d## 1.什么是IP ADDRESS
internet protocol ADDRESS ##网络进程地址
ipv4 internet protocol version 4 (具体有那些子协议,可以参考网络协议看一下。)
ip是由32个01组成
11111110.11111110.11111110.11111110 = 254.254.254.254
ip地址由网络位加主机位组成,
1个0、1叫1bit 8bit=1byte 100M宽带表示的是100M个0和1 传输速率。 100/8=12.5M
1个IP 有4个字节
2.子网掩码
用来划分网络区域
子网掩码非0的位对应的ip上的数字表示这个ip的网络位
子网掩码0位对应的数字是ip的主机位
网络位表示网络区域
主机位表示网络区域里某台主机
ip通信判定 :网络位一致,主机位不一致的2个IP可以直接通讯
3 ping命令
命令 | 功能 |
---|---|
ping | 检测网络是否通畅 |
ping -c 1 | ping 1 次 |
ping -w 1 | 等待1秒 |
ping -c1 -w1 ip | ping1次等待1秒 |
[root@foundation50 network-scripts]# ping 172.25.254.50 检测网络是否通畅
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.056 ms
64 bytes from 172.25.254.50: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 172.25.254.50: icmp_seq=3 ttl=64 time=0.032 ms
[root@foundation50 network-scripts]# ping -c 1 172.25.254.50 检测一次
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.065 ms
--- 172.25.254.50 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms
[root@foundation50 Desktop]# ping -c1 -w1 172.25.254.50 检测一次等待一秒
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.039 ms
--- 172.25.254.50 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.039/0.039/0.039/0.000 ms
4 ifconfig (查看或设定网络接口)
命令 | 功能 |
---|---|
ifconfig | 查看 |
ifconfig device ip/24 | 设定 (是临时设定) |
ifconfig device down | 关闭 |
ifconfig device up | 开启 |
[root@localhost Desktop]# ifconfig ens3 查看ip
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.150 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::ce75:9c71:7e34:eb1 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:a3:e9:91 txqueuelen 1000 (Ethernet)
RX packets 27234 bytes 7130145 (6.7 MiB)
RX errors 0 dropped 418 overruns 0 frame 0
TX packets 140 bytes 13259 (12.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# ifconfig ens3 172.25.254.200/24 临时设定ip
[root@localhost Desktop]# ifconfig ens3
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::ce75:9c71:7e34:eb1 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:a3:e9:91 txqueuelen 1000 (Ethernet)
RX packets 30730 bytes 7989295 (7.6 MiB)
RX errors 0 dropped 466 overruns 0 frame 0
TX packets 152 bytes 15137 (14.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# nmcli connection down ens3 关闭
Connection 'westos' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@localhost Desktop]# nmcli connection up ens3 开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost Desktop]# ifconfig ens3 重启后临时设定的ip失效
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.150 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::ce75:9c71:7e34:eb1 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:a3:e9:91 txqueuelen 1000 (Ethernet)
RX packets 47971 bytes 12754827 (12.1 MiB)
RX errors 0 dropped 735 overruns 0 frame 0
TX packets 201 bytes 20406 (19.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5、ip addr (检测或指定网络接口)
命令 | 功能 |
---|---|
ip addr show | 检测 |
ip addr add ip/24 dev device | 设定(或者添加),可以添加多个 |
ip addr del dev ens160 ip/24 | 删除 |
ip addr flush dev ens3 | 刷新 |
root@localhost Desktop]# ip addr add 172.25.254.150/24 dev ens3 设定或添加临时ip
[root@localhost Desktop]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.150 netmask 255.255.255.0 broadcast 0.0.0.0
ether 52:54:00:a3:e9:91 txqueuelen 1000 (Ethernet)
RX packets 75168 bytes 20267640 (19.3 MiB)
RX errors 0 dropped 1181 overruns 0 frame 0
