Shulou(Shulou.com)06/01 Report--

Today, the editor brings you an article that summarizes all the network management commands of Linux. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

Ip command

Configure Linux network properties: ip command, but the operation of this command is only temporary, and the configuration is lost after restart

Ip-show / manipulate routing, devices, policy routing and tunnels

Ip [OPTIONS] OBJECT {COMMAND | help}

OBJECT: = {link | addr | route}

Example:

Ip link-network device configuration

Set dev IFACE

Properties can be set:

Up and down: activates or disables the specified interface

Ifup/ifdown

Show [dev IFACE]: specify an interface

[up]: only interfaces that are active are displayed

Example 1: displays the status of all interfaces

Example 2: close the eth2 port, then display the status of the eth2 interface, and then show the interface whose other state is up

Ip addr {add | del | change} IFADDR dev STRING

[label LABEL]: indicates the alias of the network card when adding an address

[scope {global | link | host}]: indicates the scope

Global: globally available

Link: only links are available

Host: available locally

[broadcast ADDRESS]: indicates the broadcast address

Ip address show-look at protocol addresses

[dev DEVICE]

[label PATTERN]

[primary and secondary]

Ip address flush-use the same format as show

Ip addr add 172.16.0.100/16 dev eth3 label eth3

Ip addr del 172.16.0.100/16 dev eth3 label eth3

Ip addr flush dev eth3 label eth3

Example 1: add an ip using the ip addr command

Example 2: change the ip address of eth3

Example 3: delete ip information for eth3

Example 4: this command is not saved in the configuration file, but is temporarily stored in memory. Please note when using it.

Ip route-routing table management

Add Route: ip route add

Ip route add TARGET via GW dev IFACE srcSOURCE_IP

TARGET:

Host routing: IP

Network routing: NETWORK/MASK

Ip route add 192.168.0.0/24 via 172.16.0.1

Ip route add 192.168.1.13 via 172.16.0.1

Add Gateway: ip route add default via GW dev IFACE

Ip route add default via 172.16.0.1

Delete route: ip route delete

Ip route del TARGET

Show route: ip route show | list

Clear the routing table: ip route flush [dev IFACE] [via PREFIX]

Ip route flush dev eth0

Example 1: add a route to 172.16.0.0and16

Example 2: add a gateway

Example 3: delete the default gateway route

Example 4: delete all related routes

Netstat command:

Show web links

Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships 、

Common options:

-t: related to tcp protocol

-u: related to udp protocol

-w: raw socket related

-l: in monitoring state

-a: all statu

-n: display IP and port in numbers

-e: extended format

-p: displays related processes and PID

Common combinations:

-tan.-uan.-tnl.-unl,-rn,tnlp.

Display the routing table:

Netstat {--route |-r} [--numeric |-n]

-r: displays the kernel routing table

-n: numeric format

Display interface statistics:

Netstat {--interfaces |-I |-I} [iface] [--all |-a] [--extend |-e] [--program |-p] [--numeric |-n]

# netstat-I

# netstat-IIFACE

Example 1: view the status of all tcp protocols

Example 2: view the protocol status of all udp

Example 3: view all tcp protocols that are being monitored

Example 4: view all udp protocols that are being monitored

Example 5: view the status of all tcp and udp protocols and process numbers

Ss command

Format: ss [option]. [FILTER]

Netstat traverses proc to get socket information, and ss uses netlink to communicate with kernel tcp_diag modules to obtain socket information.

Options:

-t: related to tcp protocol

-u: related to udp protocol

-w: bare socket related

-x:unixsock related

-l: connection with listen statu

-a: all

-n: numeric format

-p: related programs and PID

-e: extended information

-m: memory usage

-o: timer information

FILTER: = [state TCP-STATE] [EXPRESSION]

Common status of TCP:

Tcpfinite state machine:

LISTEN: monitoring

ESTABLISHED: established connection

FIN_WAIT_1

FIN_WAIT_2

SYN_SENT

SYN_RECV

CLOSED

EXPRESSION:

Dport=

Sport =

Example:'(dport=: sshor sport =: ssh)'

Common combinations:

-tan.-tanl.-tanlp.-uan,tunl.

