4.3.3 route 命令
路由表管理命令
路由表主要构成:
- Destination: 目标网络ID,表示可以到达的目标网络ID,0.0.0.0/0 表示所有未知网络,又称为默认路由,优先级最低
- Genmask:目标网络对应的netmask
- Iface: 到达对应网络,应该从当前主机哪个网卡发送出来
- Gateway: 到达非直连的网络,将数据发送到临近(下一个)路由器的临近本主机的接口的IP地址,如果是直连网络,gateway是0.0.0.0
- Metric: 开销cost,值越小,路由记录的优先级最高
查看路由表:
route
route -n
范例:
[root@rocky8 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 100 0 0 eth0
r172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
#Destination 目标地址 Gateway 网关 Genmask 子网掩码 Flags 标签 Metric 开销 Iface接口
#非直连网段使用Gateway 网关
[root@rocky8 ~]# route -n #-n 数字化显示
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0 #这行是已知网络
#0.0.0.0 代表未知网络
[root@rocky8 ~]# route --help
Usage: route [-nNvee] [-FC] [<AF>] List kernel routing tables
route [-v] [-FC] {add|del|flush} ... Modify routing table for AF.
route {-h|--help} [<AF>] Detailed usage syntax for specified AF.
route {-V|--version} Display version/author and exit.
-v, --verbose be verbose
-n, --numeric don't resolve names
-e, --extend display other/more information
-F, --fib display Forwarding Information Base (default)
-C, --cache display routing cache instead of FIB
<AF>=Use -4, -6, '-A <af>' or '--<af>'; default: inet
List of possible address families (which support routing):
inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25)
netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP)
x25 (CCITT X.25)
#add 添加路由表 del 删除路由表 flush 清空路由表
[root@rocky8 ~]# man route
添加:route add
route add [-net|-host|default] target [netmask Nm] [gw GW] [[dev] If]
删除:route del
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If]
范例:
[root@rocky8 ~]# route add -net 172.16.0.0/16 dev eth0 gw 172.31.0.1 #添加路由表1
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 172.31.0.1 255.255.0.0 UG 0 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
[root@rocky8 ~]# route del -net 172.16.0.0/16 dev eth0 gw 172.31.0.1 #删除路由表
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
[root@rocky8 ~]# ifconfig eth0:1 192.168.0.8/24
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.1.8 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::20c:29ff:fef9:6ad1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
RX packets 2176535 bytes 3242385401 (3.0 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2157125 bytes 3209740405 (2.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.8 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#添加IP地址会自动生成路由表
[root@centos7 ~]# ifconfig eth0:1 192.168.0.7/24
[root@centos7 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.0.7 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::20c:29ff:fe50:f03 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:50:0f:03 txqueuelen 1000 (Ethernet)
RX packets 9481071 bytes 13421464035 (12.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9780773 bytes 13560949719 (12.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.7 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:0c:29:50:0f:03 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@centos7 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@centos7 ~]# ping 192.168.0.8
PING 192.168.0.8 (192.168.0.8) 56(84) bytes of data.
64 bytes from 192.168.0.8: icmp_seq=1 ttl=64 time=0.913 ms
64 bytes from 192.168.0.8: icmp_seq=2 ttl=64 time=0.288 ms
^C
--- 192.168.0.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.288/0.600/0.913/0.313 ms
[root@rocky8 ~]# route del -net 192.168.0.0/24 dev eth0
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
[root@rocky8 ~]# ping 192.168.0.7
PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.
^C
--- 192.168.0.7 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2038ms
#删除了路由表 就ping不通了
#直连网络即使你IP配置好了,路由表没有,网络也是不通的
[root@centos7 ~]# ping 192.168.0.8
PING 192.168.0.8 (192.168.0.8) 56(84) bytes of data.
^C
--- 192.168.0.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2001ms
[root@rocky8 ~]# route add -net 192.168.0.0/24 dev eth0
[root@rocky8 ~]# ping 192.168.0.7
PING 192.168.0.7 (192.168.0.7) 56(84) bytes of data.
