Linux网络配置(2)
配置Linux网络属性:ip命令
使用rpm -qf查看版本安装IP命令:
[root@localhost ~]# rpm -qf `which ip`
iproute-2.6.32-23.el6.x86_64
ip命令:
ip - show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route }
[root@localhost ~]# ip link help-->主要管理二层信息:
Usage: ip link add link DEV [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
type TYPE [ ARGS ]
ip link delete DEV type TYPE [ ARGS ]
ip link set DEVICE [ { up | down } ]
[ arp { on | off } ]
[ dynamic { on | off } ]
[ multicast { on | off } ]
[ allmulticast { on | off } ]
[ promisc { on | off } ]
[ trailers { on | off } ]
[ txqueuelen PACKETS ]
[ name NEWNAME ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
[ netns PID ]
[ alias NAME ]
[ vf NUM [ mac LLADDR
[ vlan VLANID [ qos VLAN-QOS ] ]
[ rate TXRATE ] ]
ip link show [ DEVICE ]
TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | can }
ip link下的2个子命令:set ,show
set
dev IFACE
可设置属性:
up and down:激活或禁用指定接口;
[root@localhost ~]# ip link set lo up
[root@localhost ~]# ip link show up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:b5:54:45 brd ff:ff:ff:ff:ff:ff
show
[dev IFACE]:指定接口
[root@localhost ~]# ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:b5:54:45 brd ff:ff:ff:ff:ff:ff
[up]:仅显示处于激活状态的接口
[root@localhost ~]# ip link show
1: lo: <LOOPBACK> mtu 16436 qdisc noqueue state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:b5:54:45 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link show up
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:b5:54:45 brd ff:ff:ff:ff:ff:ff
ip address - protocol address management -->协议地址的管理工具!
ip addr { add | del } IFADDR dev STRING
[label LABEL]:添加地址时指明网卡别名
[scope {global|link|host}]:指明作用域
global: 全局可用;
link: 仅链接可用;
host: 本机可用;
[broadcast ADDRESS]:指明广播地址
ip address show - look at protocol addresses-->清空地址:
[dev DEVICE]
[label PATTERN]
[primary and secondary]
ip route - routing table management-->路由表管理:
ip route add
添加路由:ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主机路由:IP
网络路由:NETWORK/MASK
添加网关:ip route add defalt via GW dev IFACE
[root@localhost ~]# ip route show
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 1
ip route delete
删除路由:ip route del TARGET
ip route flush:清空路由表
ss命令:网络状态查看工具
格式:ss [OPTION]... [FILTER]
选项:
-t: tcp协议相关
[root@localhost ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259
-u: udp协议相关
[root@localhost ~]# ss -u
State Recv-Q Send-Q Local Address:Port Peer Address:Port
-w: 裸套接字相关
-x:unix sock相关
-l: listen状态的连接
-a: 所有
[root@localhost ~]# ss -a
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::sunrpc :::*
LISTEN 0 128 *:sunrpc *:*
LISTEN 0 128 :::ssh :::*
LISTEN 0 128 *:ssh *:*
LISTEN 0 128 :::34710 :::*
LISTEN 0 128 127.0.0.1:ipp *:*
LISTEN 0 128 ::1:ipp :::*
LISTEN 0 100 ::1:smtp :::*
LISTEN 0 100 127.0.0.1:smtp *:*
LISTEN 0 128 *:34265 *:*
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259
-n: 数字格式
[root@localhost ~]# ss -n
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:22 192.168.1.2:50255
ESTAB 0 0 192.168.1.3:22 192.168.1.2:50247
ESTAB 0 52 192.168.1.3:22 192.168.1.2:50259
-p: 相关的程序及PID
[root@localhost ~]# ss -p
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255 users:(("sshd",2934,3))
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247 users:(("sshd",2911,3))
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259 users:(("sshd",2958,3))
-e: 扩展的信息
[root@localhost ~]# ss -e
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255 timer:(keepalive,67min,0) ino:21235 sk:ffff88003d68d480
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247 timer:(keepalive,67min,0) ino:21105 sk:ffff880037e7e080
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259 timer:(on,414ms,0) ino:21365 sk:ffff88003d68ce00
-m:内存用量
[root@localhost ~]# ss -m
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255
mem:(r0,w0,f4096,t0)
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247
mem:(r0,w0,f4096,t0)
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259
mem:(r0,w1332,f2764,t0)
-o:计时器信息
[root@localhost ~]# ss -o
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50255 timer:(keepalive,66min,0)
ESTAB 0 0 192.168.1.3:ssh 192.168.1.2:50247 timer:(keepalive,66min,0)
ESTAB 0 52 192.168.1.3:ssh 192.168.1.2:50259 timer:(on,388ms,0)
FILTER := [ state TCP-STATE ] [ EXPRESSION ]-->自己指明表达式:
[root@localhost ~]# ss -tan state ESTABLISHED
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 192.168.1.3:22 192.168.1.2:50255
0 0 192.168.1.3:22 192.168.1.2:50247
0 52 192.168.1.3:22 192.168.1.2:50259
TCP的常见状态:
tcp finite state machine:
LISTEN: 监听
ESTABLISHED:已建立的连接
FIN_WAIT_1:断开
FIN_WAIT_2:断开
SYN_SENT:三次握手一次
SYN_RECV:三次握手第二次
CLOSED:
TCP三次握手-->四次断开!!!
常用组合:
-tan, -tanl, -tanlp, -uan
EXPRESSION:
dport =
sport =
示例:ss -o state established ’( dport = :ssh or sport = :ssh )’
原创文章,作者:wostop,如若转载,请注明出处:http://www.178linux.com/26685
