ifcfg、ip、ss,配置文件
一、ifcfg
1、ifconfig命令:
命令使用格式:ifonfig [INTERFACE]
#ifconfig -a :显示所有接口,包括inactive状态的接口
ifconfig interface [aftype] options | address..
#ifconfig IFACE IP/MASK [up|down]
例:# ifconfig eth0 172.16.249.236/16 up
#ifconfig IFACE IP netmask NETMASK
例:# ifconfig eth0 172.16.249.236 netmask 255.255.0.0
options:
[-]promisc 混杂模式
管理IPv6地址:
add addr/prefixlen 设置IPv6地址
del addr/prefixlen删除IPv6地址
2、route命令:路由查看及管理
路由条目类型:
主机路由:目标地址为单个IP;
默认路由:目标为任意网络,0.0.0.0/0.0.0.0
(1)查看:
# route -n
(2)添加:
route add [-net|-host] target [netmask Nm] [gw GW] [[dev] If] 示例:route add -net 10.0.0.0/8 gw 172.16.0.1 dev eth1
route add -net 0.0.0.0/0.0.0.0 gw 172.16.0.1
route add default gw 172.16.0.1 (3)删除:
route del [-net|-host] target [gw Gw] [netmask Nm] [[dev] If] 示例: route del -net 10.0.0.0/8 gw 172.16.0.1
route del default
3、netstat命令:
(1)显示路由表:netstat -rn
-r:显示内核路由表
-n:数字格式
(2)显示网络连接:
netstat [--tcp|-t] [--udp|-u] [--udplite|-U] [--sctp|-S] [--raw|-w] [--listening|-l] [--all|-a] [--numeric|-n] [--extend|-e[--extend|-e]] [--program|-p]
选项详解:
-t:TCP协议的相关连接,连接均有其状态;FSM
-u:UDP相关的连接
-w:raw socket相关的连接
-l:处于监听状态的连接
-a:所有状态
-n:以数字格式显示IP和Port;
-e:扩展格式
-p:显示相关的进程及PID;
(3)常用组合:
-tan, -uan, -tnl, -unl, -tunlp
(4)显示接口的统计数据:
netstat {--interfaces|-I|-i} [iface] [--all|-a] [--extend|-e] [--verbose|-v] [--program|-p] [--numeric|-n]
所有接口:
netstat -i
指定接口:
netstat -I<IFace>
二、ip命令
show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
BJECT := { link | addr | route | netns }
注意: OBJECT可简写,各OBJECT的子命令也可简写;
ip OBJECT:
1、ip link: network device configuration 网络设备配置
ip link set - change device attributes 修改设备属性
dev NAME (default):指明要管理的设备,dev关键字可省略;
up和down:
例:# ip link set eth0 down
multicast on或multicast off:启用或禁用多播功能;
name NAME:重命名接口
mtu NUMBER:设置MTU的大小,默认为1500;
netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
ip link show - display device attributes 显示设备属性
ip link help - 显示简要使用帮助;
ip netns: - manage network namespaces.
ip netns list:列出所有的netns
ip netns add NAME:创建指定的netns
ip netns del NAME:删除指定的netns
ip netns device netns NAME 将设备移到netns
ip netns exec NAME COMMAND:在指定的netns中运行命令
2、ip address - protocol address management.
ip address add - add new protocol address
ip addr add IFADDR dev IFACE
[label NAME]:为额外添加的地址指明接口别名;
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
global:全局可用;
link:接口可用;
host:仅本机可用;
ip address delete - delete protocol address
ip addr delete IFADDR dev IFACE ip address show - look at protocol addresses
ip addr list [IFACE]:显示接口的地址;
ip address flush - flush protocol addresses
ip addr flush dev IFACE
3、ip route add TYPE PREFIX via GW [dev IFACE] [src SOURCE_IP]
ip route - routing table management
ip route add - add new route
ip route change - change route
ip route replace - change or add new one
示例:
# ip route add 172.16.0.0/16 via 10.0.0.1 dev eth1 src 10.0.20.100
# ip route add default via GW
ip route delete - delete route
ip route del TYPE PRIFIX
示例:
# ip route delete 172.16.0.0/16
ip route show - list routes
TYPE PRIFIX
ip route flush - flush routing tables
TYPE PRIFIX
ip route get - get a single route
ip route get TYPE PRIFIX
示例:ip route get 172.16.0.0/16
三、ss命令
ss [options] [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
TCP的常见状态:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION:
dport = 目标端口
sport = 源端口
示例:'( dport = :22 or sport = :22)'
~]# ss -tan '( dport = :22 or sport = :22 )'
~]# ss -tan state ESTABLISHED
转载于:https://blog.51cto.com/liaodijin/1728725
