====== CentOS7 網路相關整理 ======
可先透過 https://wiki.centos.org/zh-tw/FAQ/CentOS7 來了解 CentOS7 和之前版本的一些差異

===== 沒有 ifconfig 命令問題 =====
<code sh>
yum install net-tools
</code>
++++ 安裝紀錄|<file>
[root@centos7-tmp ~]# yum install net-tools
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
extras                                                   | 3.4 kB     00:00
updates                                                  | 3.4 kB     00:00
(1/4): base/7/x86_64/group_gz                              | 155 kB   00:00
(2/4): extras/7/x86_64/primary_db                          | 166 kB   00:00
(3/4): updates/7/x86_64/primary_db                         | 9.1 MB   00:01
(4/4): base/7/x86_64/primary_db                            | 5.3 MB   00:02
Determining fastest mirrors
 * base: ftp.yzu.edu.tw
 * extras: ftp.yzu.edu.tw
 * updates: ftp.yzu.edu.tw
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch         Version                          Repository  Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.17.20131004git.el7         base       304 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 304 k
Installed size: 917 k
Is this ok [y/d/N]: y
Downloading packages:
警告：/var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: 表頭 V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.17.20131004git.el7.x86_64.rpm is not installed
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm              | 304 kB   00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.17.20131004git.el7.x86_64                    1/1
  Verifying  : net-tools-2.0-0.17.20131004git.el7.x86_64                    1/1

Installed:
  net-tools.x86_64 0:2.0-0.17.20131004git.el7

Complete!
</file>++++
++++ 執行紀錄 |<file>
[root@centos7-tmp ~]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.104  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::5054:ff:fe70:9a7d  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:70:9a:7d  txqueuelen 1000  (Ethernet)
        RX packets 12252  bytes 16348084 (15.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7298  bytes 570168 (556.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:fb:86:e8  txqueuelen 1000  (Ethernet)
        RX packets 49  bytes 3016 (2.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

</file>++++
  * 參考網址 - http://www.centoscn.com/CentosBug/osbug/2014/0916/3750.html
  * https://wiki.centos.org/zh-tw/FAQ/CentOS7

===== FirewallD (取代 iptables) =====
  * 取得 zome <code sh>firewall-cmd --get-default-zone</code>
  * 查看目前開放的服務 <code sh>firewall-cmd --zone=iredmail --list-services</code>
  * 新增臨時開放的服務 <code sh>firewall-cmd --zone=iredmail --add-service=mysql</code>
  * 查看永久開放的服務 <code sh>firewall-cmd --zone=iredmail --permanent --list-services</code>
  * 新增永久開放的服務 <code sh>firewall-cmd --zone=iredmail --permanent --add-service=snmp</code>
<note>
  * 如果是直接修改 /etc/firewalld/services/ 或 /etc/firewalld/zones/ 裡面的設定檔 
    * Exp. /etc/firewalld/services/smtps.xml 與 /etc/firewalld/zones/iredmail.xml
  * 更改後可以透過 <code sh>
firewall-cmd --complete-reload
</code>讓設定生效
</note>

  * 啟用與關閉 firewalld <cli>
[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
FirewallD is not running
[root@jonathan-vm1 ~]# systemctl start firewalld
[root@jonathan-vm1 ~]# systemctl enable firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
public
[root@jonathan-vm1 ~]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@jonathan-vm1 ~]# systemctl stop firewalld
[root@jonathan-vm1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@jonathan-vm1 ~]# systemctl list-unit-files | grep firewalld
firewalld.service                                                disabled
</cli>

===== netstat 的替代語法 ss =====
  * 看 listen port :<code sh>ss -l -n</code>Exp. 看 SMTP 25 port<cli>
# ss -l -n | grep 25
tcp    LISTEN     0      100       *:25                    *:*
tcp    LISTEN     0      100      :::25                   :::*
</cli>
  * 看 TCP 連線 :<code sh>ss -t -n</code> Exp. 看 IMAP port 143 連線<cli>
# ss -t -n | grep 143
ESTAB      0      0      192.168.0.236:143                60.248.245.172:56450
ESTAB      0      0      192.168.0.236:143                192.168.0.2:51137
ESTAB      0      0      192.168.0.236:143                192.168.0.254:14983
ESTAB      0      0      192.168.0.236:143                192.168.0.254:14902
:
ESTAB      0      0      192.168.0.236:143                60.248.245.172:62832
</cli>

===== 修改 IP 設定 =====
  * Exp 修改 eth0 IP 為 192.168.1.28
    - <code h vi /etc/sysconfig/network-scripts/ifcfg-eth0 >
:
BOOTPROTO=static
IPADDR=192.168.1.28
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
:
DNS1=192.168.1.254
DNS2=101.101.101.101
</code>
    - <code sh>systemctl restart network.service</code>

===== 查看現在的 IP 與 route =====
  * <code sh>
ip a
ip route list
</code>

===== 修改 DNS 設定 =====
  * 直接改 /etc/resolv.conf 一段時間就會被 NetworkManager 更改消失, 必須改使用 nmcli 來設定
  * Exp. 要設定網卡 eth0 的 DNS 為 192.168.11.242 與 168.95.192.1 <code sh>
nmcli con mod eth0 ipv4.dns "192.168.11.242 168.95.192.1"
nmcli con up eth0
</code>

===== 關閉 IPv6 的方式 =====
  * 因為很多服務會認來源 IP (Exp. Mail Server), 因此避免來源 IP 變成 IPv6 造成問題, 因此有需要關閉
  * 在  /etc/sysctl.conf 內增加以下兩行<file>
:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
</file>
  * 下命令生效 <code sh>
sysctl -p
</code>
  * 最好重開機

===== 參考網址 =====
  * [[https://www.phpini.com/linux/rhel-centos-7-setup-static-ip|RHEL / CentOS 7 設定網路固定 IP]]
  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7|How To Set Up a Firewall Using FirewallD on CentOS 7]]
  * https://www.phpini.com/linux/rhel-centos-7-change-dns-server
  * [[https://shazi.info/%E5%9C%A8-centos-7-%E4%B8%AD%E6%89%80%E4%B8%8D%E8%A6%8B%E7%9A%84%E5%91%BD%E4%BB%A4-round-1%EF%BC%9A-ifconfig%E3%80%81route%E3%80%81netstat%E3%80%81traceroute/|在-centos-7-中所不見的命令-round-1：-ifconfig、route、netstat、traceroute/]]
  * https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/

{{tag>centos7 network}}