64 bytes from 192.168.0.7: icmp_seq=1 ttl=64 time=0.413 ms
64 bytes from 192.168.0.7: icmp_seq=2 ttl=64 time=0.433 ms
^C
--- 192.168.0.7 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1052ms
rtt min/avg/max/mdev = 0.413/0.423/0.433/0.010 ms
#添加了路由表就能ping通了
网关: 网络关口,为了连接两个不同的网络
路由器
TCP/IP 协议网关 IPX/SPX
[root@rocky8 ~]# cat /proc/sys/net/ipv4/ip_forward
0
#要路由转发就要开启这个功能
#添加一块网卡
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1797sec preferred_lft 1797sec
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.31.0.2 0.0.0.0 UG 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 101 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@rocky8 ~]# route del -net 172.31.0.0/21 dev eth1
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.31.0.2 0.0.0.0 UG 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@rocky8 ~]# route del default dev eth1
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@rocky8 ~]# ifconfig eth1 192.168.1.123/24
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 192.168.1.123/24 brd 192.168.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#因为用ifconfig临时设置IP,没有写到配置文件,所有路由表没有自动添加
[root@rocky8 ~]# route add -net 192.168.1.0/24 dev eth1
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
范例:实现静态路由
环境:
四台主机:
A主机:eth0 NAT模式
R1主机:eth0 NAT模式,eth1 仅主机模式
R2主机:eth0 仅主机模式,eth1 桥接模式
B主机:eth0 桥接模式
#配置A主机
[root@centos7 ~]# hostnamectl set-hostname host-a
[root@host-a ~]# yum -y install net-tools tcpdump traceroute mtr
[root@host-a network-scripts]# cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.31.0.7
PREFIX=21
GATEWAY=172.31.0.200
DNS1=223.5.5.5
DNS2=180.76.76.76
[root@host-a network-scripts]# nmcli conn reload
[root@host-a network-scripts]# nmcli conn up eth0
[root@host-a network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.200 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
#配置R1
[root@rocky8 ~]# hostnamectl set-hostname r1
[root@r1 ~]# yum -y install net-tools tcpdump traceroute mtr
[root@r1 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.31.0.200
PREFIX=21
[root@r1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@r1 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.200
PREFIX=21
[root@r1 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 8f66d694-494f-31db-99a6-97673f8ece0b ethernet eth1
[root@r1 network-scripts]# nmcli connection reload
[root@r1 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 8f66d694-494f-31db-99a6-97673f8ece0b ethernet eth1
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet --
[root@r1 network-scripts]# nmcli connection delete Wired\ connection\ 1
Connection 'Wired connection 1' (8f66d694-494f-31db-99a6-97673f8ece0b) successfully deleted.
[root@r1 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet eth1
[root@r1 network-scripts]# nmcli connection up eth0
[root@r1 network-scripts]# nmcli connection up eth1
[root@r1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.0.200/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 10.0.0.200/21 brd 10.0.7.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6adb/64 scope link
valid_lft forever preferred_lft forever
[root@r1 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 103 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 104 0 0 eth0
[root@r1 network-scripts]# route add -net 192.168.1.0/24 gw 10.0.0.201
[root@r1 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 103 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 104 0 0 eth0
192.168.1.0 10.0.0.201 255.255.255.0 UG 0 0 0 eth1
#配置R2
[root@centos8-2 ~]# hostnamectl set-hostname r2
[root@r2 ~]# yum -y install net-tools tcpdump traceroute mtr
[root@r2 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.201
PREFIX=21
[root@r2 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@r2 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.200
PREFIX=24
[root@r2 network-scripts]# nmcli connection reload
[root@r2 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 d5249a12-ea14-30f9-aa91-205a1f8ebd8d ethernet eth1
eth1 9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04 ethernet --
[root@r2 network-scripts]# nmcli connection delete Wired\ connection\ 1
[root@r1 network-scripts]# nmcli connection up eth0
[root@r1 network-scripts]# nmcli connection up eth1
[root@r2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 102 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 103 0 0 eth1
[root@r2 ~]# ip route add 172.31.0.0/21 via 10.0.0.200
[root@r2 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 102 0 0 eth0
172.31.0.0 10.0.0.200 255.255.248.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 103 0 0 eth1
#配置B主机
root@ubuntu1804:~# hostnamectl set-hostname host-b
root@host-b:/etc/netplan# cat 01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses: [192.168.1.100/24]
gateway4: 192.168.1.200
nameservers:
addresses: [223.5.5.5, 180.76.76.76]
root@host-b:/etc/netplan# netplan apply
root@host-b:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.200 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@host-a ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
^C
--- 192.168.1.100 ping statistics ---
36 packets transmitted, 0 received, 100% packet loss, time 35030ms
#现在还ping 不通
[root@host-a ~]# ping 10.0.0.200
PING 10.0.0.200 (10.0.0.200) 56(84) bytes of data.
64 bytes from 10.0.0.200: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 10.0.0.200: icmp_seq=2 ttl=64 time=0.539 ms
64 bytes from 10.0.0.200: icmp_seq=3 ttl=64 time=0.428 ms
64 bytes from 10.0.0.200: icmp_seq=4 ttl=64 time=0.434 ms
64 bytes from 10.0.0.200: icmp_seq=5 ttl=64 time=0.412 ms
^C
--- 10.0.0.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.308/0.424/0.539/0.074 ms
[root@host-a ~]# ping 10.0.0.201
PING 10.0.0.201 (10.0.0.201) 56(84) bytes of data.
