Bootstrap

linux下的网络配置

d## 1.什么是IP ADDRESS
internet protocol ADDRESS ##网络进程地址
ipv4 internet protocol version 4 (具体有那些子协议,可以参考网络协议看一下。)
ip是由32个01组成
11111110.11111110.11111110.11111110 = 254.254.254.254
ip地址由网络位加主机位组成,
1个0、1叫1bit 8bit=1byte 100M宽带表示的是100M个0和1 传输速率。 100/8=12.5M
1个IP 有4个字节

2.子网掩码

用来划分网络区域
子网掩码非0的位对应的ip上的数字表示这个ip的网络位
子网掩码0位对应的数字是ip的主机位
网络位表示网络区域
主机位表示网络区域里某台主机
ip通信判定 :网络位一致,主机位不一致的2个IP可以直接通讯

3 ping命令

命令功能
ping检测网络是否通畅
ping -c 1ping 1 次
ping -w 1等待1秒
ping -c1 -w1 ipping1次等待1秒
[root@foundation50 network-scripts]# ping 172.25.254.50  检测网络是否通畅
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.056 ms
64 bytes from 172.25.254.50: icmp_seq=2 ttl=64 time=0.031 ms
64 bytes from 172.25.254.50: icmp_seq=3 ttl=64 time=0.032 ms

[root@foundation50 network-scripts]# ping -c 1 172.25.254.50 检测一次
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.065 ms

--- 172.25.254.50 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms
[root@foundation50 Desktop]# ping -c1 -w1 172.25.254.50   检测一次等待一秒
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=64 time=0.039 ms

--- 172.25.254.50 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.039/0.039/0.039/0.000 ms


4 ifconfig (查看或设定网络接口)

命令功能
ifconfig查看
ifconfig device ip/24设定 (是临时设定)
ifconfig device down关闭
ifconfig device up开启
[root@localhost Desktop]# ifconfig ens3 查看ip
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.150  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::ce75:9c71:7e34:eb1  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:a3:e9:91  txqueuelen 1000  (Ethernet)
        RX packets 27234  bytes 7130145 (6.7 MiB)
        RX errors 0  dropped 418  overruns 0  frame 0
        TX packets 140  bytes 13259 (12.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
[root@localhost Desktop]# ifconfig ens3 172.25.254.200/24  临时设定ip
[root@localhost Desktop]# ifconfig ens3
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.200  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::ce75:9c71:7e34:eb1  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:a3:e9:91  txqueuelen 1000  (Ethernet)
        RX packets 30730  bytes 7989295 (7.6 MiB)
        RX errors 0  dropped 466  overruns 0  frame 0
        TX packets 152  bytes 15137 (14.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        
[root@localhost Desktop]# nmcli connection down ens3  关闭
Connection 'westos' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@localhost Desktop]# nmcli connection up ens3  开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost Desktop]# ifconfig ens3  重启后临时设定的ip失效
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.150  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::ce75:9c71:7e34:eb1  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:a3:e9:91  txqueuelen 1000  (Ethernet)
        RX packets 47971  bytes 12754827 (12.1 MiB)
        RX errors 0  dropped 735  overruns 0  frame 0
        TX packets 201  bytes 20406 (19.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0   

5、ip addr (检测或指定网络接口)

命令功能
ip addr show检测
ip addr add ip/24 dev device设定(或者添加),可以添加多个
ip addr del dev ens160 ip/24删除
ip addr flush dev ens3刷新
root@localhost Desktop]# ip addr add 172.25.254.150/24 dev ens3   设定或添加临时ip 
[root@localhost Desktop]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.150  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 52:54:00:a3:e9:91  txqueuelen 1000  (Ethernet)
        RX packets 75168  bytes 20267640 (19.3 MiB)
        RX errors 0  dropped 1181  overruns 0  frame 0
        TX packets 311  bytes 32727 (31.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@localhost Desktop]# ip addr del 172.25.254.150/24 dev  ens3 删除ip
[root@localhost Desktop]# ifconfig  ens3
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:a3:e9:91  txqueuelen 1000  (Ethernet)
        RX packets 85990  bytes 23257806 (22.1 MiB)
        RX errors 0  dropped 1361  overruns 0  frame 0
        TX packets 321  bytes 33551 (32.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@localhost Desktop]# ip addr add 172.25.254.150/24 dev  ens3 可以添加多个ip
[root@localhost Desktop]# ip addr add 172.25.254.200/24 dev  ens3  可以添加多个ip
[root@localhost Desktop]# ip addr show ens3 查看ip
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000  
    link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
    inet 172.25.254.150/24 scope global ens3
       valid_lft forever preferred_lft forever
    inet 172.25.254.200/24 scope global secondary ens3
       valid_lft forever preferred_lft forever 
[root@localhost Desktop]# ip addr flush dev ens3  刷新
[root@localhost Desktop]# ip addr show ens3    ip addr 设定的是临时的,刷新后ip都没了
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff

