10.11 Linux网络相关
10.12 firewalld和netfilter
10.13 netfilter5表5链介绍
10.14 iptables语法
扩展(selinux了解即可)
selinux教程http://os.51cto.com/art/201209/355490.htm
selinux pdf电子书http://pan.baidu.com/s/1jGGdExK
10.11 linux网络相关
650) this.width=650;" src="http://oqxf7c508.bkt.clouddn.com/blog/20170903/154512124.png?imageslim" alt="mark" style="border-style:none;background-color:rgb(255,255,255);" />-ifconfig 命令在centos7 是没有的,需要安装yum install -y net-tools
[root@aminglinux-01~]#ifconfigens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet192.168.202.130netmask255.255.255.0broadcast192.168.202.255inet6fe80::a152:bbdf:8b2b:db9bprefixlen64scopeid0x20<link>ether00:0c:29:55:37:78txqueuelen1000(Ethernet)RXpackets172224bytes32478560(30.9MiB)RXerrors0dropped0overruns0frame0TXpackets395278bytes108140051(103.1MiB)TXerrors0dropped0overruns0carrier0collisions0lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen1(LocalLoopback)RXpackets80bytes6544(6.3KiB)RXerrors0dropped0overruns0frame0TXpackets80bytes6544(6.3KiB)TXerrors0dropped0overruns0carrier0collisions0[root@aminglinux-01~]#-ifconfig-a当你的网卡down掉的时候或者是没有ip的时候,它是不显示的,加上-a就可以查看到ifdownens33把网卡停用关闭ifupens33把网卡启用启动[root@aminglinux-01~]#ifdownens33down了以后远程工具xshell断开了,只能去虚拟机上ifupens33[root@aminglinux-01~]#ifdownens33;ifupens33^C-不能在本网卡设备上直接ifdownens33这样会导致你在这个远程工具断开,可以使用这个ifdownens33&&ifupens33[root@aminglinux-01~]#ifdownens33&&ifupens33成功断开设备‘ens33‘。成功激活的连接(D-Bus激活路径:/org/freedesktop/NetworkManager/ActiveConnection/4)[root@aminglinux-01~]#-设定一个虚拟网卡[root@aminglinux-01~]#ifconfigens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet192.168.202.130netmask255.255.255.0broadcast192.168.202.255inet6fe80::a152:bbdf:8b2b:db9bprefixlen64scopeid0x20<link>ether00:0c:29:55:37:78txqueuelen1000(Ethernet)RXpackets172432bytes32499550(30.9MiB)RXerrors0dropped0overruns0frame0TXpackets395469bytes108164570(103.1MiB)TXerrors0dropped0overruns0carrier0collisions0lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen1(LocalLoopback)RXpackets96bytes7904(7.7KiB)RXerrors0dropped0overruns0frame0TXpackets96bytes7904(7.7KiB)TXerrors0dropped0overruns0carrier0collisions0[root@aminglinux-01~]#cd/etc/sysconfig/network-scripts[root@aminglinux-01network-scripts]#lsifcfg-ens33ifdown-isdnifupifup-plipifup-tunnelifcfg-loifdown-postifup-aliasesifup-plusbifup-wirelessifdownifdown-pppifup-bnepifup-postinit.ipv6-globalifdown-bnepifdown-routesifup-ethifup-pppnetwork-functionsifdown-ethifdown-sitifup-ibifup-routesnetwork-functions-ipv6ifdown-ibifdown-Teamifup-ipppifup-sitifdown-ipppifdown-TeamPortifup-ipv6ifup-Teamifdown-ipv6ifdown-tunnelifup-isdnifup-TeamPort[root@aminglinux-01network-scripts]#cpifcfg-ens33ifcfg-ens33\:0[root@aminglinux-01network-scripts]#vi!$viifcfg-ens33\:0TYPE=EthernetBOOTPROTO=staticDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33:0UUID=8b9a8b20-15a0-45d1-a8db-10ab1d99842dDEVICE=ens33:0ONBOOT=yesIPADDR=192.168.202.150NETMASK=255.255.255.0~~~:wq[root@aminglinux-01network-scripts]#viifcfg-ens33\:0-这个时候再来看下[root@aminglinux-01network-scripts]#ifdownens33&&ifupens33成功断开设备‘ens33‘。成功激活的连接(D-Bus激活路径:/org/freedesktop/NetworkManager/ActiveConnection/5)[root@aminglinux-01network-scripts]#ifconfigens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet192.168.202.130netmask255.255.255.0broadcast192.168.202.255inet6fe80::a152:bbdf:8b2b:db9bprefixlen64scopeid0x20<link>ether00:0c:29:55:37:78txqueuelen1000(Ethernet)RXpackets172862bytes32538182(31.0MiB)RXerrors0dropped0overruns0frame0TXpackets395770bytes108203344(103.1MiB)TXerrors0dropped0overruns0carrier0collisions0ens33:0:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet192.168.202.150netmask255.255.255.0broadcast192.168.202.255ether00:0c:29:55:37:78txqueuelen1000(Ethernet)lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536inet127.0.0.1netmask255.0.0.0inet6::1prefixlen128scopeid0x10<host>looptxqueuelen1(LocalLoopback)RXpackets104bytes8584(8.3KiB)RXerrors0dropped0overruns0frame0TXpackets104bytes8584(8.3KiB)TXerrors0dropped0overruns0carrier0collisions0[root@aminglinux-01network-scripts]#-用windows也可以ping下试下能不能ping通