^C
--- 10.0.0.201 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7000ms
#r2 ping不通
[root@host-a ~]# ping 10.0.0.200
[root@r1 ~]# tcpdump -i eth0 icmp -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
00:17:49.641416 IP 172.31.0.7 > 10.0.0.201: ICMP echo request, id 1282, seq 182, length 64
00:17:50.642047 IP 172.31.0.7 > 10.0.0.201: ICMP echo request, id 1282, seq 183, length 64
00:17:51.642328 IP 172.31.0.7 > 10.0.0.201: ICMP echo request, id 1282, seq 184, length 64
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
#能收到包
[root@r1 ~]# tcpdump -i eth1 icmp -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
#包出不去
#配置内核路由转发
[root@r1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@r1 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@r1 ~]# tcpdump -i eth1 icmp -nn
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
00:22:12.694490 IP 172.31.0.7 > 10.0.0.201: ICMP echo request, id 1282, seq 445, length 64
00:22:12.694910 IP 10.0.0.201 > 172.31.0.7: ICMP echo reply, id 1282, seq 445, length 64
00:22:13.695466 IP 172.31.0.7 > 10.0.0.201: ICMP echo request, id 1282, seq 446, length 64
00:22:13.695855 IP 10.0.0.201 > 172.31.0.7: ICMP echo reply, id 1282, seq 446, length 64
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
#现在包可以出去了
[root@host-a ~]# ping 10.0.0.201
PING 10.0.0.201 (10.0.0.201) 56(84) bytes of data.
64 bytes from 10.0.0.201: icmp_seq=423 ttl=63 time=0.765 ms
64 bytes from 10.0.0.201: icmp_seq=424 ttl=63 time=0.627 ms
64 bytes from 10.0.0.201: icmp_seq=425 ttl=63 time=0.835 ms
64 bytes from 10.0.0.201: icmp_seq=426 ttl=63 time=0.463 ms
#可以ping 通 r2
[root@host-a ~]# traceroute -n 10.0.0.201
traceroute to 10.0.0.201 (10.0.0.201), 30 hops max, 60 byte packets
1 172.31.0.200 0.500 ms 0.413 ms 0.406 ms
2 10.0.0.201 0.854 ms 0.858 ms 0.864 ms
[root@host-a ~]# mtr -n 10.0.0.201
My traceroute [v0.85]
host-a (0.0.0.0) Thu Oct 28 00:30:36 2021
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 172.31.0.200 0.0% 5 0.4 0.4 0.3 0.5 0.0
[root@r2 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@r2 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@r2 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@r2 ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@host-a ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=62 time=1.20 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=62 time=1.04 ms
^C
--- 192.168.1.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.046/1.123/1.201/0.084 ms
#现在A机器就能访问B机器
[root@host-a ~]# mtr -n 192.168.1.100
My traceroute [v0.85]
host-a (0.0.0.0) Thu Oct 28 00:33:42 2021
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 172.31.0.200 0.0% 5 0.6 0.4 0.4 0.6 0.0
2. 10.0.0.201 0.0% 4 0.9 0.8 0.7 0.9 0.0
3. 192.168.1.100 0.0% 4 0.8 1.1 0.8 1.3 0.0
[root@host-a ~]# tracepath -n 192.168.1.100
1?: [LOCALHOST] pmtu 1500
1: 172.31.0.200 0.434ms
1: 172.31.0.200 0.742ms
2: 10.0.0.201 0.745ms
3: 192.168.1.100 0.788ms reached
Resume: pmtu 1500 hops 3 back 3
[root@r1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 103 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 104 0 0 eth0
192.168.1.0 10.0.0.201 255.255.255.0 UG 0 0 0 eth1
[root@r1 ~]# ip route
10.0.0.0/21 dev eth1 proto kernel scope link src 10.0.0.200 metric 103
172.31.0.0/21 dev eth0 proto kernel scope link src 172.31.0.200 metric 104
192.168.1.0/24 via 10.0.0.201 dev eth1
[root@r1 ~]# ip route del 192.168.1.0/24 via 10.0.0.201 dev eth1
[root@r1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.248.0 U 103 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 104 0 0 eth0
[root@host-a ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
From 172.31.0.200 icmp_seq=1 Destination Net Unreachable
From 172.31.0.200 icmp_seq=2 Destination Net Unreachable
From 172.31.0.200 icmp_seq=3 Destination Net Unreachable
#删了路由就ping 不通
[root@r1 ~]# route add default gw 10.0.0.201 #加默认路由