6、图形方式设定ip (永久ip)

设定ip命令 nm-connection-editor
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
更改ip需要重启服务
nmcli connection show
nmcli connection down westos 关闭
nmcli connection up westos 开启

注意配置前NetworkManager服务要开启才能配置 systemctl status NetworkManager ,无图形这个命令就用不了

7、无图形方式设定ip(永久ip)

输入nmtui(文本图形工具)
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

8、 命令方式设定网络

命令功能
nmcli connection show查看连接 ,后面跟网卡名字
nmcli connection down westos关闭连接 ,后面跟网卡名字
nmcli connection up westos开启连接 ,后面跟网卡名字
nmcli connection delete westos删除连接, 后面跟网卡名字
nmcli connection add type ethernet ifname ens160 con-name westos ip4 172.25.254.100/24添加连接(添加的时候,网卡不能被占用)
[root@localhost ~]# nmcli connection show  查看
NAME    UUID                                  TYPE      DEVICE 
westos  aff43fbd-81c5-4581-9c6d-76785e991c4c  ethernet  ens3   
virbr0  2bbfc0d5-b384-441a-9969-533d15956d7e  bridge    virbr0 
[root@localhost ~]# nmcli connection up westos  开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@localhost ~]# nmcli connection show westos  查看具体网卡信息
connection.id:                          westos
connection.uuid:                        aff43fbd-81c5-4581-9c6d-76785e991c4c
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              ens3
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
[root@localhost ~]# nmcli  connection  delete westos 删除连接
[root@localhost ~]# nmcli connection add type ethernet ifname ens3 con-name westos ipv4.method manual ipv4.addresses 172.25.254.150/24  添加连接,con-name 表示连接名,ifname表示设备名
Warning: There is another connection with the name 'westos'. Reference the connection by its uuid '38578e2f-23d4-48a6-877c-46d5514c18b9'
Connection 'westos' (38578e2f-23d4-48a6-877c-46d5514c18b9) successfully added.
[root@localhost ~]# ip addr show ens3 添加成功
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
    inet 172.25.254.150/24 brd 172.25.254.255 scope global noprefixroute ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::755b:7a00:438b:425/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# nmcli connection modify westos ipv4.addresses 172.25.254.200/24 更改ip,更改后不能生效
[root@localhost ~]# nmcli    connection  down westos    更改后要重启服务
[root@localhost ~]# nmcli    connection  up westos    

9、设备管理命令

命令功能
nmcli device connect ens160启用ens160网卡
nmcli device disconnect ens160关闭ens160网卡
nmcli device show ens160查看网卡信息
nmcli device status ens160查看网卡服务接口信息
[root@localhost ~]# nmcli device show ens3   查看设备信息
GENERAL.DEVICE:                         ens3
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         52:54:00:A3:E9:91
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     westos
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveC>
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         172.25.254.200/24
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 172.25.254.0/24, nh = 0.0.0.0, mt>
IP6.ADDRESS[1]:                         fe80::755b:7a00:438b:425/64
[root@localhost ~]# nmcli device status     查看网卡服务接口信息
DEVICE      TYPE      STATE      CONNECTION 
ens3        ethernet  connected  westos     
virbr0      bridge    connected  virbr0     
lo          loopback  unmanaged  --         
virbr0-nic  tun       unmanaged  -- 
[root@localhost ~]# nmcli device disconnect ens3 断开设备的工作
[root@localhost ~]# nmcli device connect ens3 连接设备的工作

10、管理网络配置文件 (利用文件管理网络)

