
Transient hostname: rocky86
         Icon name: computer-vm
           Chassis: vm
       Machine ID: 1b31abf8cbda4ca1b9c0fe93f527b3d5
           Boot ID: 0e901405a44c4c24ae33002867697c79
   Virtualization: vmware
 Operating System: Rocky Linux 8.6 (Green Obsidian)
       CPE OS Name: cpe:/o:rocky:rocky:8:GA
           Kernel: Linux 4.18.0-372.9.1.el8.x86_64
     Architecture: x86-64
     
     
#设置，写在 /etc/hostname 文件里面了，永久有效
[root@rocky86 ~]# hostnamectl set-hostname rocky86.m51.magedu.com


#查看
[root@rocky86 ~]# hostnamectl
   Static hostname: rocky86.m51.magedu.com
         Icon name: computer-vm
           Chassis: vm
       Machine ID: 1b31abf8cbda4ca1b9c0fe93f527b3d5
           Boot ID: 0e901405a44c4c24ae33002867697c79
   Virtualization: vmware
 Operating System: Rocky Linux 8.6 (Green Obsidian)
       CPE OS Name: cpe:/o:rocky:rocky:8:GA
           Kernel: Linux 4.18.0-372.9.1.el8.x86_64
     Architecture: x86-64

ifconfig 命令

该命令来自于net-tools包，建议使用 ip 代替

1 2	[root@Rocky86 ~]# rpm -qf /usr/sbin/ifconfig net-tools-2.0-0.52.20160912git.el8.x86_64

格式：

ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]
[add <address>[/<prefixlen>]]
[del <address>[/<prefixlen>]]
[[-]broadcast [<address>]] [[-]pointopoint [<address>]]
[netmask <address>] [dstaddr <address>] [tunnel <address>]
[outfill <NN>] [keepalive <NN>]
[hw <HW> <address>] [mtu <NN>]
[[-]trailers] [[-]arp] [[-]allmulti]
[multicast] [[-]promisc]
[mem_start <NN>] [io_addr <NN>] [irq <NN>] [media <type>]
[txqueuelen <NN>]
[[-]dynamic]
[up|down] ...


#常用选项
-a          #显示所有
-s          #以短格式显示
-v          #显示详细错误信息


<HW> #硬件类型 
#loop|slip|cslip|slip6|cslip6|adaptive|ash|ether|ax25|netrom|rose|tunnel
#ppp|hdlc|lapb|arcnet|dlci|frad|sit|fddi|hippi|irda|x25|infiniband|eui64

<AF> #地址类型，协议族unix|inet|inet6|ax25|netrom|ipx|ddp|ddp 


#常用子命令
add                              #给设备添加IPV6地址
del                              #删除IPV6地址
broadcast|-broadcast             #给设备添加广播地址|删除广播地址
pointtopoint|-pointtopoint       #设定点对点通讯协议
netmask                          #设定子网掩码
dstaddr                          #设定目标地址
tunnel                           #建立隧道
hw                               #指定硬件类型
mtu                              #指定设备最大传输单元(单位:字节)
arp|-arp                         #指定设备是否支持ARP协议
allmulti|-allmulti               #指定设备是否支持多播
multicast                        #指定组播
promisc|-promisc                 #指定设备支持promiscuous模式
up                               #启用设备
down                             #禁用设备

范例：

#查看所有启用的设备
[root@Rocky86 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.150 netmask 255.255.255.0 broadcast 10.0.0.255
       inet6 fe80::20c:29ff:fef3:449a prefixlen 64 scopeid 0x20<link>
       ether 00:0c:29:f3:44:9a txqueuelen 1000 (Ethernet)
       RX packets 552 bytes 633774 (618.9 KiB)   #接收到的数据包相关信息
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 309 bytes 29936 (29.2 KiB)     #发送的数据包相关信息
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
       
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
       inet 127.0.0.1 netmask 255.0.0.0
       inet6 ::1 prefixlen 128 scopeid 0x10<host>
       loop txqueuelen 1000 (Local Loopback)
       RX packets 26 bytes 2180 (2.1 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 26 bytes 2180 (2.1 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
       
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
       inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
       ether 52:54:00:b3:0b:96 txqueuelen 1000 (Ethernet)
       RX packets 0 bytes 0 (0.0 B)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 0 bytes 0 (0.0 B)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
       

#查看所有设备，包括禁用的
[root@Rocky86 ~]# ifconfig -a

#直接修改设备信息，临时有效
[root@Rocky86 ~]# ifconfig eth1 10.0.0.55 netmask 255.255.255.0

[root@Rocky86 ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.55 netmask 255.255.255.0 broadcast 10.0.0.255
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 67 bytes 5904 (5.7 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 57 bytes 5164 (5.0 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
       
#清除设备信息，临时有效，0.0.0.0可以写成 0
[root@Rocky86 ~]# ifconfig eth1 0.0.0.0
[root@Rocky86 ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 146 bytes 12539 (12.2 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 104 bytes 10585 (10.3 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
       
#启用和禁用
[root@Rocky86 ~]# ifconfig eth1 up
[root@Rocky86 ~]# ifconfig eth1 down

#显示流量统计
[root@Rocky86 ~]# ifconfig -s
Iface      MTU     RX-OK  RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500      1513       0      0      0     797      0      0      0 BMRU
lo       65536        38       0      0      0      38      0      0      0 LRU
virbr0    1500         0       0      0      0       0      0      0      0 BMU

#统计指定设备
[root@Rocky86 ~]# ifconfig -s eth0
Iface     MTU   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0     1500    1589      0      0      0     844      0      0      0 BMRU

#字段说明
Iface                            #网络设备
MTU                              #该接口设备最大传输单元，单位是字节，就是一个数据包不能超1500字节
RX-OK                            #收包时成功接收的数据包数量
RX-ERR                           #收包时出错的数据包的数量
RX-DRP                           #收包时丢弃的数据包的数量
RX-OVR                           #收包时由于过速(接收设备收不过来)而丢弃的数据包数量
TX-OK                            #发包时成功发送的包的数量
TX-ERR                           #发包时出错的数据包的数量
TX-DRP                           #发包时被丢弃的数据包的数量
TX-OVR                           #发包时由于过速而丢弃的数据包的数量
Flg                              #标志位


#Flg字段说明
B                           #该设备已经设置了广播地址
L                           #该设备是一个回环设备
M                           #该设备能接收所有经过它的数据包,而不论其目的地址是否是它本身(混乱模式)
N                           #该设备不能被追踪
O                           #在该设备上禁用ARP
P                           #这是一个点到点链接
R                           #当前设备正在运行
U                           #当前设备处于活动状态

route 命令

该命令来自于net-tools包，建议使用 ip 代替

格式：

route [-CFvnNee] [-A family |-4|-6]
route [-v] [-A family |-4|-6] add [-net|-host] target [netmask Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I] [reject] [mod] [dyn] [reinstate] [[dev] If]
route [-v] [-A family |-4|-6] del [-net|-host] target [gw Gw] [netmask Nm] [metric M][[dev] If]
route [-V] [--version] [-h] [--help]


#常用选项
-v|--verbose                   #显示详细信息
-n|--numeric                   #以IP格式显示，而不是以主机名显示
-e|--extend                    #显示扩展字段
-F|--fib                       #显示转发信息
-C|--cache                     #显示路由缓存
-V|--version                   #显示版本信息
-h|--help                      #显示帮助信息
-f                             #清除网关入口处路由表
-net                           #目标是一个网络
-host                          #目标是一个主机


#常用子命令
add
del
flush
netmask
gw
metric
Destination
Gateway

范例：查看路由表

#查看路由表
[root@Rocky86 ~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
default         bogon           0.0.0.0         UG    100    0        0 eth0
bogon           0.0.0.0         255.255.255.0   U     100    0        0 eth0
bogon           0.0.0.0         255.255.255.0   U     0      0        0 virbr0

#查看路由表，以IP格式显示
[root@Rocky86 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
0.0.0.0         10.0.0.2        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

路由表各字段

范例：添加路由

#添加路由：route add [-net|-host|default] target [netmask Nm] [gw GW] [[dev] If]

#目标：192.168.1.3 网关：172.16.0.1
route add -host 192.168.1.3 gw 172.16.0.1 dev eth0

#目标：192.168.0.0 网关：172.16.0.1
route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth0
route add -net 192.168.0.0/24 gw 172.16.0.1 dev eth0
route add -net 192.168.8.0/24 dev eth1 metric 200

#默认路由，网关：172.16.0.1
route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.16.0.1
route add -net 0.0.0.0/0 gw 172.16.0.1
route add default gw 172.16.0.1

范例：删除路由

#删除路由：route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]

#目标：192.168.1.3 网关：172.16.0.1
route del -host 192.168.1.3

#目标：192.168.0.0 网关：172.16.0.1
route del -net 192.168.0.0 netmask 255.255.255.0

ip route 命令

#添加
ip route add 20.0.0.0/24 dev eth0 via 10.0.0.123

#查看
ip route
ip route show

#删除
ip route del 20.0.0.0/24 dev eth0 via 10.0.0.123

用主机实现软路由

用主机模拟路由器，打通多个网段，实现跨网段连通

说明

主机1配置桥接，NAT两块网卡，充当路由
主机2配置仅主机，NAT两块网卡，充当路由
主机3配置一块桥接网卡，路由网关指向主机1桥接网卡上配置的IP地址
主机4配置一块仅主机网卡，路由网关指向主机2仅主机网卡上配置的IP地址
主机1和主机3的桥接网卡为一个网段
主机1和主机2的NAT网卡为一个网段
主机2和主机4的仅主机网卡为一个网段
通过上述配置，让主机3和主机4之间，经由主机1和主机2中转，实现连通

配置

配置主机1

#桥接网卡
[root@rocky86 network-scripts]# vim ifcfg-ens192
DEVICE=ens192
NAME=con-ens192
IPADDR=172.16.1.254
PREFIX=16

#NAT网卡
[root@rocky86 network-scripts]# vim ifcfg-ens160
DEVICE=ens160
NAME=con-ens160
IPADDR=10.0.0.8
PREFIX=8

