Linux网络基础、Linux防火墙-白红宇

Linux网络基础、Linux防火墙

阅读量：6699 次

发布时间：2019-06-25

本文共 6229 字，大约阅读时间需要 20 分钟。

Linux网络基础

ip addr 命令：查看网口信息

ifconfig命令：查看网口信息，要比ip addr更明了一些 centos 7默认没安装ifconfig命令，可以使用yum install -y net-tools命令来安装。

ifconfig -a查看所有的网口信息，包括down掉的网口。

ifdown 网卡：禁用该网卡

ifup 网卡：启用该网卡 ifdown/ifup命令适用于单独重启一块网卡使用。当所有网卡和网络服务都需要重启时，使用 systemctl restart network.service 命令。 ip addr / ifconfig：

[root@localhost ~]# ip addr1: lo: 
    
      mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo       valid_lft forever preferred_lft forever    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eno16777736: 
     
       mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 00:0c:29:ca:10:bb brd ff:ff:ff:ff:ff:ff    inet 192.168.254.130/24 brd 192.168.254.255 scope global eno16777736       valid_lft forever preferred_lft forever    inet6 fe80::20c:29ff:feca:10bb/64 scope link        valid_lft forever preferred_lft forever[root@localhost ~]# ifconfigeno16777736: flags=4163
      
         mtu 1500        inet 192.168.254.130  netmask 255.255.255.0  broadcast 192.168.254.255        inet6 fe80::20c:29ff:feca:10bb  prefixlen 64  scopeid 0x20
               ether 00:0c:29:ca:10:bb  txqueuelen 1000  (Ethernet)        RX packets 4876  bytes 323068 (315.4 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 386  bytes 31740 (30.9 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73
       
          mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
        
                 loop  txqueuelen 0  (Local Loopback)        RX packets 0  bytes 0 (0.0 B)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 0  bytes 0 (0.0 B)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

重启一块网卡，ifdown 网卡 && ifup 网卡

[root@localhost ~]# ifdown eno16777736 && ifup  eno16777736Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)

重启整个网络服务 systemctl restart network.service

设置虚拟网卡并添加ip

cp ifcfg-em1 ifcfg-em1:\0

vim ifcfg-em1:0

HWADDR=00:0C:29:CA:10:BBTYPE=EthernetBOOTPROTO=staticDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=em1:0             改名字UUID=8fa73c35-53a7-432b-a659-752a2930ee49ONBOOT=yesIPADDR=192.168.254.150        该ipNETMASK=255.255.255.0

查看网口状态

-mii -tool 可以查看网口是否连接网线 -ethtool 可以查看网口信息

[root@localhost network-scripts]# mii-tool eno16777736eno16777736: negotiated 1000baseT-FD flow-control, link ok[root@localhost network-scripts]# ethtool eno16777736Settings for eno16777736:	Supported ports: [ TP ]	Supported link modes:   10baseT/Half 10baseT/Full 	                        100baseT/Half 100baseT/Full 	                        1000baseT/Full 	Supported pause frame use: No	Supports auto-negotiation: Yes	Advertised link modes:  10baseT/Half 10baseT/Full 	                        100baseT/Half 100baseT/Full 	                        1000baseT/Full 	Advertised pause frame use: No	Advertised auto-negotiation: Yes	Speed: 1000Mb/s	Duplex: Full	Port: Twisted Pair	PHYAD: 0	Transceiver: internal	Auto-negotiation: on	MDI-X: off (auto)	Supports Wake-on: d	Wake-on: d	Current message level: 0x00000007 (7)			       drv probe link	Link detected: yes

更改主机名命令

hostname:查看主机名

hostnamectl set-hostname name 更改主机名

主机名配置文件为/etc/hostname

[root@localhost ~]# hostnamelocalhost.localdomain[root@localhost ~]# hostnamectl set-hostname llll[root@localhost ~]# hostnamellll[root@localhost ~]# cat /etc/hostnamellll

dns配置文件 /etc/resolv.conf

etc/hosts 为静态域名解析配置文件，仅本机生效

Linux防火墙 netfilter firewalld

centos 7之前用的防火墙是netfilter 之后的防火墙是firewalld ，centos 7一样可以运行netfilter。步骤如下：

systemctl disable firewalld 开机不启动firewalld

systemctl stop firewalld 关掉firewalld

yum install -y iptables-services 安装netfilter

systemctl enble iptables

systemctl start iptables 运行netfilter、

[root@localhost ~]# systemctl disable firewalldrm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'rm '/etc/systemd/system/basic.target.wants/firewalld.service'[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# yum install -y iptables-services[root@localhost ~]# systemctl enable iptablesln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'[root@localhost ~]# systemctl start iptables

iptables -nvL 查看默认规则

[root@localhost ~]# systemctl enable iptablesln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'[root@localhost ~]# systemctl start iptables[root@localhost ~]# iptables -nvLChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination            29  2044 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0               0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0               0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22  161 17185 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target     prot opt in     out     source               destination             0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT 58 packets, 7996 bytes) pkts bytes target     prot opt in     out     source               destination

iptables 有五个表，filter nat mangle raw security 常用的表示filter 和nat iptables 的规则保存在 /etc/sysconfig/iptables 中