1、网络配置目录
/etc/sysconfig/network-scripts/
2、网络配置文件的名命规则
ifcfg-xxxx
3、网络配置文件的写法

DEVICE=xxx                        ##设备名称
BOOTPROTO=dhcp|static|none        ##设备工作方式(none 、和static 是网卡设定时手动指定设置,dhcp 是自动)
ONBOOT=yes                        ##网络服务开启时自动激活网卡
IPADDR=                           ##IP地址 (0 可有可无,如果有多个ip 的就要用数字区分开来)
PREFIX=24                         ##子网掩码  **两个子网掩码的意思相同,写一个就可以。
NETMASK=255.255.255.0             ##子网掩码
NAME=                             ##接口名称
[root@localhost ~]# cd /etc/sysconfig/network-scripts/  进入网卡配置目录
[root@localhost network-scripts]# ls
ifcfg-westos  建立文件,必须是以ifcfg打头
[root@localhost network-scripts]# cat ifcfg-westos 
DEVICE=ens3   设备名
BOOTPROTO=none 
ONBOOT=yes 网络服务开启时,自动激活网卡
IPADDR0=172.25.254.150  ip地址
NETMASK0=255.255.255.0  子网掩码
IPADDR1=1.1.1.100 ip地址
PREFIX1=24  子网掩码
NAME=westos 连接名
 [root@localhost network-scripts]# nmcli connection reload 重新加载
[root@localhost network-scripts]# ip addr show ens3  查看
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:a3:e9:91 brd ff:ff:ff:ff:ff:ff
    inet 172.25.254.150/24 brd 172.25.254.255 scope global noprefixroute ens3
    valid_lft forever preferred_lft forever
    inet 1.1.1.100/24 brd 1.1.1.255 scope global noprefixroute ens3
     valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fea3:e991/64 scope link 
    valid_lft forever preferred_lft forever

11、dhcp服务配置

在一台虚拟机搭建dhcp服务器

[root@localhost ~]# yum search dhcp  查找dhcp安装包
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:00:45 ago on Thu 02 Sep 2021 11:44:06 AM CST.
========================= Name & Summary Matched: dhcp =========================
dhcp-server.x86_64 : Provides the ISC DHCP server

[root@localhost ~]# yum install dhcp-server.x86_64 -y  安装dhcp服务
[root@localhost ~]# rpm -qc dhcp-server  查看配置文件
/etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd6.conf
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases

[root@localhost ~]# cat /etc/dhcp/dhcpd.conf  查看dhcp配置文件里内容
DHCP Server Configuration file.
see /usr/share/doc/dhcp-server/dhcpd.conf.example 模板
see dhcpd.conf(5) man page
[root@localhost ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf  将模板复制成配置文件,生成配置文件内容
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf 编写配置文件
option domain-name "westos.org";  表示域名
option domain-name-servers 114.114.114.114  dns地址(域名解析服务器地址);

default-lease-time 600;  默认租约期,分给客户端ip所用的时长
max-lease-time 7200; 最长租约期

删除第27、28行
27 subnet 10.152.187.0 netmask 255.255.255.0 {
 28 }
 
删除34行以后的
更改30-32行
 30 subnet 172.25.254.0 netmask 255.255.255.0 {     网段和子网掩码
 31   range 172.25.254.210 172.25.254.240;   ip范围
 32   option routers 172.25.254.100; 网关
 33 }
 
[root@localhost ~]# systemctl start dhcpd  开启dhcp服务

在另一台虚拟机配置dhcp网络

  vim /etc/sysconfig/network-scripts/ifcfg-ens3
   DEVICE=ens3
   ONBOOT=yes
   BOOTPROTO=dhcp
[root@localhost ~]# nmcli connection reload  重新加载
[root@localhost ~]# nmcli connection down westos  关闭
[root@localhost ~]# nmcli connection up westos  开启

12、网关

路由器上接收客户数据的接口就叫客户的网关,也就是路由器上和客户主机处于同一网段的ip叫做客户主机的网关,是用来接收客户端数据包进行地址转换的
在这里插入图片描述
如何让不在同一网段上的两个主机进行通讯?
实验环境
一台虚拟机node1 ip地址为1.1.1.200
另一台为双网卡虚拟机node2 ip地址为1.1.1.100 和172.25.254.100
第三台ip地址为172.25.254.50

步骤:
1、让双网卡主机node2变成路由器
开启内核路由功能

[root@localhost network-scripts]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0

若 net.ipv4.ip_forward = 0
[root@localhost network-scripts]# vim /etc/sysctl.conf  编辑配置文件,将 net.ipv4.ip_forward =1 加在里面
net.ipv4.ip_forward=1
[root@localhost network-scripts]# sysctl -p  立即生效
net.ipv4.ip_forward = 1