#启用
[root@rocky86 network-scripts]# nmcli conn reload;nmcli con up con-ens160;nmcli 
con up con-ens192;
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/34)
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/35)

#查看
[root@rocky86 network-scripts]# ip a show ens160
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:23:22:1e brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.8/8 brd 10.255.255.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fe23:221e/64 scope link 
       valid_lft forever preferred_lft forever

[root@rocky86 network-scripts]# ip a show ens192
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:23:22:28 brd ff:ff:ff:ff:ff:ff
   inet 172.16.1.254/16 brd 172.16.255.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fe23:2228/64 scope link 
       valid_lft forever preferred_lft forever
       


#添加路由      
[root@rocky86 network-scripts]# route add -net 10.0.0.0/8 dev ens160

[root@rocky86 network-scripts]# route add -net 172.16.0.0/16 dev ens192

#添加指向 192.168.10.0 网段的网关，其出口设备为本机NAT网卡,网关为主机2上的NAT网卡地址
[root@rocky86 network-scripts]# route add -net 192.168.10.0/24 gw 10.0.0.88 dev ens160
              
[root@rocky86 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 ens160
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 ens192
192.168.10.0    10.0.0.88       255.255.255.0   UG    0      0        0 ens160   
    
#开启路由转发
[root@rocky86 network-scripts]# echo 1 > /proc/sys/net/ipv4/ip_forward

配置主机2

#NAT网卡
[root@rocky86 network-scripts]# vim ifcfg-eth0
DEVICE=eth0
NAME=con-eth0
IPADDR=10.0.0.88
PREFIX=8

#仅主机网卡
[root@rocky86 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=con-eth1
IPADDR=192.168.10.254
PREFIX=24

#启用
[root@rocky86 network-scripts]# nmcli con reload;nmcli con up con-eth0;nmcli con 
up con-eth1;
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/7)
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/8)

#查看
[root@rocky86 network-scripts]# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:9a brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.88/8 brd 10.255.255.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fef3:449a/64 scope link 
       valid_lft forever preferred_lft forever

#查看       
[root@rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 192.168.10.254/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fef3:44a4/64 scope link 
       valid_lft forever preferred_lft forever
       
       
#添加路由表
[root@rocky86 network-scripts]# route add -net 10.0.0.0/8 dev eth0
[root@rocky86 network-scripts]# route add -net 192.168.10.0/24 dev eth1

#添加指向 172.16.0.0 网段的网关，其出口设备为本机NAT网卡,网关为主机1上的NAT网卡地址
[root@rocky86 network-scripts]# route add -net 172.16.0.0/16 gw 10.0.0.8 dev eth0
[root@rocky86 network-scripts]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   Use Iface
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
172.16.0.0      10.0.0.8        255.255.0.0     UG    0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1

#开启路由转发
[root@rocky86 network-scripts]# echo 1 > /proc/sys/net/ipv4/ip_forward

配置主机3

#桥接网卡
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim eth0.yaml
network: 
 renderer: networkd
   eth0: 
     addresses: [172.16.1.110/16]
 version: 2
  
  
root@ubuntu22:/etc/netplan# netplan apply
  
root@ubuntu22:/etc/netplan# ip a show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_code1 state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:71 brd ff:ff:ff:ff:ff:ff
   altname enp2s6
   altname ens38
   inet 172.16.1.110/16 brd 172.16.255.255 scope global eth0
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fe29:5571/64 scope link
       valid_lft forever preferred_lft forever

#添加路由和网关       
root@ubuntu22:/etc/netplan# route add -net 172.16.0.0/16 dev eth0       
root@ubuntu22:/etc/netplan# route add default gw 172.16.1.254 dev eth0

配置主机4

#仅主机网卡
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim ens33.yaml
network: 
 renderer: networkd
   eth0: 
     addresses: [192.168.10.110/24]
 version: 2
  
  
root@ubuntu22:/etc/netplan# netplan apply
  
root@ubuntu22:/etc/netplan# ip a show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_code1 state UP 
group default qlen 1000
   link/ether 00:0c:29:29:55:71 brd ff:ff:ff:ff:ff:ff
   altname enp2s1
   inet 192.168.10.110/24 brd 192.168.10.255 scope global eth0
       valid_lft forever preferred_lft forever
   inet6 fe80::20c:29ff:fea3:1c89/64 scope link
       valid_lft forever preferred_lft forever
       
       
#添加路由和网关       
root@ubuntu22:/etc/netplan# route add -net 192.168.10.0/24 dev ens33       
root@ubuntu22:/etc/netplan# route add default gw 192.168.10.254 dev eth0

测试

#主机3 ping 主机4
root@ubuntu22:/etc/netplan# ping 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=62 time=1.94 ms
64 bytes from 192.168.10.110: icmp_seq=2 ttl=62 time=2.47 ms
64 bytes from 192.168.10.110: icmp_seq=3 ttl=62 time=1.99 ms
......

#主机4 ping 主机3
root@ubuntu22:/etc/netplan# ping 172.16.1.110
PING 172.16.1.110 (172.16.1.110) 56(84) bytes of data.
64 bytes from 172.16.1.110: icmp_seq=1 ttl=62 time=2.21 ms
64 bytes from 172.16.1.110: icmp_seq=2 ttl=62 time=2.16 ms
64 bytes from 172.16.1.110: icmp_seq=3 ttl=62 time=1.85 ms
......

补充

开启路由转发功能

#查看
cat /proc/sys/net/ipv4/ip_forward
1

#如果此项没开启，则可以以修改配置文件开启
vim /etc/sysctl.conf
net.ipv4.ip_forward=1

#生效
sysctl -p
net.ipv4.ip_forward = 1

#再次查看
sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1

诊断工具

#抓包
tcpdump -i ens160 -nn icmp

#跟踪路由
mtr 192.168.10.254 -n

常见路由协议算法

由上可知，从一个路由器要到达某个网段或主机，是通过路由接力的方式来实现的，网络一段段传输，经由不同的路由器，最终到达目标网段或主机，而要去到某个地址，则路由器上必须要存有到达该地址的路由表，根据实际情况，网络上有无数主机，一个路由器上不可能存有到达所有网段或主机的路由表，这种情况也无法维护；

现实中的路由器上的路由表，都是由路由算法自动维护

常用的算法有 OSPF，RIP，MPLS，BGP等

RIP算法：路径最优，到达目标网段或主机经过的路由器数量最少，就使用该路径；

OSPF算法：带宽最优，不仅仅只考虑经过的路由器数量，而是要考虑该条路径上的网络带宽情况；

配置动态路由

通过守护进程获取动态路由，安装quagga包,通过命令vtysh配置

支持多种路由协议：

RIP：Routing Information Protocol，路由信息协议

OSPF：Open Shortest Path First，开放式最短路径优先

BGP：Border Gateway Protocol，边界网关协议

netstat 命令

来自于net-tools包，建议使用 ss 代替

显示网络连接

格式：

netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]


#常用选项
-A                       #指定网络类型inet|inet6|unix|ipx|ax25|netrom|econet|ddp|bluetooth
-r|--route               #显示路由表
-t|--tcp                 #显示tcp端口数据
-u|--udp                 #显示udp端口数据
-w|--raw                 #raw socket相关
-l|--listening           #仅显示处于监听状态的端口
-a|--all                 #所有数据
-n|--numeric             #以数字显示IP和端口
-s|--statistice          #显示统计数据
-p|--program             #显示相关进程及PID
-x|--unix                #同 -A unix
-ip|--inet               #同 -A 
-I|--interfaces=<Iface>  #指定设备


#常用组合
-tan, -uan, -tnl, -unl

范例：

#以IP格式显示路由表
[root@Rocky86 ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window irtt Iface
0.0.0.0         10.0.0.2        0.0.0.0         UG        0 0          0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0

范例：

#显示所有连接
[root@Rocky86 ~]# netstat

#显示所有连接,都以数字IP格式显示主机
[root@Rocky86 ~]# netstat -n

#显示tcp连接 - 仅显示己建立连接的
[root@Rocky86 ~]# netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        1      0 10.0.0.150:47692        8.43.85.3:443           CLOSE_WAIT 
tcp        0     36 10.0.0.150:22           10.0.0.1:54318         ESTABLISHED
tcp        0      0 10.0.0.150:22           10.0.0.1:53515         ESTABLISHED

#以数字IP显示所有状态的tcp,udp连接
[root@Rocky86 ~]# netstat -ntua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN       
tcp        1      0 10.0.0.150:47692        8.43.85.3:443           CLOSE_WAIT 
tcp        0     36 10.0.0.150:22           10.0.0.1:54318          ESTABLISHED
tcp        0      0 10.0.0.150:22           10.0.0.1:53515          ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN       
tcp6       0      0 :::33873                :::*                    LISTEN     
udp        0      0 127.0.0.1:756           0.0.0.0:*                           
udp        0      0 10.0.0.150:68           10.0.0.254:67           ESTABLISHED
udp        0      0 0.0.0.0:111             0.0.0.0:*                           
udp6       0      0 :::34279                :::*  
......

#仅显示Listen 状态的TCP，UDP连接，并显示进程ID和程序
[root@Rocky86 ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
PID/Program name    
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN     
1862/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
1057/sshd                  
tcp6       0      0 :::22                   :::*                    LISTEN     
1057/sshd                 
tcp6       0      0 :::111                  :::*                    LISTEN     
1/systemd           
tcp6       0      0 :::33873                :::*                    LISTEN     
1428/rpc.statd      
udp        0      0 127.0.0.1:756           0.0.0.0:*                           
1428/rpc.statd         
udp        0      0 0.0.0.0:111             0.0.0.0:*                           
1/systemd           
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           
1020/avahi-daemon:  
udp6       0      0 :::111                 :::*                               
1/systemd           
......