[root@r1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.201 0.0.0.0 UG 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.248.0 U 103 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 104 0 0 eth0
[root@host-a ~]# ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=62 time=1.30 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=62 time=1.34 ms
^C
--- 192.168.1.100 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.303/1.326/1.349/0.023 ms
#现在可以ping通B机器
4.3.4 配置动态路由
通过守护进程获取动态路由,安装quagga包,通过命令vtysh配置
支持多种路由协议:
RIP:Routing Information Protocol,路由信息协议
OSPF:Open Shortest Path First,开放式最短路径优先
BGP:Border Gateway Protocol,边界网关协议
RIP、OSPF和BGP
4.3.5 netstat命令
来自于net-tools包,建议使用 ss 代替
显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
常用选项
-t: tcp协议相关
-u: udp协议相关
-w: raw socket相关
-l: 处于监听状态
-a: 所有状态
-n: 以数字显示IP和端口
-e:扩展格式
-p: 显示相关进程及PID
常用组合:
-tan, -uan, -tnl, -unl
显示路由表:
netstat {--route|-r} [--numeric|-n]
-r: 显示内核路由表
-n: 数字格式
范例:
[root@rocky8 ~]# netstat -ntu #n 数字化显示 t tcp协议 u udp 协议,查看TCP和UDP连接状态
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 172.31.1.8:22 172.31.0.1:62923 ESTABLISHED
udp 0 0 172.31.7.6:68 172.31.7.254:67 ESTABLISHED
#udp 的 67和68 就是 dhcp
[root@rocky8 ~]# netstat -ntul #l 查看建立监听状态
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
[root@rocky8 ~]# netstat -ntua #a 建立监听状态和连接状态都查看
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 52 172.31.1.8:22 172.31.0.1:62923 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 172.31.7.6:68 172.31.7.254:67 ESTABLISHED
[root@rocky8 ~]# netstat -ntuap #查看哪个端口哪个程序在使用
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 777/sshd
tcp 0 52 172.31.1.8:22 172.31.0.1:62923 ESTABLISHED 1289/sshd: root [pr
tcp6 0 0 :::22 :::* LISTEN 777/sshd
udp 0 0 172.31.7.6:68 172.31.7.254:67 ESTABLISHED 727/NetworkManager
[root@rocky8 ~]# ss -ntuap
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp ESTAB 0 0 172.31.7.6%eth1:68 172.31.7.254:67 users:(("NetworkManager",pid=727,fd=27))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=777,fd=4))
tcp ESTAB 0 52 172.31.1.8:22 172.31.0.1:62923 users:(("sshd",pid=1301,fd=5),("sshd",pid=1289,fd=5))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=777,fd=6))
4.3.6 显示接口统计数据
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--program|-p] [--numeric|-n]
netstat -i
netstat –I=IFACE
ifconfig -s IFACE
范例:
[root@rocky8 ~]# netstat -Ieth0
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 22342 0 0 0 1978 0 0 0 BMRU
[root@rocky8 ~]# ifconfig -s eth0
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 22348 0 0 0 1985 0 0 0 BMRU
[root@rocky8 ~]# netstat -nt
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 52 172.31.1.8:22 172.31.0.1:60004 ESTABLISHED
4.3.7 ip命令
来自于iproute包,可用于代替ifconfig
4.3.7.1 配置Linux网络属性
ip [ OPTIONS ] OBJECT { COMMAND | help }
ip 命令说明:
OBJECT := { link | addr | route }
ip link - network device configuration
set dev IFACE,可设置属性:up and down:激活或禁用指定接口,相当于 ifup/ifdown
show [dev IFACE] [up]::指定接口 ,up 仅显示处于激活状态的接口
ip 地址管理
ip addr { add | del } IFADDR dev STRING [label LABEL] [scope {global|link|host}] [broadcast ADDRESS]
[label LABEL]:添加地址时指明网卡别名
[scope {global|link|host}]:指明作用域,global: 全局可用.link: 仅链接可用,host: 本机可用
[broadcast ADDRESS]:指明广播地址
ip address show
ip addr flush
范例:
#禁用网卡
ip link set eth1 down
#网卡改名
ip link set eth1 name wangnet
#启用网卡
ip link set wangnet up
#网卡别名
ip addr add 172.16.100.100/16 dev eth0 label eth0:0
ip addr del 172.16.100.100/16 dev eth0 label eth0:0
#清除网络地址
ip addr flush dev eth0
范例:
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 192.168.1.123/24 brd 192.168.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
[root@rocky8 ~]# ip link set eth1 down #禁用网卡
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 #已经DOWN了
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 192.168.1.123/24 brd 192.168.1.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ip link set eth1 up #启用网卡
[root@rocky8 ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
