Linux网络属性配置—iproute命令家族

N24_ViCi Linux干货
ip命令:
show / manipulate routing, devices, policy routing and tunnels
ip [ OPTIONS ] OBJECT { COMMAND | help }
OBJECT := { link | addr | route | netns  }
ip  OBJECT:
ip link: network device configuration
         ip  link  show  – display device attributes
  1. ]# ip link show
  2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
  3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  4. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  5.     link/ether 00:0c:29:ae:e4:d8 brd ff:ff:ff:ff:ff:ff
  6. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  7.     link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip  link  set – change device attributes
dev NAME (default):指明要管理的设备,dev关键字可省略;
up和down:
multicast on或multicast off:启用或禁用多播功能;
name NAME:重命名接口
mtu NUMBER:设置MTU的大小,默认为1500;
netns PID:ns为namespace,用于将接口移动到指定的网络名称空间;
  1. ]# ip link set eth1 down
  2. ]# ip link show eth1
  3. 3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
  4.     link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
  5. ]# ip link set eth1 multicast off 
]# ip link show eth1
3: eth1: <BROADCAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff

  1. ]# ip link set eth1 name exxx
  2. ]# ip link show
  3. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
  4.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  5. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  6.     link/ether 00:0c:29:ae:e4:d8 brd ff:ff:ff:ff:ff:ff
  7. 3: exxx: <BROADCAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
  8.     link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
  1. ]# ip link set eth1 mtu 2000
  2. ]# ip link show eth1
  3. 3: eth1: <BROADCAST> mtu 2000 qdisc pfifo_fast state DOWN qlen 1000
  4.     link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip  link  help –  显示简要使用帮助;
ip netns:  – manage network namespaces.
ip  netns  list:列出所有的netns
ip  netns  add  NAME:创建指定的netns
ip  netns  del  NAME:删除指定的netns
ip  netns   exec  NAME  COMMAND:在指定的netns中运行命令
  1. ]# ip netns list
  2. ]# ip netns add netspace
  3. ]# ip netns list
  4. netspace
ip address – protocol address management.
ip address add – add new protocol address
                ip address { add | del } IFADDR dev STRING
        ip address { show | flush } [ dev STRING ] [label PATTERN ]
ip  addr  add  IFADDR  dev  IFACE
[label NAME]:为额外添加的地址指明接口别名;
[broadcast ADDRESS]:广播地址;会根据IP和NETMASK自动计算得到;
[scope SCOPE_VALUE]:
global:全局可用;
link:接口可用;
host:仅本机可用; 
  1. ]# ip addr add 192.168.1.10/24 dev eno16777736
  2. ]# ip addr show eno16777736
  3. 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  4.     link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ff
  5.     inet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736
  6.        valid_lft forever preferred_lft forever
  7.     inet 192.168.1.10/24 scope global eno16777736
  8.        valid_lft forever preferred_lft forever
  1. ]# ip addr add 192.168.2.10/24 dev eno16777736 label eno16777736:0
  2. ]# ip addr show eno16777736
  3. 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  4.     link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ff
  5.     inet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736
  6.        valid_lft forever preferred_lft forever
  7.     inet 192.168.1.10/24 scope global eno16777736
  8.        valid_lft forever preferred_lft forever
  9.     inet 192.168.2.10/24 scope global eno16777736:0
  10.        valid_lft forever preferred_lft forever
ip address delete – delete protocol address
ip addr  delete  IFADDR  dev  IFACE 
  1. ]# ip addr del 192.168.2.10/24 dev eno16777736 
  2. ]# ip addr del 192.168.1.10/24 dev eno16777736
  3. ]# ip ad sh eno16777736
  4. 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  5.     link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ff
  6.     inet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736
  7.        valid_lft forever preferred_lft forever
ip address show – look at protocol addresses
ip  addr   list  [IFACE]:显示接口的地址;
  1. ]# ip addr show eno16777736
  2. 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  3.     link/ether 00:0c:29:60:1e:7a brd ff:ff:ff:ff:ff:ff
  4.     inet 10.0.1.20/24 brd 10.0.1.255 scope global eno16777736
  5.        valid_lft forever preferred_lft forever
  6.     inet6 fe80::20c:29ff:fe60:1e7a/64 scope link 
  7.        valid_lft forever preferred_lft forever
ip address flush – flush protocol addresses
ip  addr  flush  dev  IFACE
  1. ]# ip addr add 10.10.10.10/8 dev eth1 label eth1:0
  2. ]# ip addr add 172.16.1.100/16 dev eth1 label eth1:1
  3. ]# ip addr show eth1
  4. 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  5.     link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
  6.     inet 192.168.1.100/24 brd 192.168.1.255 scope global eth1
  7.     inet 10.10.10.10/8 scope global eth1:0
  8.     inet 172.16.1.100/16 scope global eth1:1