范例：统计指定网卡数据

[root@Rocky86 ~]# netstat -I=eth0
Kernel Interface table
Iface      MTU   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500     203      0      0 0          176      0      0      0 BMRU

#这里没有空格
[root@Rocky86 ~]# netstat -Ieth0
Kernel Interface table
Iface      MTU   RX-OK RX-ERR RX-DRP RX-OVR   TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0      1500     221      0      0 0          187      0      0      0 BMRU

#从内存中统计
[root@Rocky86 ~]# cat /proc/net/dev
......

面试题：如何查看是哪个程序在监听端口

[root@Rocky86 ~]# netstat -tunlp | grep 22

[root@Rocky86 ~]# ss -ntuap | grep 22

[root@Rocky86 ~]# lsof -i:22

显示接口统计数据

#统计所有网卡信息
netstat -i|ifconfig -s|cat /proc/net/dev

#统计所有指定信息
netstat -Ieth0|netstat -I=eth0|ifconfig -s eth0|{cat /proc/net/dev|grep eth0}

ip命令

来自于iproute包，可用于代替ifconfig

格式：

ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] -batch filename

OBJECT := { 
address|addrlabel|fou|help|ila|ioam|l2tp|link|macsec|maddress|monitor|mptcp|mroute|mrule|neighbor|neighbour|netconf|netns|nexthop|ntable|ntbl|route|rule|sr|tap|tcpmetrics|token|tunnel|tuntap|vrf|xfrm}

OPTIONS := {
-V[ersion]|-s[tatistics]|-d[etails]|-r[esolve]|-h[uman-readable]|-iec|-j[son]|-p[retty]|-f[amily]{inet|inet6|mpls|bridge|link}|-4|-6|-M|-B|-0|-l[oops]{maximum-addr-flush-attempts}|-br[ief]|-o[neline]|-t[imestamp]|-ts[hort]|-b[atch][filename]|-rc[vbuf][size]|-n[etns]name|-N[umeric]|-a[ll]|-c[olor]}

配置Linux网络属性

OBJECT := { link | addr | route }

#主要用来查看链路层信息
[root@Rocky86 ~]# ip link 
add     delete help    set     show

[root@Rocky86 ~]# ip address 
add     change   del     flush   help     replace show

[root@Rocky86 ~]# ip route 
add     append   change   del     flush    get     help     list    monitor  replace

范例：

[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   
#禁用网卡
[root@Rocky86 network-scripts]# ip link set eth1 down

#改名
[root@Rocky86 network-scripts]# ip link set eth1 name eth1-test

#启用
[root@Rocky86 network-scripts]# ip link set eth1-test up

#查看
[root@Rocky86 network-scripts]# ip link show eth1-test
3: eth1-test: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode 
DEFAULT group default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff

范例：

#查看网卡
[root@Rocky86 network-scripts]# ip address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   
#向设备添加IP地址
[root@Rocky86 network-scripts]# ip address add 10.0.0.110/24 dev eth1

#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever


#ifconfig 查看
[root@Rocky86 network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.110 netmask 255.255.255.0 broadcast 0.0.0.0
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 223 bytes 18294 (17.8 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 150 bytes 17702 (17.2 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


#继续添加IP
[root@Rocky86 network-scripts]# ip address add 10.0.0.119/24 dev eth1

#查看，一个网卡上有两个IP
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.119/24 scope global secondary eth1
       valid_lft forever preferred_lft forever


#ifconfig 只能看到一个IP
[root@Rocky86 network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.110 netmask 255.255.255.0 broadcast 0.0.0.0
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 246 bytes 20176 (19.7 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 175 bytes 21430 (20.9 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

范例：

#添加别名
[root@Rocky86 network-scripts]# ip address add 10.0.0.114/24 dev eth1 label eth1:114


#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.119/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.114/24 scope global secondary eth1:114
       valid_lft forever preferred_lft forever
       
       
#ifconfig 查看       
[root@Rocky86 network-scripts]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.110 netmask 255.255.255.0 broadcast 0.0.0.0
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)
       RX packets 329 bytes 26774 (26.1 KiB)
       RX errors 0 dropped 0 overruns 0 frame 0
       TX packets 232 bytes 27962 (27.3 KiB)
       TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@Rocky86 network-scripts]# ifconfig eth1:114
eth1:114: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
       inet 10.0.0.114 netmask 255.255.255.0 broadcast 0.0.0.0
       ether 00:0c:29:f3:44:a4 txqueuelen 1000 (Ethernet)

范例：

#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.119/24 scope global secondary eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.114/24 scope global secondary eth1:114
       valid_lft forever preferred_lft forever

#删除IP       
[root@Rocky86 network-scripts]# ip a del 10.0.0.119/24 dev eth1

#删除别名
[root@Rocky86 network-scripts]# ip a del 10.0.0.114/24 dev eth1 label eth1:114

#再次查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
   valid_lft forever preferred_lft forever

范例：

#添加IP，30S生命周期
[root@Rocky86 network-scripts]# ip a change 10.0.0.137/24 dev eth1 preferred_lft 30 valid_lft 30

#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.137/24 scope global secondary dynamic eth1
       valid_lft 25sec preferred_lft 25sec
       
#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever
   inet 10.0.0.137/24 scope global secondary dynamic eth1
       valid_lft 12sec preferred_lft 12sec
       
#查看
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.110/24 scope global eth1
       valid_lft forever preferred_lft forever

范例：

#清除网卡上所有IP
[root@Rocky86 network-scripts]# ip a flush dev eth1
[root@Rocky86 network-scripts]# ip a show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff

CentOS 中的网卡配置上多个地址-永久有效

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens224
DEVICE=ens224
NAME=ens224
IPADDR=172.16.1.59
PREFIX=24
IPADDR2=172.16.1.49
PREFIX2=24
IPADDR3=172.16.1.39
PREFIX3=24
GATEWAY=172.16.1.254
BOOTPROTO=static
DNS1=8.8.8.8

#重新生效
[root@localhost ~]# nmcli connection reload;nmcli connection up ens224

#再次查看
[root@localhost ~]# ip a show ens224

#新增别名文件的方法
[root@localhost network-scripts]# cp ifcfg-ens224 ifcfg-ens224:1

[root@localhost network-scripts]# vim ifcfg-ens224:1
DEVICE=ens224:1
IPADDR=172.16.1.19
PREFIX=24
BOOTPROTO=static

#重载配置
[root@localhost network-scripts]#nmcli connection reload;nmcli connection up ens224

#查看
[root@localhost network-scripts]# ip a show ens224

#如果想删除该配置，则直接删除文件即可
[root@localhost network-scripts]# rm ifcfg-ens224:1

#重载配置
[root@localhost network-scripts]#nmcli connection reload;nmcli connection up ens224

管理路由

ip route 用法

#添加路由
ip route add TARGET via GW dev IFACE src SOURCE_IP

#添加网关：
ip route add default via GW dev IFACE

#删除路由：
ip route del TARGET 

#显示路由：
ip route show|list

#清空路由表：
ip route flush [dev IFACE] [via PREFIX]

#查看路由过程
ip route get IP

ip route add 192.168.0.0/24 via 172.16.0.1
ip route add 192.168.1.100 via 172.16.0.1
ip route add default via 172.16.0.1
ip route flush dev eth0
ip route get 8.8.8.8

ss 命令

来自于iproute包，代替netstat，netstat 通过遍历 /proc来获取 socket信息，ss 使用 netlink与内核 tcp_diag 模块通信获取 socket 信息

格式：

ss [ OPTIONS ] [ FILTER ]


#常用选项
-n|--numeric              #不以主机名的格式显示
-r|--resolve              #以主机名的形式显示IP
-a|--all                  #显示所有数据
-l|--listening            #仅显示listen状态的连接
-m|--memory               #显示连接内存使用情况
-p|--processes            #显示对应的进程
-i|--info                 #显示TCP连接的详细信息
--tipcinfo                #显示TIPC连接的详细信息
-s|--summary              #显示统计信息
-4|--ipv4                 #仅显示IPV4连接数据
-6|--ipv6                 #仅显示IPV6连接数据
-0|--packet               #仅显示PACKET数据
-t|--tcp                  #仅显示tcp数据
-M|--mptcp                #仅显示mptcp数据
-S|--sctp                 #仅显示sctp数据
-u|--udp                  #仅显示udp数据
-d|--dccp                 #仅显示dccp数据
-w|--raw                  #仅显示原生套接字数据
-x|--unix                 #仅显示unix数据
--tipc                    #仅显示tipc数据
--vsock                   #仅显示vsock数据
-f|--family=FAMILY        #根据类型过滤{inet|inet6|link|unix|netlink|vsock|tipc|xdp|help}
-A|--query=QUERY|--socket=QUERY #根据连接类型过滤{all|inet|tcp|mptcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink|vsock_stream|vsock_dgram|tipc}[,QUERY]

#常用组合
-tan, -uan, -tnl, -unl

范例：

#以IP的格式显示所有连接数据
[root@Rocky86 ~]# ss -n

#显示所有TCP连接 - 正处于连接状态
[root@Rocky86 ~]# ss -tn

#显示所有TCP连接
[root@Rocky86 ~]# ss -tan

#显示所有处于监听状态的TCP,UDP连接，并显示程序和进程ID
[root@Rocky86 ~]# ss -tunlp

#同上，并显示统计信息
[root@Rocky86 ~]# ss -tunlps

面试题：如何查询是哪个程序在监听指定端口

1 2	[root@rocky86 ~]# ss -tulnp \| grep 22 [root@rocky86 ~]# lsof -i :22

网络配置工具 nmcli

NetworkManager

NetworkManager 是2004年由RedHat启动的项目，目的是让用户能更轻松的管理Linux中的网络，它是一个动态的，事件驱动的网络管理服务。

该项目提供了丰富的管理工具

图形工具：nm-connection-editor
字符配置工具：nmtui，nmtui-connect，nmtui-edit，nmtui-hostname
命令行工具：nmcli

nmcli 格式：

nmcli [OPTIONS] OBJECT { COMMAND | help }


#常用选项
-a|--ask                       #询问
-c|--colors                    #输出时是否显示颜色 auto|yes|no
-e|--escape                    #是否转义分隔符 yes|no
-f|--fields                    #指定输出列 <field,...>|all|common
-m|--mode                      #显示模式 tabular|multiline
-o|--overview                  #预览模式输出
-p|--pretty                    #完美格式输出
-t|--terse                     #简洁格式输出
-v|--version                   #显示版本信息
-h|--help                      #显示帮助


