Linux 网络属性管理(二)
ip命令
ip - show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route }
link OBJECT:
ip link – network device configuration
set dev IFACE 可设置属性: up and down:激活或禁用指定接口; show [dev IFACE]:指定接口 [up]:仅显示处于激活状态的接口
显示当前的ip链接
[root@Daniel ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2c:81:4d brd ff:ff:ff:ff:ff:ff
ip address – protocol address management
ip addr { add | del } IPADDR dev STRING
[label LABEL]:添加地址时指明网卡别名
[scope {global|link|host}]:指明作用域
global: 全局可用;
link: 仅链接可用;
host: 本机可用;
[broadcast ADDRESS]:指明广播地址
显示ip地址
[root@Daniel ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2c:81:4d brd ff:ff:ff:ff:ff:ff inet 192.168.98.140/24 brd 192.168.98.255 scope global eth0 inet6 fe80::20c:29ff:fe2c:814d/64 scope link valid_lft forever preferred_lft forever
为eth0这块儿网卡添加一个地址并赋予别名eth0:0
[root@Daniel ~]# ip addr add 192.168.98.141/24 dev eth0 label eth0:0 [root@Daniel ~]# ip add show eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2c:81:4d brd ff:ff:ff:ff:ff:ff inet 192.168.98.140/24 brd 192.168.98.255 scope global eth0 inet 192.168.98.141/24 scope global secondary eth0:0 inet6 fe80::20c:29ff:fe2c:814d/64 scope link valid_lft forever preferred_lft forever
删除刚才添加的地址
[root@Daniel ~]# ip addr del 192.168.98.141/24 dev eth0 [root@Daniel ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2c:81:4d brd ff:ff:ff:ff:ff:ff inet 192.168.98.140/24 brd 192.168.98.255 scope global eth0 inet6 fe80::20c:29ff:fe2c:814d/64 scope link valid_lft forever preferred_lft forever
ip address show – look at protocol addresses
[dev DEVICE] [label PATTERN] [primary and secondary] [root@Daniel ~]# ip address show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:2c:81:4d brd ff:ff:ff:ff:ff:ff inet 192.168.98.140/24 brd 192.168.98.255 scope global eth0 inet 192.168.98.141/24 scope global secondary eth0:0 inet6 fe80::20c:29ff:fe2c:814d/64 scope link valid_lft forever preferred_lft forever [root@Daniel ~]# ip address show label eth0:0 inet 192.168.98.141/24 scope global secondary eth0:0
ip address flush – flush protocol addresses
使用格式同show
ip route – routing table management
ip route add 添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP TARGET: 主机路由:IP 网络路由:NETWORK/MASK [root@Daniel ~]# ip route add 192.168.1.3 via 192.168.98.2 dev eth0 [root@Daniel ~]# [root@Daniel ~]# ip route show 192.168.1.3 via 192.168.98.2 dev eth0 192.168.98.0/24 dev eth0 proto kernel scope link src 192.168.98.140 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.98.2 dev eth0 [root@Daniel ~]# ip route add 192.168.0.0/24 via 192.168.98.2 [root@Daniel ~]# [root@Daniel ~]# ip route show 192.168.1.3 via 192.168.98.2 dev eth0 192.168.98.0/24 dev eth0 proto kernel scope link src 192.168.98.140 192.168.0.0/24 via 192.168.98.2 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.98.2 dev eth0 添加网关:ip route add defalt via GW dev IFACE ip route delete 删除路由:ip route del TARGET [root@Daniel ~]# ip route del 192.168.1.3 [root@Daniel ~]# [root@Daniel ~]# ip route show 192.168.98.0/24 dev eth0 proto kernel scope link src 192.168.98.140 192.168.0.0/24 via 192.168.98.2 dev eth0 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.98.2 dev eth0 [root@Daniel ~]# ip route del 192.168.0.0/24 [root@Daniel ~]# ip route show 192.168.98.0/24 dev eth0 proto kernel scope link src 192.168.98.140 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.98.2 dev eth0 ip route show [root@Daniel ~]# ip route show 192.168.98.0/24 dev eth0 proto kernel scope link src 192.168.98.140 169.254.0.0/16 dev eth0 scope link metric 1002 default via 192.168.98.2 dev eth0 ip route flush 清空路由表 [dev IFACE] [via PREFIX]
ss命令
ss命令:
格式:ss [OPTION]... [FILTER] 选项: -t: tcp协议相关 -u: udp协议相关 -w: 裸套接字相关 -x:unix sock相关 -l: listen状态的连接 -a: 所有 -n: 数字格式 -p: 相关的程序及PID -e: 扩展的信息 -m:内存用量 -o:计时器信息 FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
tcp finite state machine: LISTEN: 监听 ESTABLISHED:已建立的连接 FIN_WAIT_1 FIN_WAIT_2 SYN_SENT SYN_RECV CLOSED EXPRESSION: dport = sport = 示例:’( dport = :ssh or sport = :ssh )’ 常用组合: -tan, -tanl, -tanlp, -uan [root@Daniel ~]# ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 0 192.168.98.140:22 192.168.98.1:64234 ESTAB 0 0 192.168.98.140:22 192.168.98.1:55255 [root@Daniel ~]# [root@Daniel ~]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* [root@Daniel ~]#
原创文章,作者:Daniel-W,如若转载,请注明出处:http://www.178linux.com/22987