[object Object]
-查看网卡是否连接网线 mii-tool ens33 或者 ethtool ens33
[root@aminglinux-01network-scripts]#cd[root@aminglinux-01~]#mii-toolens33ens33:negotiated1000baseT-FDflow-control,linkok[root@aminglinux-01~]#ethtoolens33Settingsforens33:Supportedports:[TP]Supportedlinkmodes:10baseT/Half10baseT/Full100baseT/Half100baseT/Full1000baseT/FullSupportedpauseframeuse:NoSupportsauto-negotiation:YesAdvertisedlinkmodes:10baseT/Half10baseT/Full100baseT/Half100baseT/Full1000baseT/FullAdvertisedpauseframeuse:NoAdvertisedauto-negotiation:YesSpeed:1000Mb/sDuplex:FullPort:TwistedPairPHYAD:0Transceiver:internalAuto-negotiation:onMDI-X:off(auto)SupportsWake-on:dWake-on:dCurrentmessagelevel:0x00000007(7)drvprobelinkLinkdetected:yes[root@aminglinux-01~]#更改主机名[root@aminglinux-01~]#hostnamectlset-hostnameaminglinux-001[root@aminglinux-01~]#hostnameaminglinux-001[root@aminglinux-01~]#bash[root@aminglinux-001~]#exitexit[root@aminglinux-01~]#cat/etc/hostnameaminglinux-001[root@aminglinux-01~]#-DNS配置文件/etc/resolv.conf,临时更改dns也可以vim/etc/resolv.conf更改后,网卡重启后还会覆盖,临时更改没有问题,[root@aminglinux-01~]#cat/etc/resolv.conf#GeneratedbyNetworkManagernameserver119.29.29.29nameserver8.8.8.8[root@aminglinux-01~]#vim/etc/resolv.conf#GeneratedbyNetworkManagernameserver119.29.29.29nameserver8.8.8.8~~~~~~~~~~"/etc/resolv.conf"3L,73C/etc/hosts文件[root@aminglinux-01~]#cat/etc/hosts127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6[root@aminglinux-01~]#pingwww.qq123.comPINGwww.qq123.com(202.91.250.93)56(84)bytesofdata.64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=1ttl=128time=8.66ms64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=2ttl=128time=6.18ms64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=3ttl=128time=5.72ms64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=4ttl=128time=5.61ms64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=5ttl=128time=6.29ms64bytesfrom202.91.250.93(202.91.250.93):icmp_seq=6ttl=128time=5.85ms^C---www.qq123.compingstatistics---6packetstransmitted,6received,0%packetloss,time5010msrttmin/avg/max/mdev=5.616/6.388/8.662/1.046ms[root@aminglinux-01~]#[root@aminglinux-01~]#vim/etc/hosts127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.169.202.150www.qq123.comwww.13.comwww.aming.com~~~~~~~~~:wq[root@aminglinux-01~]#cat/etc/hosts127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.169.202.150www.qq123.comwww.13.comwww.aming.com[root@aminglinux-01~]#vim/etc/hosts[root@aminglinux-01~]#pingwww.qq123.comPINGwww.qq123.com(192.169.202.150)56(84)bytesofdata.64bytesfromwww.qq123.com(192.169.202.150):icmp_seq=1ttl=128time=318ms64bytesfromwww.qq123.com(192.169.202.150):icmp_seq=2ttl=128time=313ms64bytesfromwww.qq123.com(192.169.202.150):icmp_seq=3ttl=128time=307ms^C---www.qq123.compingstatistics---3packetstransmitted,3received,0%packetloss,time2001msrttmin/avg/max/mdev=307.321/313.110/318.216/4.497ms[root@aminglinux-01~]#-给一个ip设置多个域名,前面后面都有它以后面一个ip为主[root@aminglinux-01~]#vim/etc/hosts127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6192.169.202.150www.qq123.comwww.13.comwww.aming.com127.0.0.1www.13.com~