#OBJECT
g[eneral]                      #一般状态管理
n[etworking]                   #整体网络管理
r[adio]                        #网络连接切换
c[onnection]                   #网络连接管理
d[evice]                       #网络设备管理
a[gent]                        #网络中的代理
m[onitor]                      #网络中的流量数据监测

常用

#查看网络连接
nmcli con
nmcli con show

#查看active 状态的连接
nmcli con show --active

#查看指定设备
nmcli con show eth1

#显示设备状态
nmcli dev status 

#显示网络接口属性
nmcli dev show eth1

#删除连接
nmcli con del con-eth1

#启用
nmcli con up con-eth1

#禁用
nmcli con down con-eth1

#刷新
nmcli connection reload

#新增，从dhcp 获取IP地址
nmcli con add con-name con-dhcp type ethernet ifname eth1

#新增，静态地址
nmcli connection add con-name con-eth1 ipv4.addresses 172.16.1.111/16 ipv4.gateway 172.16.1.254 ipv4.dns 8.8.8.8 ipv4.method manual type ethernet ifname eth1

#同一设备新增配置
nmcli con mod con-eth1 +ipv4.addresses 10.0.0.119/24
nmcli con mod con-eth1 +ipv4.dns 8.8.8.8

#同一设备删除配置
nmcli con mod con-eth1 -ipv4.addresses 10.0.0.119/24
nmcli con mod con-eth1 -ipv4.dns 8.8.8.8

#同一设备修改配置
nmcli con mod con-eth1 connection.autoconnect no
nmcli con mod con-eth1 ipv4.addresses 10.0.0.119/24
nmcli con mod con-eth1 ipv4.dns 8.8.8.8

范例：

#查看配置文件
[root@Rocky86 network-scripts]# ls
ifcfg-eth0

#查看连接
[root@Rocky86 network-scripts]# nmcli con
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0 e47f77ad-00bf-4e5e-9db5-3ee490e63b2b bridge   virbr0 
eth1   52203ca3-742c-4ad4-9162-9482d6f2bbef ethernet eth1 

#新增网卡配置，自动生成配置文件
[root@Rocky86 network-scripts]# nmcli con add con-name con-eth1 ipv4.addresses 10.0.0.110/24 ipv4.gateway 10.0.0.2 ipv4.dns 114.114.114.114 ipv4.method manual type ethernet ifname eth1
Connection 'con-eth1' (6b2c0337-7fca-4e61-854a-7d7fa916c6b0) successfully added.

#查看
[root@Rocky86 network-scripts]# ls
ifcfg-con-eth1 ifcfg-eth0

#查看
[root@Rocky86 network-scripts]# nmcli con
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0   e47f77ad-00bf-4e5e-9db5-3ee490e63b2b bridge   virbr0 
eth1     52203ca3-742c-4ad4-9162-9482d6f2bbef ethernet eth1
con-eth1 6b2c0337-7fca-4e61-854a-7d7fa916c6b0 ethernet  --

#让新配置生效
[root@Rocky86 network-scripts]# nmcli co reload;nmcli con up con-eth1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/4)

#再次查看
[root@Rocky86 network-scripts]# nmcli con
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
con-eth1 6b2c0337-7fca-4e61-854a-7d7fa916c6b0 ethernet eth1   
virbr0   e47f77ad-00bf-4e5e-9db5-3ee490e63b2b bridge   virbr0 
eth1     52203ca3-742c-4ad4-9162-9482d6f2bbef ethernet  --

#查看
[root@Rocky86 network-scripts]# nmcli dev show eth1
GENERAL.DEVICE:                         eth1
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:F3:44:A4
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     con-eth1
GENERAL.CON-PATH:                       
/org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         10.0.0.110/24
IP4.GATEWAY:                            10.0.0.2
IP4.ROUTE[1]:                           dst = 10.0.0.0/24, nh = 0.0.0.0, mt =
101
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 10.0.0.2, mt = 101
IP4.DNS[1]:                             114.114.114.114
IP6.ADDRESS[1]:                         fe80::e1bf:2190:9743:3ff6/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

#删除配置
[root@Rocky86 network-scripts]# nmcli con del eth1 
Connection 'eth1' (52203ca3-742c-4ad4-9162-9482d6f2bbef) successfully deleted.

#查看
[root@Rocky86 network-scripts]# nmcli con
NAME     UUID                                 TYPE     DEVICE 
eth0     5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
con-eth1 6b2c0337-7fca-4e61-854a-7d7fa916c6b0 ethernet eth1   
virbr0   e47f77ad-00bf-4e5e-9db5-3ee490e63b2b bridge   virbr0

一块网卡可以有多套配置，然后写在不同的配置文件中，在不同的环境下进行切换

具体做法如上所示

命令中的配置项和配置文件中的配置项对应关系

在ubuntu中使用nmcli

root@ubuntu2204:~# apt install network-manager

root@ubuntu2204:~# vim /etc/NetworkManager/NetworkManager.conf
...
[ifupdown]
managed=false 修改为 managed=true

root@ubuntu2204:~# systemctl start NetworkManager.service


#修改网卡配置
root@ubuntu2204:~# vim /etc/netplan/00-installer-config.yaml
renderer: NetworkManager

网络配置文件

网络基本配置文件

IP、MASK、GW、DNS相关的配置文件

1	/etc/sysconfig/network-scripts/ifcfg-IFACE

常用配置

设置	说明
TYPE	接口类型：常见的有Ethernet，Bridge
NAME	此配置文件应用的设备
DEVICE	设备名
HWADDR	对应的设备的MAC地址
UUID	设备的唯一标识
BOOTPROTO	激活此设备使用的地址配置协议，常用的dhcp, static, none, bootp
IPADDR	指明IP地址
NETMASK	子网掩码,如:255.255.255.0
PREFIX	网络ID的位数, 如:24
GATEWAY	默认网关
DNS1	第一个DNS服务器地址
DNS2	第二个DNS服务器地址
DOMAIN	主机不完整时，自动搜索的域名后缀
ONBOOT	在系统引导时是否激活此设备
USERCTL	普通用户是否可控制此设备
PEERDNS	如果BOOTPROTO的值为“dhcp”，YES将允许dhcp server分配的dns服务器信息直接覆盖至/etc/resolv.conf文件，NO不允许修改resolv.conf
NM_CONTROLLED	NM是NetworkManager的简写，此网卡是否接受NM控制

配置当前主机的主机名

CentOS 6 之前版本

1 2	/etc/sysconfig/network HOSTNAME=

CentOS 7 以后版配置文件:

1
2
3

/etc/hostname 
#默认没有此文件，通过DNS反向解析获取主机名，主机名默认为：localhost.localdomain
#删除文件/etc/hostname，恢复主机名localhost.localdomain

本地主机名和IP地址的映射

优先于使用DNS前检查

getent hosts 查看/etc/hosts 内容

1	/etc/hosts

DNS域名解析

DNS 负责将域名转换成IP地址，后面会有专门的课程讲解DNS实现

#该文件内容根据网卡设备自动生成
/etc/resolv.conf
nameserver DNS_SERVER_IP1
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3
search DOMAIN

[root@rocky86 ~]# ll /etc/resolv.conf 
-rw-r--r-- 1 root root 69 Oct  5 14:23 /etc/resolv.conf

[root@rocky86 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 10.0.0.2

[root@rocky86 ~]# nmcli con down eth0
Connection 'eth0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

[root@rocky86 ~]# ll /etc/resolv.conf 
-rw-r--r-- 1 root root 30 Oct  5 14:24 /etc/resolv.conf

[root@rocky86 ~]# cat /etc/resolv.conf
# Generated by NetworkManager

没有DNS之后，将无法ping 通域名

1 2	[root@rocky86 ~]# ping www.baidu.com ping: www.baidu.com: Name or service not known

向指定DNS服务解析域名

[root@rocky86 ~]# host www.jd.com 10.0.0.2
Using domain server:
Name: 10.0.0.2
Address: 10.0.0.2#53
Aliases: 

www.jd.com is an alias for www.jd.com.gslb.qianxun.com.
www.jd.com.gslb.qianxun.com is an alias for www.jdcdn.com.
www.jdcdn.com is an alias for img20.360buyimg.com.s.galileo.jcloud-cdn.com.
img20.360buyimg.com.s.galileo.jcloud-cdn.com is an alias for img20.jcloudcdn.com.
img20.jcloud-cdn.com has address 27.36.125.3


[root@rocky86 ~]# host www.jd.com 114.114.114.114
Using domain server:
Name: 114.114.114.114
Address: 114.114.114.114#53
Aliases: 

www.jd.com is an alias for www.jd.com.gslb.qianxun.com.
www.jd.com.gslb.qianxun.com is an alias for www.jdcdn.com.
www.jdcdn.com is an alias for img20.360buyimg.com.s.galileo.jcloud-cdn.com.
img20.360buyimg.com.s.galileo.jcloud-cdn.com is an alias for img20.jcloudcdn.com.
img20.jcloud-cdn.com has address 27.36.125.3

[root@rocky86 ~]# host www.magedu.com 114.114.114.114
Using domain server:
Name: 114.114.114.114
Address: 114.114.114.114#53
Aliases: 

www.magedu.com has address 140.143.156.192

网卡别名

将多个IP地址绑定到一个MAC上

每个IP绑定到独立逻辑网卡，即网络别名，命名格式： ethX:Y，如：eth0:1 、eth0:2、eth0:3

#ifconfig 命令
ifconfig eth0:0 192.168.1.100/24 up 
ifconfig eth0:0 down

#ip 命令
ip addr add 172.16.1.1/16 dev eth0
ip addr add 172.16.1.2/16 dev eth0 label eth0:0
ip addr flush dev eth0 label eth0:0