[root@rocky8 ~]# ip addr add 1.1.1.1/24 dev eth1 #添加IP
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1756sec preferred_lft 1756sec
inet 1.1.1.1/24 scope global eth1 #不加别名用ip命令可以看到IP地址
valid_lft forever preferred_lft forever
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.1.8 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::20c:29ff:fef9:6ad1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
RX packets 2714909 bytes 4043752945 (3.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2695351 bytes 4011117330 (3.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.8 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.6 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::a2d8:9d03:9680:7717 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:6a:db txqueuelen 1000 (Ethernet)
RX packets 1 bytes 346 (346.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1268 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#用ifconfig 看不到IP地址
[root@rocky8 ~]# ip addr add 2.2.2.2/24 dev eth1 label eth1:1 #label添加别名
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1653sec preferred_lft 1653sec
inet 1.1.1.1/24 scope global eth1
valid_lft forever preferred_lft forever
inet 2.2.2.2/24 scope global eth1:1
valid_lft forever preferred_lft forever
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.1.8 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::20c:29ff:fef9:6ad1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
RX packets 2714947 bytes 4043756101 (3.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2695379 bytes 4011123090 (3.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.8 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:0c:29:f9:6a:d1 txqueuelen 1000 (Ethernet)
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.7.6 netmask 255.255.248.0 broadcast 172.31.7.255
inet6 fe80::a2d8:9d03:9680:7717 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f9:6a:db txqueuelen 1000 (Ethernet)
RX packets 1 bytes 346 (346.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1330 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 2.2.2.2 netmask 255.255.255.0 broadcast 0.0.0.0
ether 00:0c:29:f9:6a:db txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#添加别名 用ifconfig可以看到IP
[root@rocky8 ~]# ip addr del 2.2.2.2/24 dev eth1 label eth1:1 #删除IP地址
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1599sec preferred_lft 1599sec
inet 1.1.1.1/24 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# ip addr flush dev eth1 #清除IP地址
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.8/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
4.3.7.2 管理路由
#添加路由:
ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:
主机路由:IP
网络路由:NETWORK/MASK
#添加网关:
ip route add default via GW dev IFACE
#删除路由:
ip route del TARGET
#显示路由:
ip route show|list
#清空路由表:
ip route flush [dev IFACE] [via PREFIX]
范例:
ip route add 192.168.0.0/24 via 172.16.0.1
ip route add 192.168.1.100 via 172.16.0.1
ip route add default via 172.16.0.1
ip route flush dev eth0
范例:
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@rocky8 ~]# ip route
default via 172.31.0.2 dev eth0 proto static metric 100
172.31.0.0/21 dev eth0 proto kernel scope link src 172.31.1.8 metric 100
192.168.0.0/24 dev eth0 scope link
[root@rocky8 ~]# ip route add 172.16.0.0/16 via 172.31.0.123 dev eth0
[root@rocky8 ~]# ip route
default via 172.31.0.2 dev eth0 proto static metric 100
172.16.0.0/16 via 172.31.0.123 dev eth0
172.31.0.0/21 dev eth0 proto kernel scope link src 172.31.1.8 metric 100
192.168.0.0/24 dev eth0 scope link
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 172.31.0.123 255.255.0.0 UG 0 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
[root@rocky8 ~]# ip route del 172.16.0.0/16 via 172.31.0.123 dev eth0 #删除路由表
[root@rocky8 ~]# ip route
default via 172.31.0.2 dev eth0 proto static metric 100
172.31.0.0/21 dev eth0 proto kernel scope link src 172.31.1.8 metric 100
192.168.0.0/24 dev eth0 scope link