TX packets 311 bytes 32727 (31.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# ip addr del 172.25.254.150/24 dev ens3 删除ip
[root@localhost Desktop]# ifconfig ens3
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:a3:e9:91 txqueuelen 1000 (Ethernet)
RX packets 85990 bytes 23257806 (22.1 MiB)
RX errors 0 dropped 1361 overruns 0 frame 0
TX packets 321 bytes 33551 (32.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# ip addr add 172.25.254.150/24 dev ens3 可以添加多个ip
[root@localhost Desktop]# ip addr add 172.25.254.200/24 dev ens3 可以添加多个ip
[root@localhost Desktop]# ip addr show ens3 查看ip
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.150/24 scope global ens3
valid_lft forever preferred_lft forever
inet 172.25.254.200/24 scope global secondary ens3
valid_lft forever preferred_lft forever
[root@localhost Desktop]# ip addr flush dev ens3 刷新
[root@localhost Desktop]# ip addr show ens3 ip addr 设定的是临时的,刷新后ip都没了
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
6、图形方式设定ip (永久ip)
设定ip命令 nm-connection-editor
更改ip需要重启服务
nmcli connection show
nmcli connection down westos 关闭
nmcli connection up westos 开启
注意配置前NetworkManager服务要开启才能配置 systemctl status NetworkManager ,无图形这个命令就用不了
7、无图形方式设定ip(永久ip)
输入nmtui(文本图形工具)
8、 命令方式设定网络
命令 | 功能 |
---|---|
nmcli connection show | 查看连接 ,后面跟网卡名字 |
nmcli connection down westos | 关闭连接 ,后面跟网卡名字 |
nmcli connection up westos | 开启连接 ,后面跟网卡名字 |
nmcli connection delete westos | 删除连接, 后面跟网卡名字 |
nmcli connection add type ethernet ifname ens160 con-name westos ip4 172.25.254.100/24 | 添加连接(添加的时候,网卡不能被占用) |
[root@localhost ~]# nmcli connection show 查看
NAME UUID TYPE DEVICE
westos aff43fbd-81c5-4581-9c6d-76785e991c4c ethernet ens3
virbr0 2bbfc0d5-b384-441a-9969-533d15956d7e bridge virbr0
[root@localhost ~]# nmcli connection up westos 开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@localhost ~]# nmcli connection show westos 查看具体网卡信息
connection.id: westos
connection.uuid: aff43fbd-81c5-4581-9c6d-76785e991c4c
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: ens3
connection.autoconnect: yes
connection.autoconnect-priority: 0
[root@localhost ~]# nmcli connection delete westos 删除连接
[root@localhost ~]# nmcli connection add type ethernet ifname ens3 con-name westos ipv4.method manual ipv4.addresses 172.25.254.150/24 添加连接,con-name 表示连接名,ifname表示设备名
Warning: There is another connection with the name 'westos'. Reference the connection by its uuid '38578e2f-23d4-48a6-877c-46d5514c18b9'
Connection 'westos' (38578e2f-23d4-48a6-877c-46d5514c18b9) successfully added.
[root@localhost ~]# ip addr show ens3 添加成功
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.150/24 brd 172.25.254.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet6 fe80::755b:7a00:438b:425/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# nmcli connection modify westos ipv4.addresses 172.25.254.200/24 更改ip,更改后不能生效
[root@localhost ~]# nmcli connection down westos 更改后要重启服务
[root@localhost ~]# nmcli connection up westos
9、设备管理命令
命令 | 功能 |
---|---|
nmcli device connect ens160 | 启用ens160网卡 |
nmcli device disconnect ens160 | 关闭ens160网卡 |
nmcli device show ens160 | 查看网卡信息 |
nmcli device status ens160 | 查看网卡服务接口信息 |
[root@localhost ~]# nmcli device show ens3 查看设备信息
GENERAL.DEVICE: ens3
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 52:54:00:A3:E9:91