Examples of common usage:

Ss-l displays all ports opened locally

Ss-pl displays the specific socket opened by each process

Ss-t-a shows all tcp socket

Ss-u-a shows all UDP Socekt

Ss-o state established'(dport =: ssh or sport =: ssh) 'shows all established SSH connections

Ss-s lists the current socket details:

Ss-o state established'(dport =: smtp or sport =: smtp) 'shows all established SMTP connections

Ss-o state established'(dport =: http or sport =: http) 'shows all established HTTP connections ss-x src / tmp/.X11-unix/* to find all processes connected to the X server

Nmcli command (note that this command only applies to the CentOS 7 version, the 6 version of this command does not work)

Address configuration tool: nmcli

Nmcli [OPTIONS] OBJECT {COMMAND | help}

Device-show and manage network interfaces

Nmcli device help

Connection-start, stop, and manage network connections

Nmcli connection help

Modify attributes such as IP address:

Nmcli connection modify IFACE [+ | -] setting.property value

Setting.property:

Ipv4.addressesipv4.gateway

Ipv4.dns1 ipv4.methodmanual | dhcp

Modification of configuration file takes effect: systemctl restart network

Nmcli con reload

The nmcli command takes effect: nmcli con down eth0; nmcli con up eth0

Example 1: add a network card and set its IP address

Added a new network card, the system automatically recognized as eth2, the name of the network card Wired connetion 1, where the role is NetworkManager, otherwise a new network card should not have a name.

Here I clean up the information in the image above and check the status of the interface at this time.

Add network card information, set the network card to manual setting, configure ip address, gateway, dns, boot automatically, here will generate configuration file

After configuration, ip has been up and the service has not even been restarted. And it's no problem to test connectivity.

Example 2: bind a new configuration file home and ip address, but we found that there is no interface bound to the file here.

Using nmcli device status here, you can see that the interface eht1 is already working, but this command cannot see which configuration file the interface is bound to. We find that ip is still the previous ip.

Use the command of nmcli con up home to enable the interface here, and then we find that the eth2 interface is using the home configuration file at this time, so that the interface can be switched over.

You can also use nmcli con down + conf files to switch

If you need to change the above configuration file, edit it manually, and then enter the nmcli con reload command to re-import the configuration file. For example, edit the ip address and NAME of the network card

After editing, the configuration file will not take effect immediately. We can reload the configuration file with the command of nmcli con reload and find that the NAME property of the network card has taken effect, but the ip has not changed.

Restart the network service here, ip has been up.

Related tools

Network interface configuration tui tool: nmtui (nmcli graphical tool, personal is recommended to use commands, not demonstrated here)

Configure the network using nmcli

NeworkManager is a daemon for managing and monitoring network settings

The device is the network interface, and the connection is the configuration of the network interface. A network interface can have multiple connection configurations, but only one connection configuration takes effect at the same time.

Show all including inactive connections

Nmclicon show

Show all active connections

Nmclicon show-active

Show network connection configuration

Nmclicon show "home"

Display device statu

Nmcli dev status

Show network interface properties

Nmclidev show eno16777736 (the name of the network card of CentOS7)

Create a new connection home,IP is automatically obtained through dhcp

Nmclicon add con-name home type Ethernet ifname eth2

Delete connection

Nmclicon del home

Create a new connection eth2, specify a static IP, and do not connect automatically

Nmcticon add con-name static ifname eth2 autoconnect no type Ethernet ip4 10.1.156.71/16 gw4 10.1.0.1

Enable home connection configuration

Nmcli con up home

Enable eth2 connection configuration

Nmclicon up eth2

View help

Nmclicon add help

Modify connection settings

Nmcli con mod "eth2" connection.autoconnect no

Nmcli con mod "eth2" ipv4.dns 10.1.0.1

Nmcli con mod "eth2" + ipv4.dns 8.8.8.8

Nmcli con mod "eth2"-ipv4.dns 8.8.8.8

Nmcli con mod "eth2" ipv4.addresses "172.16.0.100 172.16.0.1"

Nmcli con mod "eth2" + ipv4.addresses 10.10.10.10 lap 16

The device configuration is saved in a text file

/ etc/sysconfig/network-scripts/ifcfg-

The help documentation provides a complete list of options: / usr/share/doc/initcripts-*/sysconfig.txt

After you modify the connection configuration, you need to reload the configuration

Nmcli con reload

Nmcli con down "system eth0" can be activated automatically

Nmcli con up "system eth0"

Nmcli dev dis eth0 disables the network card, and access is automatically activated.

Example 2: bind a new configuration file home and ip address, but we found that there is no interface bound to the file here.