4.3.8 ss 命令
来自于iproute包,代替netstat,netstat 通过遍历 /proc来获取 socket信息,ss 使用 netlink与内核tcp_diag 模块通信获取 socket 信息
格式:
ss [OPTION]... [FILTER]
选项:
-t: tcp协议相关
-u: udp协议相关
-w: 裸套接字相关
-x:unix sock相关
-l: listen状态的连接
-a: 所有
-n: 数字格式
-p: 相关的程序及PID
-e: 扩展的信息
-m:内存用量
-o:计时器信息
格式说明
FILTER : [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
tcp finite state machine:
LISTEN: 监听
ESTABLISHED:已建立的连接
FIN_WAIT_1
FIN_WAIT_2
SYN_SENT
SYN_RECV
CLOSED
EXPRESSION:
dport =
sport =
常用组合:
-tan, -tanl, -tanlp, -uan
范例:常见用法
#显示本地打开的所有端口
ss -l
#显示每个进程具体打开的socket
ss -pl
#显示所有tcp socket
ss -t -a
#显示所有的UDP Socekt
ss -u -a
#显示所有已建立的ssh连接
ss -o state established '( dport = :ssh or sport = :ssh )'
#显示所有已建立的HTTP连接
ss -o state established '( dport = :http or sport = :http )'
[root@rocky8 ~]# ss -no state established '( dport = :22 or sport = :22 )'
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp 0 52 172.31.1.8:22 172.31.0.1:60004 timer:(on,241ms,0)
#列出当前socket详细信息
ss -s
4.4 网络配置文件
4.4.1 网络基本配置文件
IP、MASK、GW、DNS相关的配置文件:
/etc/sysconfig/network-scripts/ifcfg-IFACE
说明参考:
/usr/share/doc/initcripts-*/sysconfig.txt
常用配置
| 设置 | 说明 |
|---|---|
| TYPE | 接口类型;常见有的Ethernet, Bridge |
| NAME | 此配置文件应用到的设备 |
| DEVICE | 设备名 |
| HWADDR | 对应的设备的MAC地址 |
| UUID | 设备的惟一标识 |
| BOOTPROTO: | 激活此设备时使用的地址配置协议,常用的dhcp, static, none, bootp |
| IPADDR | 指明IP地址 |
| NETMASK | 子网掩码,如:255.255.255.0 |
| PREFIX | 网络ID的位数, 如:24 |
| GATEWAY | 默认网关 |
| DNS1 | 第一个DNS服务器地址 |
| DNS2 | 第二个DNS服务器地址 |
| DOMAIN | 主机不完整时,自动搜索的域名后缀 |
| ONBOOT | 在系统引导时是否激活此设备 |
| USERCTL | 普通用户是否可控制此设备 |
| PEERDNS | 如果BOOTPROTO的值为“dhcp”,YES将允许dhcp server分配的dns服务器信息直接覆盖至/etc/resolv.conf文件,NO不允许修改resolv.conf |
| NM_CONTROLLED | NM是NetworkManager的简写,此网卡是否接受NM控制 |
范例:
#DHCP
[root@rocky8 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=dhcp
ONBOOT=yes
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up eth0
#静态IP
[root@rocky8 network-scripts]# cat ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
ONBOOT=yes
IPADDR=172.31.1.8
PREFIX=21
GATEWAY=172.31.0.2
DNS1=223.5.5.5
DNS2=180.76.76.76
[root@rocky8 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1
ONBOOT=yes
IPADDR=172.31.1.18
PREFIX=21
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up eth0
[root@rocky8 network-scripts]# nmcli connection up eth1
4.4.2 配置当前主机的主机名
#centos6 之前版本
/etc/sysconfig/network
HOSTNAME=
#centos7 以后版
/etc/hostname
HOSTNAME
4.4.3 本地主机名数据库和IP地址的映射
优先于使用DNS前检查
getent hosts 查看/etc/hosts 内容
/etc/hosts
4.4.4 DNS域名解析
/etc/resolv.conf
nameserver DNS_SERVER_IP1
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3
search DOMAIN
常见公共DNS
180.76.76.76 百度
223.5.5.5 阿里
223.6.6.6 阿里
119.29.29.29 腾讯
119.28.28.28 腾讯
114.114.114.114 电信
114.114.115.115 电信
1.2.4.8 CNNIC
210.2.4.8 CNNIC
240c::6666 CNNIC
240c::6644 CNNIC
80.80.80.80 Freenom World
80.80.81.81 Freenom World
8.8.8.8 Google
8.8.4.4 Google
1.1.1.1 Cloudflare
117.50.11.11 OneDNS
117.50.22.22 OneDNS
52.80.66.66 OneDNS
117.50.10.10 OneDNS
52.80.52.52 OneDNS
4.4.5 修改 /etc/hosts和DNS的优先级
/etc/nsswitch.conf
hosts: files dns
4.4.6 路由相关的配置文件
/etc/sysconfig/network-scripts/route-IFACE
两种风格:
(1) TARGET via GW
如:10.0.0.0/8 via 172.16.0.1
(2) 每三行定义一条路由
ADDRESS#=TARGET
NETMASK#=mask
GATEWAY#=GW
范例:
[root@rocky8 network-scripts]# vim route-eth0
192.168.1.0/24 via 172.31.7.254
192.168.2.0/24 via 172.31.7.253
[root@rocky8 network-scripts]# route add -net 192.168.1.0/24 gw 172.31.7.254 dev eth0
#相当于这条命令
[root@rocky8 network-scripts]# reboot
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
#添加一个eth1网卡
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1797sec preferred_lft 1797sec
inet6 fe80::e16f:79c3:ebaa:601a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# ls
ifcfg-eth0 route-eth0
[root@rocky8 network-scripts]# cp route-eth0 route-eth1
[root@rocky8 network-scripts]# vim route-eth1
192.168.3.0/24 via 172.31.7.3
192.168.4.0/24 via 172.31.7.4
[root@rocky8 network-scripts]# reboot