开启火墙地址伪装功能

[root@localhost network-scripts]# systemctl enable --now firewalld 开启火墙
[root@localhost network-scripts]# firewall-cmd --permanent --add-masquerade  开启地址伪装功能
success
[root@localhost network-scripts]# firewall-cmd --reload  刷新火墙
success
[root@localhost network-scripts]# firewall-cmd --list-all 查看火墙信息
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0 enp7s0
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: yes 伪装功能已经打开
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

2.在node1上添加网关,连接路由器

[root@anonymous network-scripts]# route -n 查看网关
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
1.1.1.0         0.0.0.0         255.255.255.0   U     100    0        0 ens3
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@anonymous network-scripts]# ip route add default via 1.1.1.100  添加网关 ,这是临时的网关,重启后就没了
[root@anonymous network-scripts]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.1.1.100       0.0.0.0         UG    0      0        0 ens3
1.1.1.0         0.0.0.0         255.255.255.0   U     100    0        0 ens3
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@anonymous network-scripts]# ping 172.25.254.50  1网段可以ping通254网段
PING 172.25.254.50 (172.25.254.50) 56(84) bytes of data.
64 bytes from 172.25.254.50: icmp_seq=1 ttl=63 time=0.843 ms
64 bytes from 172.25.254.50: icmp_seq=2 ttl=63 time=0.434 ms

全局网关设定方法(永久的)

[root@anonymous network-scripts]# vim /etc/sysconfig/network  编辑全剧网关配置文件
GATEWAY=1.1.1.100 添加网关
[root@anonymous network-scripts]# nmcli connection down ens3  关闭
Connection 'ens3' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@anonymous network-scripts]# nmcli connection up  ens3  开启
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@anonymous network-scripts]# route -n 网关生效
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.1.1.100       0.0.0.0         UG    100    0        0 ens3
1.1.1.0         0.0.0.0         255.255.255.0   U     100    0        0 ens3
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

网卡网关 设定方式

[root@localhost Desktop]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# cat ifcfg-westos
DEVICE=ens3
BOOTPROTO=none
ONBOOT=yes
NAME=ens3
IPADDR=1.1.1.200
PREFIX=24
GATEWAY=1.1.1.100   网关
[root@localhost network-scripts]# nmcli connection reload 
[root@localhost network-scripts]# nmcli connection down ens3 
Connection 'ens3' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@localhost network-scripts]# nmcli connection up ens3 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost network-scripts]# route -n 查看网关  生效
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.1.1.100       0.0.0.0         UG    100    0        0 ens3
1.1.1.0         0.0.0.0         255.255.255.0   U     100    0        0 ens3
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

13、地址解析

问题: 网关设定之后,使用起来还是不够方便,只能用 ip ,那么ip 和域名之间怎么转换呢,那么我们就需要地址解析。

方法1: vim /etc/hosts 本地解析文件
ip 域名

[root@localhost Desktop]# ping www.baidu.com  不通
ping: www.baidu.com: Name or service not known
[root@localhost Desktop]# vim /etc/host  地解析文件
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
14.215.177.38 www.baidu.com  添加解析

方法2:dns解析
14.215.17.39 <----------------- dns <---------ping www.baidu.com
dns告诉www.baidu的地址为14.215.17.39 ,这个过程就叫地址解析,谁告诉的谁就是dns

 [root@localhost Desktop]# vim /etc/resolv.conf 编辑dns指向文件
nameserver 114.114.114.114  添加114

14、设定解析的优先级

默认情况下本地优先级高 etc/hosts > /etc/resolv.conf ,但是可以调整,在 /etc/nsswitch.conf 中调整

vim /etc/nsswitch.conf 
hosts:      files dns myhostname  files 和dns谁在前谁优先级高

注意:当网络dhcp为时,网卡配置文件会自动控制更改/etc/resolve.cof里的内容,为了不更改/etc/resolve.cof里内容,则在/etc/sysconfig/network-scripts/ifcfg-enp1s0 网络配置文件里加上PEERDNS=no
BOOTPROTO=dhcp
NAME=enp1s0
DEVICE=enp1s0
ONBOOT=yes
IPADDR=172.25.254.100
PREFIX=24
PEERDNS=no
[root@localhost network-scripts]# nmcli connection reload 重载
[root@localhost network-scripts]# nmcli connection down enp1s0 关闭
[root@localhost network-scripts]# nmcli connection up enp1s0 开启
[root@localhost network-scripts]# cat /etc/resolv.conf
nameserver 218.30.19.50 此时dns就不会变了

/usr/share/doc/initscripts/sysconfig.txt 网卡配置文件说明

;