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: westos
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveC>
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.254.200/24
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 172.25.254.0/24, nh = 0.0.0.0, mt>
IP6.ADDRESS[1]: fe80::755b:7a00:438b:425/64
[root@localhost ~]# nmcli device status 查看网卡服务接口信息
DEVICE TYPE STATE CONNECTION
ens3 ethernet connected westos
virbr0 bridge connected virbr0
lo loopback unmanaged --
virbr0-nic tun unmanaged --
[root@localhost ~]# nmcli device disconnect ens3 断开设备的工作
[root@localhost ~]# nmcli device connect ens3 连接设备的工作
10、管理网络配置文件 (利用文件管理网络)
1、网络配置目录
/etc/sysconfig/network-scripts/
2、网络配置文件的名命规则
ifcfg-xxxx
3、网络配置文件的写法
DEVICE=xxx ##设备名称
BOOTPROTO=dhcp|static|none ##设备工作方式(none 、和static 是网卡设定时手动指定设置,dhcp 是自动)
ONBOOT=yes ##网络服务开启时自动激活网卡
IPADDR= ##IP地址 (0 可有可无,如果有多个ip 的就要用数字区分开来)
PREFIX=24 ##子网掩码 **两个子网掩码的意思相同,写一个就可以。
NETMASK=255.255.255.0 ##子网掩码
NAME= ##接口名称
[root@localhost ~]# cd /etc/sysconfig/network-scripts/ 进入网卡配置目录
[root@localhost network-scripts]# ls
ifcfg-westos 建立文件,必须是以ifcfg打头
[root@localhost network-scripts]# cat ifcfg-westos
DEVICE=ens3 设备名
BOOTPROTO=none
ONBOOT=yes 网络服务开启时,自动激活网卡
IPADDR0=172.25.254.150 ip地址
NETMASK0=255.255.255.0 子网掩码
IPADDR1=1.1.1.100 ip地址
PREFIX1=24 子网掩码
NAME=westos 连接名
[root@localhost network-scripts]# nmcli connection reload 重新加载
[root@localhost network-scripts]# ip addr show ens3 查看
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
inet 172.25.254.150/24 brd 172.25.254.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet 1.1.1.100/24 brd 1.1.1.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea3:e991/64 scope link
valid_lft forever preferred_lft forever
11、dhcp服务配置
在一台虚拟机搭建dhcp服务器
[root@localhost ~]# yum search dhcp 查找dhcp安装包
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:00:45 ago on Thu 02 Sep 2021 11:44:06 AM CST.
========================= Name & Summary Matched: dhcp =========================
dhcp-server.x86_64 : Provides the ISC DHCP server
[root@localhost ~]# yum install dhcp-server.x86_64 -y 安装dhcp服务
[root@localhost ~]# rpm -qc dhcp-server 查看配置文件
/etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd6.conf
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf 查看dhcp配置文件里内容
DHCP Server Configuration file.
see /usr/share/doc/dhcp-server/dhcpd.conf.example 模板
see dhcpd.conf(5) man page
[root@localhost ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf 将模板复制成配置文件,生成配置文件内容
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf 编写配置文件
option domain-name "westos.org"; 表示域名
option domain-name-servers 114.114.114.114 dns地址(域名解析服务器地址);
default-lease-time 600; 默认租约期,分给客户端ip所用的时长
max-lease-time 7200; 最长租约期
删除第27、28行
27 subnet 10.152.187.0 netmask 255.255.255.0 {
28 }
删除34行以后的
更改30-32行
30 subnet 172.25.254.0 netmask 255.255.255.0 { 网段和子网掩码
31 range 172.25.254.210 172.25.254.240; ip范围
32 option routers 172.25.254.100; 网关
33 }
[root@localhost ~]# systemctl start dhcpd 开启dhcp服务
在另一台虚拟机配置dhcp网络
vim /etc/sysconfig/network-scripts/ifcfg-ens3
DEVICE=ens3
ONBOOT=yes
BOOTPROTO=dhcp
[root@localhost ~]# nmcli connection reload 重新加载
[root@localhost ~]# nmcli connection down westos 关闭
[root@localhost ~]# nmcli connection up westos 开启
12、网关
路由器上接收客户数据的接口就叫客户的网关,也就是路由器上和客户主机处于同一网段的ip叫做客户主机的网关,是用来接收客户端数据包进行地址转换的
如何让不在同一网段上的两个主机进行通讯?