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.31.0.2 0.0.0.0 UG 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 101 0 0 eth1
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
#没有eth1路由表
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1755sec preferred_lft 1755sec
inet6 fe80::e16f:79c3:ebaa:601a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#eth0和eth1同一个网段
[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# ls
ifcfg-eth0 route-eth0 route-eth1
[root@rocky8 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@rocky8 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=eth1
ONBOOT=yes
IPADDR=172.16.0.8
PREFIX=24
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.16.0.8/24 brd 172.16.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6adb/64 scope link
valid_lft forever preferred_lft forever
[root@rocky8 network-scripts]# vim route-eth1
192.168.3.0/24 via 172.16.0.1
192.168.4.0/24 via 172.16.0.2
[root@rocky8 network-scripts]# reboot
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
192.168.3.0 172.16.0.1 255.255.255.0 UG 101 0 0 eth1
192.168.4.0 172.16.0.2 255.255.255.0 UG 101 0 0 eth1
#现在就有了eth1的路由表
[root@rocky8 ~]# route add -net 1.1.1.0/24 gw 2.2.2.2
SIOCADDRT: Network is unreachable
#这样不行,因为要当网关,必须和你的网络在同一个网段,不在同一网段不行
[root@rocky8 ~]# route add -net 1.1.1.0/24 gw 192.168.1.1
SIOCADDRT: Network is unreachable
[root@rocky8 ~]# route add -net 1.1.1.0/24 gw 172.31.1.123
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
1.1.1.0 172.31.1.123 255.255.255.0 UG 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
192.168.3.0 172.16.0.1 255.255.255.0 UG 101 0 0 eth1
192.168.4.0 172.16.0.2 255.255.255.0 UG 101 0 0 eth1
#要加只能加同一网段的
[root@rocky8 ~]# route add -net 1.1.1.0/24 gw 192.168.1.1
SIOCADDRT: Network is unreachable
[root@rocky8 ~]# route add -net 2.2.2.0/24 gw 192.168.1.1
SIOCADDRT: Network is unreachable
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
1.1.1.0 172.31.1.123 255.255.255.0 UG 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
192.168.3.0 172.16.0.1 255.255.255.0 UG 101 0 0 eth1
192.168.4.0 172.16.0.2 255.255.255.0 UG 101 0 0 eth1
[root@rocky8 ~]# route add -host 192.168.1.1 dev eth0
[root@rocky8 ~]# route add -net 2.2.2.0/24 gw 192.168.1.1
[root@rocky8 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
1.1.1.0 172.31.1.123 255.255.255.0 UG 0 0 0 eth0
2.2.2.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
192.168.1.0 172.31.7.254 255.255.255.0 UG 100 0 0 eth0
192.168.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 172.31.7.253 255.255.255.0 UG 100 0 0 eth0
192.168.3.0 172.16.0.1 255.255.255.0 UG 101 0 0 eth1
192.168.4.0 172.16.0.2 255.255.255.0 UG 101 0 0 eth1
#要先添加一个到达192.168.1.1的主机,才能添加
4.5 网卡别名
将多个IP地址绑定到一个NIC上
每个IP绑定到独立逻辑网卡,即网络别名,命名格式: ethX:Y,如:eth0:1 、eth0:2、eth0:3
范例:ifconfig命令
ifconfig eth0:0 192.168.1.100/24 up
ifconfig eth0:0 down
范例:ip 命令
ip addr add 172.16.1.1/16 dev eth0
ip addr add 172.16.1.2/16 dev eth0 label eth0:0
ip addr del 172.16.1.2/16 dev eth0 label eth0:0
ip addr flush dev eth0 label eth0:0
为每个设备别名生成独立的接口配置文件,格式为:ifcfg-ethX:xxx
范例:
[root@rocky8 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1
IPADDR=172.31.1.100
PREFIX=8
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1764sec preferred_lft 1764sec
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
注意:
-
建议 CentOS 6 关闭 NetworkManager 服务
-
网卡别名必须使用静态地址
范例:
[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# ls
ifcfg-eth0 ifcfg-eth0:1
[root@rocky8 network-scripts]# vim /etc/default/grub
GRUB_CMDLINE_LINUX="crashkernel=auto resume=UUID=4f387202-0a81-4202-9e12-90d04af4d308 rhgb quiet net.ifnames=0 biosdevname=0"
#在这行GRUB_CMDLINE_LINUX= 最后添加 net.ifnames=0,如果是dell服务器,再加上biosdevname=0
[root@rocky8 network-scripts]# grub2 mkconfig -o /etc/grub2.cfg
[root@rocky8 network-scripts]# reboot
[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# ls
ifcfg-eth0 ifcfg-eth0:1
[root@rocky8 network-scripts]# vim ifcfg-xxx
[root@rocky8 network-scripts]# cat ifcfg-xxx