Using nmcli device status here, you can see that the interface eht1 is already working, but this command cannot see which configuration file the interface is bound to. We find that ip is still the previous ip.

Use the command of nmcli con up home to enable the interface here, and then we find that the eth2 interface is using the home configuration file at this time, so that the interface can be switched over.

You can also use nmcli con down + conf files to switch

If you need to change the above configuration file, edit it manually, and then enter the nmcli con reload command to re-import the configuration file. For example, edit the ip address and NAME of the network card

After editing, the configuration file will not take effect immediately. We can reload the configuration file with the command of nmcli con reload and find that the NAME property of the network card has taken effect, but the ip has not changed.

Restart the network service here, ip has been up.

Delete the profile for home

Modify the network card boot automatic link to no

Nmcli con mod "work" connection.autoconnect no

Set DNS address

Nmcli con mod "work" ipv4.dns 10.1.0.1

Add a set of DNS addresses

Nmcli con mod "work" + ipv4.dns 8.8.8.8

Delete the dns of 8.8.8.8

Nmcli con mod "work"-ipv4.dns 8.8.8.8

Modify ip to another address

Nmcli con mod "work" ipv4.addresses "172.16.0.100 Compact 24 ipv4.gateway 172.16.0.1"

Add an ip address

Nmcli con mod "work" + ipv4.addresses 10.1.156.71

Note: the above modifications will not take effect immediately. To take effect, you need to restart the network card service systemctl restart network.

Graphical tool (this tool can only be started under the graphical interface)

Nm-connection-editor

Netgroup Network Teaming (also applicable to CentOS 7 only)

Netgroup: is a method of aggregating multiple network cards together to achieve redundancy and improve throughput

Netgroups are different from the old bonding technology and provide better performance and scalability.

Netgroups are implemented by kernel drivers and teamd daemons.

Multiple ways of runner

Broadcast broadcast

Roundrobin cycle

Activebackup backup

Loadbalance load balancing

Lacp Interface aggregation (implements the 802.3ad Link Aggregation Control Protocol)

Network group

Starting the netgroup interface does not automatically start the port interface in the netgroup

Starting the port interface in the netgroup interface does not automatically start the netgroup interface

Disabling the netgroup interface automatically disables the port interface in the netgroup

A netgroup interface without a port interface can start a static IP connection

When DHCP connections are enabled, network groups without port interfaces wait for port interfaces to join

Create a netgroup interface

Nmclicon add type team con-name CNAME ifname INAME [config JSON]

CNAME is the connection name, and INAME is the interface name.

JSON specifies the runner mode

Format:'{"runner": {"name": "METHOD"}'

METHOD can be broadcast,roundrobin,activebackup,loadbalance,lacp.

Create a netgroup interface instance

First create a netgroup interface named team0 with backup mode

Nmcli con add type team con-name team0 ifname team0

Config'{"runner": {"name": "activebackup"}'

Configure the interface with information such as ip address

Nmcli con mod team0 ipv4.addresses 10.1.156.156/16

Nmcli con mod team0 ipv4.method manual

Create a port interface

Nmcli con add type team-slave con-name CNAME ifname INAME master TEAM

CNAME connection name, INAME network interface name, TEAM network group interface name.

If the connection name is not specified, it defaults to team-slave-IFACE.

Nmcli device disconnect INAME shuts down the specified real interface

Nmcli connection up CNAME specifies the interface up of the profile

INAME device name CNAME netgroup interface name or port interface

Netgroup instance

Nmcli con add type team-slave ifname eth0 master team0

Nmcli con add type team-slave ifname eth2 master team0 con-name team0-eth2

Nmcli con up team0 enables team0 interface

Nmcli dev dis eth0 shuts down the original interface

Teamdctl team0 state

Complete example: create a netgroup

First create a netgroup interface named team0 with backup mode

Nmcli con add type team con-name team0 ifname team0

Config'{"runner": {"name": "activebackup"}'

Configure the interface with information such as ip address

Nmcli con mod team0 ipv4.addresses 10.1.156.156/16

Nmcli con mod team0 ipv4.method manual

Create a port interface

Nmcli con add type team-slave con-name team0-eth0 ifname eth0 master team0

Nmcli con add type team-slave con-name team0-eth2 ifname eth2 master team0

Enable the team0 interface, but you can see that the configuration file for port's interface is not yet in effect

There are two ways to make the port interface work

The first is to shut down the original interface directly.

