1、网卡IP
使用ifconfig和ip add命令查看网卡IP。
[root@server01~]#ifconfig##查看网卡IP,如果不支持,需要安装net-tools ens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500 inet192.168.137.100netmask255.255.255.0broadcast192.168.137.255 inet6fe80::c1d7:5856:9856:2bb8prefixlen64scopeid0x20<link> ether00:0c:29:0c:4d:a8txqueuelen1000(Ethernet) RXpackets34093bytes19129820(18.2MiB) RXerrors0dropped0overruns0frame0 TXpackets2629771bytes3934887034(3.6GiB) TXerrors0dropped0overruns0carrier0collisions0 lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536 inet127.0.0.1netmask255.0.0.0 inet6::1prefixlen128scopeid0x10<host> looptxqueuelen1(LocalLoopback) RXpackets76bytes6204(6.0KiB) RXerrors0dropped0overruns0frame0 TXpackets76bytes6204(6.0KiB) TXerrors0dropped0overruns0carrier0collisions0 [root@server01~]#ifconfig-a##查看所有网卡IP ens33:flags=4163<UP,MULTICAST>mtu1500 inet192.168.137.100netmask255.255.255.0broadcast192.168.137.255 inet6fe80::c1d7:5856:9856:2bb8prefixlen64scopeid0x20<link> ether00:0c:29:0c:4d:a8txqueuelen1000(Ethernet) RXpackets34104bytes19130770(18.2MiB) RXerrors0dropped0overruns0frame0 TXpackets2629778bytes3934888746(3.6GiB) TXerrors0dropped0overruns0carrier0collisions0 lo:flags=73<UP,RUNNING>mtu65536 inet127.0.0.1netmask255.0.0.0 inet6::1prefixlen128scopeid0x10<host> looptxqueuelen1(LocalLoopback) RXpackets76bytes6204(6.0KiB) RXerrors0dropped0overruns0frame0 TXpackets76bytes6204(6.0KiB) TXerrors0dropped0overruns0carrier0collisions0 [root@server01~]#ipadd 1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1 link/loopback00:00:00:00:00:00brd00:00:00:00:00:00 inet127.0.0.1/8scopehostlo valid_lftforeverpreferred_lftforever inet6::1/128scopehost valid_lftforeverpreferred_lftforever 2:ens33:<BROADCAST,MULTICAST,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000 link/ether00:0c:29:0c:4d:a8brdff:ff:ff:ff:ff:ff inet192.168.137.100/24brd192.168.137.255scopeglobalens33 valid_lftforeverpreferred_lftforever inet6fe80::c1d7:5856:9856:2bb8/64scopelink valid_lftforeverpreferred_lftforever
如果要附加一个地址,可以设定虚拟网卡ens33:1。然后使用ifdown ens33/ifup ens33命令重新启动网卡,使配置生效。
[root@server01~]#mii-toolens33##查看网卡连接状态 ens33:negotiated1000baseT-FDflow-control,linkok [root@server01~]#ethtoolens33##查看网卡连接状态 Settingsforens33: Supportedports:[TP] Supportedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Supportedpauseframeuse:No Supportsauto-negotiation:Yes Advertisedlinkmodes:10baseT/Half10baseT/Full 100baseT/Half100baseT/Full 1000baseT/Full Advertisedpauseframeuse:No Advertisedauto-negotiation:Yes Speed:1000Mb/s Duplex:Full Port:TwistedPair PHYAD:0 Transceiver:internal Auto-negotiation:on MDI-X:off(auto) SupportsWake-on:d Wake-on:d Currentmessagelevel:0x00000007(7) drvprobelink Linkdetected:yes##该行“yes”表示网卡连接正常
2、DNS
[root@server01~]#hostnamectlset-hostnamejuispan##更改主机名 [root@server01~]#bash [root@juispan~]# [root@server01~]#cat/etc/resolv.conf##DNS的配置文件 #GeneratedbyNetworkManager nameserver114.114.114.114##使用nameserver定义DNS,可以写多个DNS [root@server01~]# [root@server01~]#cat/etc/hosts##本地hosts文件,IP和域名映射 127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4 ::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6 ##一个IP能对应多个域名,一个域名对应一个IP; ##域名对应IP,以最后的映射为准。
3、防火墙