为每个设备别名生成独立的接口配置文件，格式为：ifcfg-ethX:xxx

cat ifcfg-lo:1

DEVICE=lo:1
IPADDR=137.0.0.1
NETMASK=255.0.0.0
NETWORK=137.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=137.255.255.255
ONBOOT=yes
NAME=loopback1



cat /etc/sysconfig/network-scripts/ifcfg-eth0:1

DEVICE=eth0:1
IPADDR=10.0.0.100
PREFIX=8

注意：

建议 CentOS 6 关闭 NetworkManager 服务
网卡别名必须使用静态地址

多网卡 bonding

将多块网卡绑定同一IP地址对外提供服务，可以实现高可用或者负载均衡。直接给两块网卡设置同一 IP 地址是不可以的。通过 bonding，虚拟一块网卡对外提供连接，物理网卡的被修改为相同的MAC地址

Bonding 聚合链路工作模式

bond聚合链路模式共7种模式：0-6 Mode

mod=0 ，即：(balance-rr) Round-robin policy（轮询）聚合口数据报文按包轮询从物理接口转发。

负载均衡：所有链路处于负载均衡状态，轮询方式往每条链路发送报文这模式的特点增加了带宽，同时支持容错能力，当有链路出问题，会把流量切换到正常的链路上。性能问题：一个连接或者会话的数据包如果从不同的接口发出的话，中途再经过不同的链路，在客户端很有可能会出现数据包无序到达的问题，而无序到达的数据包需要重新要求被发送，这样网络的吞吐量就会下降。Bond0在大压力的网络传输下，性能增长的并不是很理想。需要交换机进行端口绑定。
mod=1，即： (active-backup) Active-backup policy（主-备份策略）只有Active状态的物理接口才转发数据报文。

容错能力：只有一个slave是激活的(active)。也就是说同一时刻只有一个网卡处于工作状态，其他的slave都处于备份状态，只有在当前激活的slave故障后才有可能会变为激活的(active)。无负载均衡：此算法的优点是可以提供高网络连接的可用性，但是它的资源利用率较低，只有一个接口处于工作状态，在有 N 个网络接口的情况下，资源利用率为1/N。
mod=2，即：(balance-xor) XOR policy（平衡策略）聚合口数据报文按源目MAC、源目IP、源目端口进行异或HASH运算得到一个值，根据该值查找接口转发数据报文。

负载均衡：基于指定的传输HASH策略传输数据包。容错能力：这模式的特点增加了带宽，同时支持容错能力，当有链路出问题，会把流量切换到正常的链路上。性能问题：该模式将限定流量，以保证到达特定对端的流量总是从同一个接口上发出。既然目的地是通过MAC地址来决定的，因此该模式在“本地”网络配置下可以工作得很好。如果所有流量是通过单个路由器，由于只有一个网关，源和目标mac都固定了，那么这个算法算出的线路就一直是同一条，那么这种模式就没有多少意义了。需要交换机配置为port channel
mod=3，即：broadcast（广播策略）这种模式的特点是一个报文会复制两份往bond下的两个接口分别发送出去。

当有对端交换机失效，感觉不到任何downtime，但此法过于浪费资源；不过这种模式有很好的容错机制。此模式适用于金融行业，因为他们需要高可靠性的网络，不允许出现任何问题。
mod=4，即：(802.3ad) IEEE 802.3ad Dynamic link aggregation（IEEE 802.3ad 动态链接聚合）

在动态聚合模式下，聚合组内的成员端口上均启用LACP（链路汇聚控制协议）协议，其端口状态通过该协议自动进行维护。负载均衡：基于指定的传输HASH策略传输数据包。默认算法与blance-xor 一样。容错能力：这模式的特点增加了带宽，同时支持容错能力，当有链路出问题，会把流量切换到正常的链路上。对比blance-xor，这种模式定期发送LACPDU报文维护链路聚合状态，保证链路质量。需要交换机支持LACP协议
mod=5，即：(balance-tlb) Adaptive transmit load balancing（适配器传输负载均衡）

在每个物理接口上根据当前的负载（根据速度计算）分配外出流量。如果正在接收数据的物理接口口出故障了，另一个物理接口接管该故障物理口的MAC地址。需要ethtool支持获取每个slave的速率
mod=6，即：(balance-alb) Adaptive load balancing（适配器适应性负载均衡）

该模式包含了balance-tlb模式，同时加上针对IPV4流量的接收负载均衡，而且不需要任何 switch(交换机)的支持。接收负载均衡是通过ARP协商实现的。bonding驱动截获本机发送的ARP应答，并把源硬件地址改写为bond中某个物理接口的唯一硬件地址，从而使得不同的对端使用不同的硬件地址进行通信。

mod=6与mod=0的区别：mod=6，先把eth0流量占满，再占eth1，….ethX；而mod=0的话，会发现2个口的流量都很稳定，基本一样的带宽。而mod=6，会发现第一个口流量很高，第2个口只占了小部分流量。

说明：

1
2
3

常用的模式为 0,1,3,6
mode 1、5、6 不需要交换机设置
mode 0、2、3、4需要交换机设置，而且不同类型的交换机设置的时候会有不一样，如Cisco交换机需要在0,2,3模式中使用 EtherChannel，在4模式中需要使用 LACP和EtherChannel

Bonding 实现

帮助文档：https://www.kernel.org/doc/Documentation/networking/bonding.txt

先添加两块仅主机模式的网卡

查看

[root@rocky86 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:9a brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.150/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
       valid_lft 1751sec preferred_lft 1751sec
   inet6 fe80::20c:29ff:fef3:449a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000
   link/ether 52:54:00:b3:0b:96 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:ae brd ff:ff:ff:ff:ff:ff
    
    
    
[root@rocky86 network-scripts]# nmcli conn
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0 4350d6a9-a2de-45d6-89a2-1a1116f0073c bridge   virbr0

修改配置文件实现

[root@rocky86 ~]# cd /etc/sysconfig/network-scripts/
[root@rocky86 network-scripts]# ls
ifcfg-eth0

#创建bond配置文件
[root@rocky86 network-scripts]# vim ifcfg-bond0
NAME=bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=192.168.10.100
PREFIX=8
BONDING_OPTS="mode=1 miimon=100 fail_over_mac=1" #工作模式为主备，心跳检测间隔为100ms

#创建网卡配置文件
[root@rocky86 network-scripts]# vim ifcfg-eth1
NAME=eth1
DEVICE=eth1
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

[root@rocky86 network-scripts]# vim ifcfg-eth2
NAME=eth2
DEVICE=eth2
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

查看

#查看
[root@rocky86 network-scripts]# ls
ifcfg-bond0 ifcfg-eth0 ifcfg-eth1 ifcfg-eth2

[root@rocky86 network-scripts]# nmcli conn reload;nmcli conn
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
bond0   ad33d8b0-1f7b-cab9-9447-ba07f855b143 bond     bond0 
virbr0 4350d6a9-a2de-45d6-89a2-1a1116f0073c bridge   virbr0 
eth1   9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1   
eth2   3a73717e-65ab-93e8-b518-24f5af32dc0d ethernet eth2 

[root@rocky86 network-scripts]# ifconfig
......

[root@rocky86 network-scripts]# ip a
......

[root@rocky86 network-scripts]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f3:44:a4
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f3:44:ae
Slave queue ID: 0

测试

root@ubuntu22:~# ping 192.168.10.100
PING 192.168.10.100 (192.168.10.100) 56(84) bytes of data.
64 bytes from 192.168.10.100: icmp_seq=1 ttl=64 time=0.571 ms
64 bytes from 192.168.10.100: icmp_seq=2 ttl=64 time=1.24 ms
64 bytes from 192.168.10.100: icmp_seq=3 ttl=64 time=1.28 ms
....

断开一块网卡，再次查看

[root@rocky86 network-scripts]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: None
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f3:44:a4
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f3:44:ae
Slave queue ID: 0

网卡再次上线，bond不会改变，因为切换网卡可能会引起网络震荡

删除

[root@rocky86 network-scripts]# nmcli conn down bond0
Connection 'bond0' successfully deactivated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/6)


[root@rocky86 network-scripts]# rm -f ifcfg-bond0 ifcfg-eth1 ifcfg-eth2

[root@rocky86 network-scripts]# nmcli conn reload;nmcli conn
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0 4350d6a9-a2de-45d6-89a2-1a1116f0073c bridge   virbr0

nmcli 命令实现

#添加bonding接口
[root@rocky86 network-scripts]# nmcli con add type bond con-name bond0 ifname bond0 mode active-backup ipv4.method manual ipv4.addresses 192.168.10.100/8
Connection 'bond0' (d7f8a6d5-1236-43f6-a39a-5996afada9d5) successfully added.

#添加从属接口
[root@rocky86 network-scripts]# nmcli con add type bond-slave ifname eth1 master bond0
Connection 'bond-slave-eth1' (57e21024-104f-4167-8952-4caa90737934) successfully added.

[root@rocky86 network-scripts]# nmcli con add type bond-slave ifname eth2 master bond0
Connection 'bond-slave-eth2' (d50db0ba-30f5-484b-8e47-803fd566f663) successfully added.