The second: direct nmcli connection up to specify the port interface profile, which is used here

You can see that the interface is up.

At this point, you can use the command of teamdctl team0 state to check the status of the network group interface and find that the interface is up.

At this time, the primary port is eth2

First of all, test the ping team0 port to see the connectivity, and find that it is connected.

Disconnect eth2 at this time, and then query the teamdctl team0 state command

You can see that eth2 has been disconnected, and eth0 is used at this time.

Relink eth2, disconnect eth0, and then query the teamdctl team0 state command

You can see that eth0 has been disconnected, and eth2 is used at this time.

Finally, relink eth0, and then query the teamdctl team0 state command

You can see that eth0 has been linked, and eth2 is used at this time, and the experiment is finished.

Write at the end: due to the relationship of the virtual machine, there is a problem with the effect of this command, so the later test will not take a screenshot, but only save a screenshot of the interface status.

If you need to test the interface, you can also use watch-N1 'netstat-Ieth0' and watch-N1' netstat-Ieth2' to check the traffic status of the interface at the same time. You can find that only the active port interface will have traffic, and when the actice port interface is disconnected and switched to another interface, the other interface will have traffic.

Eth0 is used at this time. If you can compare the two diagrams, you can find that only the traffic of eth0 interface has changed.

The receive RX and send TX traffic changes of the eth0 interface are closed here

Configure the hostname using nmcli

Hostname profile before rhel6: / etc/sysconfig/network

Rhel7.0 hostname configuration file: / etc/hostname, which is not available by default. The hostname is obtained by DNS reverse parsing. The hostname defaults to localhost.localdomain

Display hostname information

Hostname

Hostnamectl status

Create and modify files and take effect

Hostnamectlset-hostname desktopX.example.com

Delete files and restore hostname localhost.localdomain

DNS settings, stored in / etc/resolv.conf file

PEERDNS=no means that when IP is automatically obtained through dhcp, dns is still set manually and not automatically. Is equivalent to the following command:

Nmclicon mod "system eth0" ipv4.ignore-auto-dns yes

Example: set hostname

Check the status of the computer name at this time, which is centos.localdomain

Change a host name, and you can see that it will take effect immediately, which is still much more convenient than that on CentOS6.

Test network commands

Test network connectivity on the command line

Show hostname

Hostname

Test network connectivity

Ping

Mtr

Display the correct routing table

Ip route

Make sure the name server uses:

Nslookup

Host

Dig

Trace rout

Traceroute

Tracepath

Network client tools

Lftp, ftp, lftpget, wget

Lftp [- p port] [- u user [, password]] SERVER

Subcommand:

Get 、 mget 、 ls 、 help

Lftp

Put single file upload

Get single file download, can be completed, ftp can not

Mget can download multiple things, or support completion and wildcards.

Mput multiple uploads

Ftp FTP

If you need to log in anonymously, you can use anonymous or ftp. The password is empty or either.

The directory displayed by pwd in ftp

Lcd displays the current location of the machine

Lcd PATH: switch to another download directory

What you download in ftp will be downloaded to the directory of lcd by default.

Get file name: download the file directive. If the file name has a space, you need to put "" double quotation marks before and after the file name.

Cd changes directories

Passive switches the working mode of ftp, which defaults to active mode. When communicating, port 20 is used to transfer files and 21 to receive files.

Use a large port number when in passive mode.

Help lists all commands in ftp, non-local

Quit exit

Ftp and lftp are both interactive

In ftp, you need to operate locally, you can add an exclamation mark before the command! , such as! Pwd, the function is the same as in ftp, enter lcd

Ftp supports wildcards

Ftp and lftp are both interactive and cannot be uninstalled in scripts.

Files under lftpget URL, and support multi-point continuation, multi-thread download

Wget can download ftp resources and http resources

Wget [option]... [URL]...

Rename NAME_A TO NAME_B

-Q: silent mode

-c: resume transmission from breakpoint

-O: save location

-- limit-rates=: specifies the transfer rate

Links connection, can be used as a browser

Links url [option]

-- dump crawls the website text ex. Links a.com > a.txt

-- source crawls the website source code

The curl URL looks directly at the source code

-I view all kinds of information on the website

The above is the summary of Linux network management commands, the content is more comprehensive, the editor believes that there may be some knowledge points that we may see or use in our daily work. I hope you can learn more from this article.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.