  10. ]# ip addr flush dev eth1
]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:ae:e4:e2 brd ff:ff:ff:ff:ff:ff
ip route – routing table management
ip route add – add new route
ip route change – change route
ip route replace – change or add new one
ip  route   add  TYPE PREFIX  via GW  [dev  IFACE]  [src SOURCE_IP]
  1. ]# ip route add 172.16.0.0/16 via 10.0.1.2 dev eth0 src 10.0.1.6
  2. ]# ip route show
  3. 10.0.1.0/24 dev eth0  proto kernel  scope link  src 10.0.1.6 
  4. 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10 
  5. 172.16.0.0/16 via 10.0.1.2 dev eth0  src 10.0.1.6 
  6. default via 10.0.1.2 dev eth0 
  1. ]# ip route add default via 10.0.1.2 dev eth0
  2. ]# ip route show
  3. 10.0.1.0/24 dev eth0  proto kernel  scope link  src 10.0.1.6 
  4. 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10 
  5. 172.16.0.0/16 via 10.0.1.2 dev eth0  src 10.0.1.6 
  6. default via 10.0.1.2 dev eth0
         ip route delete – delete route
 ip  route  del  TYPE PRIFIX 
  1. ]# ip route del 172.16.0.0/16
  2. ]# ip route del default
  3. ]# ip route show
  4. 10.0.1.0/24 dev eth0  proto kernel  scope link  src 10.0.1.6 
  5. 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.10
ip route show – list routes
TYPE PRIFIX  
ip route get – get a single route
ip  route  get  TYPE PRIFIX
  1. ]# ip route get 192.168.1.0/24
  2. broadcast 192.168.1.0 dev eth1  src 192.168.1.10 
  3.     cache <local,brd>  mtu 1500 advmss 1460 hoplimit 64
ss命令:
ss  [options]  [ FILTER ]
选项:
-t:TCP协议的相关连接
-u:UDP相关的连接
-w:raw socket相关的连接
-l:监听状态的连接
-a:所有状态的连接
-n:数字格式
-p:相关的程序及其PID
-e:扩展格式信息
-m:内存用量
-o:计时器信息
FILTER := [ state TCP-STATE ]  [ EXPRESSION ]
TCP的常见状态:
TCP FSM:
LISTEN:监听
ESTABLISEHD:建立的连接
FIN_WAIT_1:
FIN_WAIT_2:
SYN_SENT:
SYN_RECV:
CLOSED:
EXPRESSION:
dport = 
sport = 
示例:'( dport = :22 or sport = :22)’
~]# ss   -tan    ‘(  dport = :22 or sport = :22  )’
~]# ss  -tan  state  ESTABLISHED

原创文章,作者:N24_ViCi,如若转载,请注明出处:http://www.178linux.com/62526

(0)
N24_ViCiN24_ViCi
1
上一篇 2016-12-04
下一篇 2016-12-04

相关推荐

  • iptables

    规则格式:iptables   [-t table]   COMMAND   chain   [-m matchname [per-match-options]]   -j targetname [per-target-options]     -t table:&nb…

    Linux干货 2017-06-16

  • 马哥教育网络班21期+第四周博客作业

    1、复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其它用户均没有任何访问权限。 [root@C67-X64-A0 ~]# cp -a /etc/skel/ /home/tuser1 [root@C67-X64-A0 ~]# ls&nb…

    Linux干货 2016-07-29

  • Centos启动过程

    启动第一步--加载BIOS 当你打开计算机电源,计算机会首先加载BIOS信息,BIOS信息是如此的重要,以至于计算机必须在最开始就找到它。这是因为BIOS中包含了CPU的相关信息、设备启动顺序信息、硬盘信息、内存信息、时钟信息、PnP特性等等。在此之后,计算机心里就有谱了,知道应该去读取哪个硬件设备了。 启动第二步--读取MBR 众所周知,硬盘上第0磁道第一…

    Linux干货 2017-03-30

  • centos6安装docker

    使用的操作系统是是centos6.3,按照官方的推荐的配置,把linux内核升级到3.8以上。安装步骤如下: 1、升级内核版本(包含aufs) cd /etc/yum.repos.d     wget http://www.hop5.in/yum/el6/hop5.repo   …

    Linux干货 2016-05-05

  • 对防火墙的初步认识

      防火墙,就是用于实现Linux下访问控制的功能的,它分为硬件的或者软件的防火墙两种。无论是在哪个网络中,防火墙工作的地方一定是在网络的边缘。而我们的任务就是需要去定义到底防火墙如何工作,这就是防火墙的策略,规则,以达到让它对出入网络的IP、数据进行检测。    目前市面上比较常见的有3、4层的防火墙,叫网络层的防火墙,还有7…

    Linux干货 2017-06-15

  • 第三章 Linux文件系统初步

    用户界面:      可分为两种GUI和CLI         GUI(Graphical User Interface,简称 GUI,又称图形用户接口)是指采用图形方式显示的计算机操作用户界面。 GNOME(英语发音:/ɡˈnoʊm/或英语发音:/…

    Linux干货 2016-06-03

评论列表(1条)

  • 马哥教育
    马哥教育 2016-12-14 15:45

    博客完成的非常好,有图有真相,有实验结果。加油!

电话咨询
在线咨询