DEVICE=eth1
NAME=con-eth1
BOOTPROTO=none
IPADDR=172.16.0.8
PREFIX=16
GATEWAY=172.16.0.254
DNS1=180.76.76.76
DNS2=223.5.5.5
[root@rocky8 network-scripts]# systemctl restart NetworkManager
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1798sec preferred_lft 1798sec
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#在centos7 上添加一个网卡
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.0.7/24 brd 192.168.0.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe50:f03/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:0f:0d brd ff:ff:ff:ff:ff:ff
inet 172.31.7.7/21 brd 172.31.7.255 scope global noprefixroute dynamic eth1
valid_lft 1798sec preferred_lft 1798sec
inet6 fe80::3041:9fc9:ac33:a4e6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@centos7 ~]# cdnet
[root@centos7 network-scripts]# ls
ifcfg-eth0 ifdown-eth ifdown-post ifdown-Team ifup-aliases ifup-ipv6 ifup-post ifup-Team init.ipv6-global
ifcfg-lo ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-isdn ifup-ppp ifup-TeamPort network-functions
ifdown ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
ifdown-bnep ifdown-isdn ifdown-sit ifup ifup-ippp ifup-plusb ifup-sit ifup-wireless
[root@centos7 network-scripts]# vim ifcfg-eth1
[root@centos7 network-scripts]# cat ifcfg-eth1
NAME=eth1
DEVICE=eth1
BOOTPROTO=static
IPADDR=172.16.0.7
PREFIC=16
GATEWAY=172.16.0.254
DNS1=223.5.5.5
[root@centos7 network-scripts]# systemctl restart network
[root@centos7 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:50:0f:0d brd ff:ff:ff:ff:ff:ff
inet 172.16.0.7/16 brd 172.16.255.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe50:f0d/64 scope link
valid_lft forever preferred_lft forever
[root@centos7 network-scripts]# systemctl disable --now NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@centos6 ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: Determining if ip address 172.31.0.6 is already in use for device eth0...
[ OK ]
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
valid_lft 1539sec preferred_lft 1539sec
inet6 fe80::a2d8:9d03:9680:7717/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@rocky8 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.31.0.2 0.0.0.0 UG 101 0 0 eth1
172.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
172.31.0.0 0.0.0.0 255.255.248.0 U 101 0 0 eth1
[root@rocky8 network-scripts]# cat /etc/resolv.conf #查看DNS
# Generated by NetworkManager
search localdomain
nameserver 223.5.5.5
nameserver 180.76.76.76
nameserver 172.31.0.2
[root@rocky8 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
Wired connection 1 8f66d694-494f-31db-99a6-97673f8ece0b ethernet eth1
con-eth1 a078d608-526b-f5ed-ca54-5ff3b8105fe7 ethernet --
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up con-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6ad1/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
inet 172.16.0.8/16 brd 172.16.255.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:6adb/64 scope link
valid_lft forever preferred_lft forever
[root@rocky8 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.16.0.254 0.0.0.0 UG 101 0 0 eth1
172.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0
[root@rocky8 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=con-eth1
BOOTPROTO=none
IPADDR=172.16.0.8
PREFIX=16
[root@rocky8 network-scripts]# nmcli connection
NAME UUID TYPE DEVICE
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 ethernet eth0
con-eth1 a078d608-526b-f5ed-ca54-5ff3b8105fe7 ethernet eth1
Wired connection 1 8f66d694-494f-31db-99a6-97673f8ece0b ethernet --
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up con-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@rocky8 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.31.0.2 0.0.0.0 UG 100 0 0 eth0
0.0.0.0 172.16.0.254 0.0.0.0 UG 101 0 0 eth1
172.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 101 0 0 eth1
172.31.0.0 0.0.0.0 255.255.248.0 U 100 0 0 eth0