实验环境
一台虚拟机node1 ip地址为1.1.1.200
另一台为双网卡虚拟机node2 ip地址为1.1.1.100 和172.25.254.100
第三台ip地址为172.25.254.50
步骤:
1、让双网卡主机node2变成路由器
开启内核路由功能
[root@localhost network-scripts]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
若 net.ipv4.ip_forward = 0
[root@localhost network-scripts]# vim /etc/sysctl.conf 编辑配置文件,将 net.ipv4.ip_forward =1 加在里面
net.ipv4.ip_forward=1
[root@localhost network-scripts]# sysctl -p 立即生效
net.ipv4.ip_forward = 1
开启火墙地址伪装功能
[root@localhost network-scripts]# systemctl enable --now firewalld 开启火墙
[root@localhost network-scripts]# firewall-cmd --permanent --add-masquerade 开启地址伪装功能
success
[root@localhost network-scripts]# firewall-cmd --reload 刷新火墙
success
[root@localhost network-scripts]# firewall-cmd --list-all 查看火墙信息
public (active)
target: default
icmp-block-inversion: no
interfaces: enp1s0 enp7s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: yes 伪装功能已经打开
forward-ports:
source-ports:
icmp-blocks:
rich rules:
2.在node1上添加网关,连接路由器
[root@anonymous network-scripts]# route -n 查看网关
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
1.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@anonymous network-scripts]# ip route add default via 1.1.1.100 添加网关 ,这是临时的网关,重启后就没了
[root@anonymous network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 1.1.1.100 0.0.0.0 UG 0 0 0 ens3
1.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@anonymous network-scripts]# ping 172.25.254.50 1网段可以ping通254网段
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=63 time=0.843 ms
64 bytes from 172.25.254.50: icmp_seq=2 ttl=63 time=0.434 ms
全局网关设定方法(永久的)
[root@anonymous network-scripts]# vim /etc/sysconfig/network 编辑全剧网关配置文件
GATEWAY=1.1.1.100 添加网关
[root@anonymous network-scripts]# nmcli connection down ens3 关闭
Connection 'ens3' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@anonymous network-scripts]# nmcli connection up ens3 开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@anonymous network-scripts]# route -n 网关生效
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 1.1.1.100 0.0.0.0 UG 100 0 0 ens3
1.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
网卡网关 设定方式
[root@localhost Desktop]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cat ifcfg-westos
DEVICE=ens3
BOOTPROTO=none
ONBOOT=yes
NAME=ens3
IPADDR=1.1.1.200
PREFIX=24
GATEWAY=1.1.1.100 网关
[root@localhost network-scripts]# nmcli connection reload
[root@localhost network-scripts]# nmcli connection down ens3
Connection 'ens3' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@localhost network-scripts]# nmcli connection up ens3
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost network-scripts]# route -n 查看网关 生效
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 1.1.1.100 0.0.0.0 UG 100 0 0 ens3
1.1.1.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
13、地址解析
问题: 网关设定之后,使用起来还是不够方便,只能用 ip ,那么ip 和域名之间怎么转换呢,那么我们就需要地址解析。
方法1: vim /etc/hosts 本地解析文件
ip 域名
[root@localhost Desktop]# ping www.baidu.com 不通
ping: www.baidu.com: Name or service not known
[root@localhost Desktop]# vim /etc/host 地解析文件
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
14.215.177.38 www.baidu.com 添加解析
方法2:dns解析
14.215.17.39 <----------------- dns <---------ping www.baidu.com
dns告诉www.baidu的地址为14.215.17.39 ,这个过程就叫地址解析,谁告诉的谁就是dns
[root@localhost Desktop]# vim /etc/resolv.conf 编辑dns指向文件
nameserver 114.114.114.114 添加114
14、设定解析的优先级
默认情况下本地优先级高 etc/hosts > /etc/resolv.conf ,但是可以调整,在 /etc/nsswitch.conf 中调整
vim /etc/nsswitch.conf
hosts: files dns myhostname files 和dns谁在前谁优先级高
注意:当网络dhcp为时,网卡配置文件会自动控制更改/etc/resolve.cof里的内容,为了不更改/etc/resolve.cof里内容,则在/etc/sysconfig/network-scripts/ifcfg-enp1s0 网络配置文件里加上PEERDNS=no
BOOTPROTO=dhcp
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
IPADDR=172.25.254.100
PREFIX=24
PEERDNS=no
[root@localhost network-scripts]# nmcli connection reload 重载
[root@localhost network-scripts]# nmcli connection down enp1s0 关闭
[root@localhost network-scripts]# nmcli connection up enp1s0 开启
[root@localhost network-scripts]# cat /etc/resolv.conf
nameserver 218.30.19.50 此时dns就不会变了
/usr/share/doc/initscripts/sysconfig.txt 网卡配置文件说明