#查看
[root@rocky86 network-scripts]# ls
ifcfg-bond0 ifcfg-bond-slave-eth1 ifcfg-bond-slave-eth2 ifcfg-eth0

#启动
[root@rocky86 network-scripts]# nmcli con up bond-slave-eth1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/12)

[root@rocky86 network-scripts]# nmcli con up bond-slave-eth2
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/13)

[root@rocky86 network-scripts]# nmcli con up bond0
Connection successfully activated (master waiting for slaves) (D-Bus active 
path: /org/freedesktop/NetworkManager/ActiveConnection/14)

#查看
[root@rocky86 network-scripts]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f3:44:a4
Slave queue ID: 0

Slave Interface: eth2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f3:44:ae
Slave queue ID: 0

网络组 Network Teaming

网络组工作模式

网络组：是将多个网卡聚合在一起方法，从而实现冗错和提高吞吐量

网络组不同于旧版中bonding技术，提供更好的性能和扩展性

网络组由内核驱动和teamd守护进程实现

网络组特点

启动网络组接口不会自动启动网络组中的port接口
启动网络组接口中的port接口总会自动启动网络组接口
禁用网络组接口会自动禁用网络组中的port接口
没有port接口的网络组接口可以启动静态IP连接
启用DHCP连接时，没有port接口的网络组会等待port接口的加入

常用工作模式

broadcast
roundrobin
random
activebackup
loadbalance
lacp (implements the 802.3ad Link Aggregation Control Protocol)

查看帮助

1 2	man teamd man teamd.conf

网络组实现

先添加两块仅主机模式的网卡

查看

[root@rocky86 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:9a brd ff:ff:ff:ff:ff:ff
   inet 10.0.0.150/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
       valid_lft 1422sec preferred_lft 1422sec
   inet6 fe80::20c:29ff:fef3:449a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
group default qlen 1000
   link/ether 52:54:00:b3:0b:96 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
   link/ether 00:0c:29:f3:44:ae brd ff:ff:ff:ff:ff:ff
   
   
[root@rocky86 network-scripts]# nmcli conn
NAME   UUID                                 TYPE     DEVICE 
eth0   5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
virbr0 4350d6a9-a2de-45d6-89a2-1a1116f0073c bridge   virbr0

修改配置文件实现

[root@rocky86 ~]# cd /etc/sysconfig/network-scripts/
[root@rocky86 network-scripts]# ls
ifcfg-eth0

#创建team接口文件
[root@rocky86 network-scripts]# vim ifcfg-team0
DEVICE=team0
DEVICETYPE=Team
TEAM_CONFIG="{\"runner\":{\"name\":\"loadbalance\"}}"
BOOTPROTO=none
IPADDR=192.168.10.100
PREFIX=8
NAME=team0
ONBOOT=yes

#创建port配置文件
[root@rocky86 network-scripts]# vim ifcfg-team0-eth1
DEVICE=eth1
DEVICETYPE=TeamPort
TEAM_MASTER=team0
NAME=team0-eth1
ONBOOT=yes

#创建port配置文件
[root@rocky86 network-scripts]# vim ifcfg-team0-eth2
DEVICE=eth2
DEVICETYPE=TeamPort
TEAM_MASTER=team0
NAME=team0-eth2
ONBOOT=yes

#启用
[root@rocky86 network-scripts]# nmcli con reload;nmcli con up team0
Connection successfully activated (master waiting for slaves) (D-Bus active 
path: /org/freedesktop/NetworkManager/ActiveConnection/50)

nmcli 命令实现

格式：

#创建网络组接口
nmcli con add type team con-name CON-NAME ifname TEAM-NAME config 'CONFIG-JSON-STRING'

CON-NAME                      #连接名
TEAM-NAME                     #接口名
CONFIG-JSON-STRING            #配置项，例如 '{"runner": {"name": "METHOD"}}'
METHOD                        #流量算法broadcast|roundrobin|activebackup|loadbalance|lacp


#创建port接口
nmcli con add type team-slave con-name CON-PORT-NAME ifname CON-TEAM-NAME master TEAM-NAME


CON-PORT-NAME              #连接名,连接名若不指定，默认为team-slave-IFACE
CON-TEAM-NAME              #网络接口名
TEAM-NAME                  #要绑定的网络组接口名

范例：

#添加team
[root@rocky86 network-scripts]# nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"loadbalance"}}' ipv4.addresses 192.168.10.100/8 ipv4.method manual
Connection 'team0' (e781a0cc-566a-4b96-8eb8-d1a10f4850a2) successfully added.


#添加网卡
[root@rocky86 network-scripts]# nmcli con add con-name team0-eth1 type team-slave ifname eth1 master team0
Connection 'team0-eth1' (7a2a28a0-2b2e-4f76-a430-831d706a579e) successfully added.


#添加网卡
[root@rocky86 network-scripts]# nmcli con add con-name team0-eth2 type team-slave ifname eth2 master team0
Connection 'team0-eth2' (9e1df88f-018e-46e2-bde5-e09230fb181e) successfully added.


#查看
[root@rocky86 network-scripts]# ls
ifcfg-eth0 ifcfg-team0 ifcfg-team0-eth1 ifcfg-team0-eth2

[root@rocky86 network-scripts]# nmcli con reload;nmcli con
NAME       UUID                                 TYPE     DEVICE 
eth0       5c093cad-84c9-4cfc-8b6f-e1041db357df ethernet eth0   
team0       e781a0cc-566a-4b96-8eb8-d1a10f4850a2 team     team0  
virbr0     4350d6a9-a2de-45d6-89a2-1a1116f0073c bridge   virbr0 
team0-eth1 7a2a28a0-2b2e-4f76-a430-831d706a579e ethernet eth1   
team0-eth2 9e1df88f-018e-46e2-bde5-e09230fb181e ethernet eth2  


#启用
[root@rocky86 network-scripts]# nmcli con up team0
Connection successfully activated (master waiting for slaves) (D-Bus active 
path: /org/freedesktop/NetworkManager/ActiveConnection/29)

[root@rocky86 network-scripts]# nmcli con up team0-eth1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/32)

[root@rocky86 network-scripts]# nmcli con up team0-eth2
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/33)


#查看
[root@rocky86 network-scripts]# teamdctl team0 state
setup:
 runner: roundrobin
ports:
 eth1
   link watches:
     link summary: up
     instance[link_watch_0]:
       name: ethtool
       link: up
       down count: 0
 eth2
   link watches:
     link summary: up
     instance[link_watch_0]:
       name: ethtool
       link: up
       down count: 0
       
       
#断开一块网卡，再看
[root@rocky86 network-scripts]# teamdctl team0 state
setup:
 runner: roundrobin
ports:
 eth1
   link watches:
     link summary: down
     instance[link_watch_0]:
       name: ethtool
       link: down
       down count: 1
 eth2
   link watches:
     link summary: up
     instance[link_watch_0]:
       name: ethtool
       link: up
       down count: 0

删除

[root@rocky86 network-scripts]# nmcli con down team0
Connection 'team0' successfully deactivated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/43)

[root@rocky86 network-scripts]# nmcli con del team0
Connection 'team0' (702de3eb-2e80-897c-fd52-cd0494dd8123) successfully deleted.

[root@rocky86 network-scripts]# nmcli con del team0-eth1
Connection 'team0-eth1' (7465825a-f775-d608-7222-8f2fb493423f) successfully deleted.

[root@rocky86 network-scripts]# nmcli con del team0-eth2
Connection 'team0-eth2' (7b86983f-9f30-5ef5-4e97-269d4af8e492) successfully deleted.

网桥(交换机)

桥接原理

此处的网桥是逻辑上的网桥，说的是网络上的一个桥梁，打通网路，而不是硬件设备。

桥接：把一台机器上的若干个网络接口“连接”起来。其结果是，其中一个网口收到的报文会被复制给其他网口并发送出去。以使得网口之间的报文能够互相转发。网桥就是这样一个设备，它有若干个网口，并且这些网口是桥接起来的。与网桥相连的主机就能通过交换机的报文转发而互相通信。

连通情况

设备	设备	图1是否连通	图2是否连通
client1	client2	yes	yes
client1	client3	yes	yes

配置实现网桥

现在我们将图2中的交换机3换成一台电脑，配置多块网卡，然后通过命令配置，实现软交换(网桥)的功能

前置条件

实现

#client2 配置
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim eth0.yaml
network: 
 renderer: networkd
 ethernets: 
   eth0: 
     addresses: [172.16.1.110/16]
 version: 2
 
 
root@ubuntu22:/etc/netplan# netplan apply

root@ubuntu22:/etc/netplan# ip a show eth0

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode 
DEFAULT group default qlen 1000
   link/ether 00:0c:29:f3:44:a4 brd ff:ff:ff:ff:ff:ff
 altname ens2s6
 altname ens38
 inet 172.16.1.110/16 brd 172.16.255.255 scope global eth0
   valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fe29:5571/64 scope link
   valid_lft forever preferred_lft forever
   
   
#client3 配置
root@ubuntu22:~# cd /etc/netplan/
root@ubuntu22:/etc/netplan# vim ens33.yaml
network: 
 renderer: networkd
 ethernets: 
   ens33: 
     addresses: [172.16.1.114/16]
 version: 2
 
 
root@ubuntu22:/etc/netplan# netplan apply
root@ubuntu22:/etc/netplan# ip a show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode 
DEFAULT group default qlen 1000
   link/ether 00:0c:29:a3:1c:89 brd ff:ff:ff:ff:ff:ff
 altname enp2s6
 inet 172.16.1.114/16 brd 172.16.255.255 scope global eth0
   valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fea3:1c89/64 scope link
   valid_lft forever preferred_lft forever
   
   
#client2 ping client3
root@ubuntu22:/etc/netplan# ping 172.16.1.114
Ping 172.16.1.114 (172.16.1.114) 56(84) bytes of data.
From 172.16.1.110 icmp_Seq=1 Destination Host Unreachable
From 172.16.1.110 icmp_Seq=2 Destination Host Unreachable
......


#client3 ping client2
root@ubuntu22:/etc/netplan# ping 172.16.1.110
Ping 172.16.1.110 (172.16.1.110) 56(84) bytes of data.
From 172.16.1.114 icmp_Seq=1 Destination Host Unreachable
From 172.16.1.114 icmp_Seq=2 Destination Host Unreachable

网桥配置

#添加网桥
[root@rocky86 network-scripts]# nmcli con add type bridge con-name br0 ifname br0
Connection 'br0' (deedb558-72d9-4cd9-b136-08917304d777) successfully added.

#启用
[root@rocky86 network-scripts]# nmcli con up br0
Connection successfully activated (master waiting for slaves) (D-Bus active 
path: /org/freedesktop/NetworkManager/ActiveConnection/4)

#加网卡
[root@rocky86 network-scripts]# nmcli con add type bridge-slave con-name br0-port0 ifname ens160 master br0
Connection 'br0-port0' (0ec95062-a194-423c-b120-662f8c9f7bb3) successfully added.