[root@server01~]#setenforce0##临时关闭selinux [root@server01~]#getenforce##查看selinux状态 Permissive [root@server01~]#cat/etc/selinux/config##selinux配置文件 #ThisfilecontrolsthestateofSELinuxonthesystem. #SELINUX=cantakeoneofthesethreevalues: #enforcing-SELinuxsecuritypolicyisenforced. #permissive-SELinuxprintswarningsinsteadofenforcing. #disabled-NoSELinuxpolicyisloaded. SELINUX=enforcing##改成disabled可以永久关闭 #SELINUXTYPE=cantakeoneofthreetwovalues: #targeted-Targetedprocessesareprotected,#minimum-Modificationoftargetedpolicy.Onlyselectedprocessesareprotected. #mls-MultiLevelSecurityprotection. SELINUXTYPE=targeted
在CentOS 7之前使用netfilter防火墙;CentOS 7开始使用firewalld防火墙。CentOS 7默认采用的是firewalld管理netfilter子系统,底层调用的仍然是iptables命令。不同的防火墙软件相互间存在冲突,使用某个时应禁用其他的。
�关闭firewalld开启netfilter:
[root@server01~]#systemctlstopfirewalld [root@server01~]#systemctldisablefirewalld Removedsymlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removedsymlink/etc/systemd/system/basic.target.wants/firewalld.service. [root@server01~]#yuminstall-yiptables-services ...... 已安装: iptables-services.x86_640:1.4.21-17.el7 完毕! [root@server01~]#systemctlenableiptables Createdsymlinkfrom/etc/systemd/system/basic.target.wants/iptables.serviceto/usr/lib/systemd/system/iptables.service. [root@server01~]#systemctlstartiptables
4、Netfilter
�Netfilter有5张表:
filter: Thisisthedefaulttable(ifno-toptionispassed).Itcontainsthebuilt-inchainsINPUT(forpacketsdestinedtolocalsockets),FORWARD(forpacketsbeingroutedthroughthebox),andOUTPUT(forlocally-generatedpackets). ##filter表用于过滤包,是最常用的表,有INPUT、FORWARD、OUTPUT三个链。 nat: Thistableisconsultedwhenapacketthatcreatesanewconnectionisencountered.Itconsistsofthreebuilt-ins:PREROUTING(foralteringpacketsassoonastheycomein),OUTPUT(foralteringlocally-generatedpacketsbeforerouting),andPOSTROUTING(foralteringpacketsastheyareabouttogoout).IPv6NATsupportisavailablesincekernel3.7. ##nat表用于网络地址转换,有PREROUTING、OUTPUT、POSTROUTING三个链。 mangle: Thistableisusedforspecializedpacketalteration.Untilkernel2.4.17ithadtwobuilt-inchains:PREROUTING(foralteringincomingpacketsbeforerouting)andOUTPUT(foralteringlocally-generatedpacketsbeforerouting).Sincekernel2.4.18,threeotherbuilt-inchainsarealsosupported:INPUT(forpacketscomingintotheboxitself),FORWARD(foralteringpacketsbeingroutedthroughthebox),andPOSTROUTING(foralteringpacketsastheyareabouttogoout). ##managle表用于给数据包做标记,几乎用不到。 raw: ThistableisusedmainlyforconfiguringexemptionsfromconnectiontrackingincombinationwiththeNOTRACKtarget.Itregistersatthenet�\filterhookswithhigherpriorityandisthuscalledbeforeip_conntrack,oranyotherIPtables.Itprovidesthefollowingbuilt-inchains:PREROUTING(forpacketsarrivingviaanynetworkinterface)OUTPUT(forpacketsgeneratedbylocalprocesses) ##raw表可以实现不追踪某些数据包,几乎用不到。 security: ThistableisusedforMandatoryAccessControl(MAC)networkingrules,suchasthoseenabledbytheSECMARKandCONNSECMARKtargets.MandatoryAccessControlisimplementedbyLinuxSecurityModulessuchasSELinux.Thesecuritytableiscalledafterthefiltertable,allowinganyDis�\cretionaryAccessControl(DAC)rulesinthefiltertabletotakeeffectbeforeMACrules.Thistableprovidesthefollowingbuilt-inchains:INPUT(forpacketscomingintotheboxitself),andFORWARD(foralteringpacketsbeingroutedthroughthebox). ##security表在CentOS6中并没有,用于强制访问控制(MAC)的网络规则,几乎用不到。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。