#加网卡
[root@rocky86 network-scripts]# nmcli con add type bridge-slave con-name br0-port1 ifname ens192 master br0
Connection 'br0-port1' (49eba769-25e6-4794-945e-6190e5795cd6) successfully added.

#启用网卡
[root@rocky86 network-scripts]# nmcli con up br0-port0
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/7)

#启用网止
[root@rocky86 network-scripts]# nmcli con up br0-port1
Connection successfully activated (D-Bus active path: 
/org/freedesktop/NetworkManager/ActiveConnection/8)

#查看
[root@rocky86 network-scripts]# nmcli con
NAME       UUID                                 TYPE     DEVICE 
br0       deedb558-72d9-4cd9-b136-08917304d777 bridge   br0    
virbr0    68d52b85-639b-4019-9c1b-d192e17b1c0a bridge   virbr0 
br0-port0 0ec95062-a194-423c-b120-662f8c9f7bb3 ethernet ens160 
br0-port1 49eba769-25e6-4794-945e-6190e5795cd6 ethernet ens192

查看网桥

[root@rocky86 network-scripts]# nmcli dev show br0
GENERAL.DEVICE:                         br0
GENERAL.TYPE:                           bridge
GENERAL.HWADDR:                         00:0C:29:23:22:1E
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     br0
GENERAL.CON-PATH:                       
/org/freedesktop/NetworkManager/ActiveConnection/27
IP4.ADDRESS[1]:                         10.0.0.157/24
IP4.GATEWAY:                            10.0.0.2
IP4.ROUTE[1]:                           dst = 10.0.0.0/24, nh = 0.0.0.0, mt =
425
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 10.0.0.2, mt = 425
IP4.DNS[1]:                             10.0.0.2
IP4.DOMAIN[1]:                         localdomain
IP6.ADDRESS[1]:                         fe80::69df:b09e:30a8:b251/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024
[root@rocky86 network-scripts]# nmcli dev show ens192
GENERAL.DEVICE:                         ens192
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:23:22:28
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     br0-port1
GENERAL.CON-PATH:                       
/org/freedesktop/NetworkManager/ActiveConnection/31
WIRED-PROPERTIES.CARRIER:               on
IP4.GATEWAY:                            --
IP6.GATEWAY:                            --

[root@rocky86 network-scripts]# bridge link show
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state 
forwarding priority 32 cost 100
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state 
forwarding priority 32 cost 100

[root@rocky86 network-scripts]# ip link show master br0
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state 
UP mode DEFAULT group default qlen 1000
   link/ether 00:0c:29:23:22:1e brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state 
UP mode DEFAULT group default qlen 1000
   link/ether 00:0c:29:23:22:28 brd ff:ff:ff:ff:ff:ff

再次测试

#client2 ping client3
root@ubuntu22:/etc/netplan# ping 172.16.1.114
Ping 172.16.1.114 (172.16.1.114) 56(84) bytes of data.
From 172.16.1.110 icmp_Seq=1 ttl=64 time=2.05ms
From 172.16.1.110 icmp_Seq=2 ttl=64 time=2.01ms
......

#client3 ping client2
root@ubuntu22:/etc/netplan# ping 172.16.1.110
Ping 172.16.1.110 (172.16.1.110) 56(84) bytes of data.
From 172.16.1.114 icmp_Seq=1 ttl=64 time=2.23ms
From 172.16.1.114 icmp_Seq=2 ttl=64 time=1.12ms
......

删除禁用

1 2	[root@rocky86 network-scripts]# nmcli con down br0 [root@rocky86 network-scripts]# nmcli con del br0

brctl命令中实现

brctl命令也可实现网桥功能，

工具包：bridge-utils,目前 CentOS 8 系统光盘里无此包,EPEL源有此包

#安装软件，此包在c8中己废弃
yum install bridge-utils
rpm -qi bridge-utils

#查看网桥
brctl show

#查看CAM(content addressable memory内容可寻址存储器)表
brctl showmacs br0

#添加和删除网桥
brctl {addbr|delbr} br0 

#添加和删除网桥中网卡
brctl {addif|delif} br0 eth0

#默认br0 是down,必须启用
ifconfig br0 up

#启用STP
[root@centos7 ~]#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c297e67a3 no eth1 eth2

[root@centos7 ~]#brctl stp br0 on
[root@centos7 ~]#brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c297e67a3 yes eth1 eth2

STP 生成树协议

正常情况下，三台交换机，连两条网线，但这种情况下，如果断掉了一条线，则网络就会中断，为了解决此问题，三台交换机，连三线网线，这样，如果断了一条线，网络还是可用的，但这样会形成一个环形网络，由于交换机执行广播请求，那这种网络会造成网络风暴，所以需要启用stp规避此问题

网络测试诊断工具

常用诊断工具

fping

fping是一个程序，用于将ICMP探测发送到网络主机，类似于ping，fping的历史由来已久：Roland Schemers在1992年确实发布了它的第一个版本，从那时起它就确立了自己的地位，成为网络诊断和统计的标准工具

相对于ping多个主机时性能要高得多。 fping完全不同于ping，可以在命令行上定义任意数量的主机，或者指定包含要ping的IP地址或主机列表的文件, 常在shell 脚本中使用

CentOS 中由EPEL源提供

[root@centos8 ~]# yum -y install fping
[root@centos8 ~]# fping 10.0.0.7
10.0.0.7 is alive

[root@centos7 ~]# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all 

[root@centos8 ~]# fping 10.0.0.7
10.0.0.7 is unreachable

[root@centos8 ~]# fping 10.0.0.7
10.0.0.7 is unreachable

[root@centos8 ~]# fping 10.0.0.7 10.0.0.8
10.0.0.8 is alive
10.0.0.7 is unreachable

#-g　选项可以指定网段或地址范围
[root@centos8 ~]# fping -g 10.0.0.0/24
10.0.0.1 is alive
10.0.0.2 is alive
10.0.0.8 is alive
10.0.0.100 is alive
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.3
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.3
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.6
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.6
......

[root@centos8 ~]# fping -g 10.0.0.5 10.0.0.10
10.0.0.8 is alive
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.6
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.6
ICMP Host Unreachable from 10.0.0.8 for ICMP Echo sent to 10.0.0.6
10.0.0.5 is unreachable
10.0.0.6 is unreachable
10.0.0.7 is unreachable

#对文件中的主机时行测试
[root@centos8 ~]# tee hosts.txt <<EOF
10.0.0.7
10.0.0.6
EOF
10.0.0.7
10.0.0.6

[root@centos8 ~]# fping < hosts.txt
10.0.0.6 is alive
10.0.0.7 is unreachable

[root@centos8 ~]# fping -s < hosts.txt
10.0.0.6 is alive
10.0.0.7 is unreachable
       2 targets
       1 alive
       1 unreachable
       0 unknown addresses
       1 timeouts (waiting for response)
       5 ICMP Echos sent
       1 ICMP Echo Replies received
       0 other ICMP received
0.07 ms (min round trip time)
0.07 ms (avg round trip time)
0.07 ms (max round trip time)
        4.080 sec (elapsed real time)

tcpdump

网络数据包截获分析工具。支持针对网络层、协议、主机、网络或端口的过滤。并提供and、or、not等逻辑语句帮助去除无用的信息。

格式：

tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
        [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
        [ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
        [ -Q in|out|inout ]
        [ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
        [ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
        [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]
        [ -Z user ] [ expression ]
 
 
#常用选项
-a                   #以主机名来显示
-c                   #达到数量后就不再抓包
-d                   #友好格式显示
-dd                  #友好格式显示
-ddd                 #十进制格式显示
-e                   #显示链路层信息
-f                   #以数字格式显示IP
-i                   #指定设备
-n                   #不转换主机名和IP地址
-N                   #不显示域名
-q                   #快速输出，只显示少量指标
-r                   #从指定的文件读取数据
-s                   #指定数据包大小
-S                   #用绝对数字显示TCP关联数
-t                   #不显示时间
-tt                  #显示时间戳
-T                   #指定输出的类型
-v                   #详细显示指令执行过程。
-vv                  #显示详细过程
-x                   #十六进制输出
-w                   #将输出内容写到指定文件

范例：

#查看网卡
[root@centos8 ~]# tcpdump -D
1.eth0 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.bluetooth-monitor (Bluetooth Linux Monitor) [none]
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
7.usbmon0 (All USB buses) [none]
8.usbmon1 (USB bus number 1) 
9.usbmon2 (USB bus number 2) 

#不指定任何参数，监听第一块网卡上经过的数据包。主机上可能有不止一块网卡，所以经常需要指定网卡。
tcpdump

#监听特定网卡
tcpdump -i en0

#监听特定主机，监听主机10.0.0.100 的通信包，注意：出、入的包都会被监听。
tcpdump host 10.0.0.100

#特定来源、目标地址的通信
#特定来源
tcpdump src host hostname

#特定目标地址
tcpdump dst host hostname

#如果不指定src跟dst，那么来源或者目标是hostname的通信都会被监听
tcpdump host hostname

#面试题
[root@centos8 ~]# tcpdump -i eth0 -nn icmp and src host 10.0.0.6 and dst host 10.0.0.7

#特定端口
tcpdump port 3000

#监听TCP/UDP，服务器上不同服务分别用了TCP、UDP作为传输层，假如只想监听TCP的数据包
tcpdump tcp

#来源主机+端口+TCP，监听来自主机10.0.0.100在端口22上的TCP数据包
tcpdump tcp port 22 and src host 10.0.0.100

#监听特定主机之间的通信
tcpdump ip host 10.0.0.101 and 10.0.0.102

#10.0.0.101和除了10.0.0.1之外的主机之间的通信
tcpdump ip host 10.0.0.101 and ! 10.0.0.1



#详细示例
tcpdump tcp -i eth1 -t -s 0 -c 100 and dst port ! 22 and src net 192.168.1.0/24 -w ./target.cap

(1)tcp: ip icmp arp rarp 和 tcp、udp、icmp这些选项等都要放到第一个参数的位置，用来过滤数据报的类型
(2)-i eth1 : 只抓经过接口eth1的包
(3)-t : 不显示时间戳
(4)-s 0 :设置为0表示使用默认值262144字节抓取每个包，以便与tcpdump的旧版本兼容
(5)-c 100 : 只抓取100个数据包
(6)dst port ! 22 : 不抓取目标端口是22的数据包
(7)src net 192.168.1.0/24 : 数据包的源网络地址为192.168.1.0/24
(8)-w ./target.cap : 保存成cap文件，方便用wireshark分析

#限制抓包的数量，如下，抓到1000个包后，自动退出
tcpdump -c 1000

#保存到本地，tcpdump默认会将输出写到缓冲区，只有缓冲区内容达到一定的大小，或者tcpdump退出时，才会将输出写到本地磁盘,可以加上-U强制立即写到本地磁盘（一般不建议，性能相对较差）
tcpdump -n -vvv -c 1000 -w /tmp/tcpdump_save.cap

nmap

扫描远程主机工具，比发送 ICMP 报文的 ping 命令的功能要强大很多

第三方工具，没有要先安装

格式：

nmap [Scan Type(s)] [Options] {target specification}


#命令选项
-sT                 #TCP connect() 扫描，这是最基本的 TCP 扫描方式。
-sS                 #TCP 同步扫描 (TCP SYN)，因为不必全部打开一个 TCP 连接，所以这项技术通常称为半开扫描
-sF|-sX|-sN         #秘密扫描模式
-sP                 #ping 扫描，主机阻塞ICMP echo请求包是ping扫描是无效的
-sU                 #UDP 的数据包进行扫描，想知道在某台主机上提供哪些 UDP 服务，可以使用此选项    
-sA                 #ACK 扫描，这项高级的扫描方法通常可以用来穿过防火墙。    
-sW                 #滑动窗口扫描，非常类似于 ACK 的扫描    
-sR                 #RPC 扫描，和其它不同的端口扫描方法结合使用。 
-b                  #FTP 反弹攻击 (bounce attack)，连接到防火墙后面的一台 FTP 服务器做代理，接着进行端口扫描。
-P0                 #在扫描之前，不 ping 主机。    
-PT                 #扫描之前，使用 TCP ping 确定哪些主机正在运行
-PS                 #对于 root 用户，这个选项让 nmap 使用 SYN 包而不是 ACK 包来对目标主机进行扫描。    
-PI                 #设置这个选项，让 nmap 使用真正的 ping(ICMP echo 请求）来扫描目标主机是否正在运行。   
-PB                 #默认的ping扫描选项，使用 ACK(-PT) 和 ICMP(-PI) 两种扫描类型并行扫描，能够穿过防火墙。    
-O                  #这个选项激活对 TCP/IP 指纹特征 (fingerprinting) 的扫描，获得远程主机的操作系统类型
-I                  #打开 nmap 的反向标志扫描功能。    
-f                  #使用碎片 IP 数据包发送 SYN、FIN、XMAS、NULL。包增加包过滤、入侵检测系统的难度
-v                  #冗余模式。强烈推荐使用这个选项，它会给出扫描过程中的详细信息。
   
-S IP               #在一些情况下，nmap 可能无法确定你的源地址 。在这种情况使用这个选项给出指定 IP 地址
-g port             #设置扫描的源端口
-oN                 #把扫描结果重定向到一个可读的文件 logfilename 中  
-oS                #扫描结果输出到标准输出。    
--host_timeout     #设置扫描时间，以毫秒为单位。默认的情况下，没有超时限制    
--max_rtt_timeout  #设置对每次探测的等待时间，以毫秒为单位。如果超过这个时间限制就重传或者超时
--min_rtt_timeout  #设置 nmap 对每次探测至少等待你指定的时间，以毫秒为单位    
-M count           #置进行 TCP connect() 扫描时，最多使用多少个套接字进行并行的扫描

#Tcp ack 扫描，并发2000，速度快
nmap -n -PA --min-parallelism 2000 172.16.0.0/16

#仅列出指定网段上的每台主机,不发送任何报文到目标主机.
[root@centos8 ~]#nmap -sL 10.0.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:28 CST
Nmap scan report for 10.0.0.0
Nmap scan report for 10.0.0.1
......
Nmap scan report for 10.0.0.254
Nmap scan report for 10.0.0.255
Nmap done: 256 IP addresses (0 hosts up) scanned in 1.04 seconds

#可以指定一个IP地址范围
[root@centos8 ~]#nmap -sP 10.0.0.1-10
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:30 CST
Nmap scan report for 10.0.0.1
Host is up (0.000081s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 10.0.0.2
Host is up (0.00034s latency).
MAC Address: 00:50:56:F0:1E:25 (VMware)
Nmap scan report for 10.0.0.6
Host is up (0.00031s latency).
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for 10.0.0.7
Host is up (0.00036s latency).
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap scan report for 10.0.0.8
Host is up.
Nmap done: 10 IP addresses (5 hosts up) scanned in 2.89 seconds

#批量扫描一个网段的主机存活数
nmap -sP -v 192.168.1.0/24
nmap –v –sn ip/24

#有些主机关闭了ping检测,所以可以使用-P0跳过ping的探测,可以加快扫描速度.
nmap -P0 192.168.1.100

#扫描主机
nmap –v –A IP  

#一次性扫描多台目标主机
[root@centos8 ~]#nmap 10.0.0.6 10.0.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:39 CST
Nmap scan report for 10.0.0.6
Host is up (0.00055s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for 10.0.0.7
Host is up (0.00050s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap done: 2 IP addresses (2 hosts up) scanned in 101.01 seconds

#从一个文件中导入IP地址,并进行扫描
[root@centos8 ~]#cat hosts.txt 
10.0.0.7
10.0.0.6
58.87.87.99

[root@centos8 ~]#nmap -iL hosts.txt
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:43 CST
Nmap scan report for 10.0.0.7
Host is up (0.0024s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap scan report for 10.0.0.6
Host is up (0.0032s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for 58.87.87.99
Host is up (0.016s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
80/tcp   open http
3306/tcp open mysql
Nmap done: 3 IP addresses (3 hosts up) scanned in 120.33 seconds

#探测目标主机开放的端口,可指定一个以逗号分隔的端口列表(如-PS22,443,80)
[root@centos8 ~]#nmap -PS22,80,443 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:31 CST
Nmap scan report for 10.0.0.1
Host is up (0.00042s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 12.65 seconds

#使用SYN半开放扫描
[root@centos8 ~]#nmap -sS 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:33 CST
Nmap scan report for 10.0.0.1
Host is up (-0.052s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 10.07 seconds

#扫描开放了TCP端口的设备
[root@centos8 ~]#nmap -sT 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:34 CST
Nmap scan report for 10.0.0.1
Host is up (0.00040s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 4.52 seconds

#扫描开放了UDP端口的设备
[root@centos8 ~]#nmap -sU 10.0.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:34 CST
Nmap scan report for 10.0.0.1
Host is up (0.00046s latency).
Not shown: 999 open|filtered ports
PORT   STATE SERVICE
137/udp open netbios-ns
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 18.52 seconds

#只扫描UDP端口
nmap –e eth1 -sU -O 10.0.0.1  

#扫描TCP和UDP端口
nmap -sTU -O 10.0.0.1  

#用于扫描目标主机服务版本号
[root@centos8 ~]#nmap -sV 10.0.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-23 12:37 CST
Nmap scan report for 10.0.0.7
Host is up (0.0011s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
MAC Address: 00:0C:29:29:F9:26 (VMware)
Service detection performed. Please report any incorrect results at 
https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds

#查看主机当前开放的端口
nmap localhost    

#查看主机端口（1024-65535）中开放的端口
nmap -p 1024-65535 localhost  

#探测目标主机开放的端口
nmap -PS 10.0.0.1   

#探测所列出的目标主机端口
nmap -PS22,80,3306 10.0.0.1  

#探测目标主机操作系统类型
nmap -O 10.0.0.1

#探测目标主机操作系统类型
nmap -A 10.0.0.1

nc

nc是netcat的简写，有着网络界的瑞士军刀美誉。因为它短小精悍、功能实用，被设计为一个简单、可靠的网络工具

nc的作用

实现任意TCP/UDP端口的侦听，nc可以作为server以TCP或UDP方式侦听指定端口
端口的扫描，nc可以作为client发起TCP或UDP连接
机器之间传输文件
机器之间网络测速

格式：

ncat [options] [hostname] [port]


#常用选项
-g                        #设置路由器跃程通信网关，最多可设置8个
-G                        #设置来源路由指向器，其数值为4的倍数
-i|--idle-timeout         #设置时间间隔，以便传送信息及扫描通信端口。
-l| --listen              #使用监听模式，管控传入的资料。
-n|--nodns                #直接使用IP地址，而不通过域名服务器。
-o|--output               #将输出内容写文件
-p|--source-port          #指定本机端口
-s|--source               #指定本机IP
-u|--udp                  #使用UDP传输协议
-v|--verbose              #显示过程
-w|--wait                 #设置超时时间

#安装nc
[root@ubuntu1804 ~]#apt -y install netcat-openbsd
[root@centos8 ~]#yum -y install nc

#探测TCP协议
[root@ubuntu1804 ~]#nc -zv   10.0.0.101 22
Connection to 10.0.0.101 22 port [tcp/ssh] succeeded!

[root@ubuntu1804 ~]#nc -zv   10.0.0.101 2222
nc: connect to 10.0.0.101 port 2222 (tcp) failed: Connection refused

#探测UDP协议
[root@ubuntu1804 ~]#nc -zv -u 10.0.0.101 2049
Connection to 10.0.0.101 2049 port [udp/nfs] succeeded!

[root@ubuntu1804 ~]#nc -zv -u 10.0.0.101 111
Connection to 10.0.0.101 111 port [udp/sunrpc] succeeded!

[root@ubuntu1804 ~]#nc -zv -u 10.0.0.101 123