====== CentOS7 網路相關整理 ======
可先透過 https://wiki.centos.org/zh-tw/FAQ/CentOS7 來了解 CentOS7 和之前版本的一些差異
===== 沒有 ifconfig 命令問題 =====
yum install net-tools
++++ 安裝紀錄|
[root@centos7-tmp ~]# yum install net-tools
Loaded plugins: fastestmirror
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): base/7/x86_64/group_gz | 155 kB 00:00
(2/4): extras/7/x86_64/primary_db | 166 kB 00:00
(3/4): updates/7/x86_64/primary_db | 9.1 MB 00:01
(4/4): base/7/x86_64/primary_db | 5.3 MB 00:02
Determining fastest mirrors
* base: ftp.yzu.edu.tw
* extras: ftp.yzu.edu.tw
* updates: ftp.yzu.edu.tw
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
net-tools x86_64 2.0-0.17.20131004git.el7 base 304 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 304 k
Installed size: 917 k
Is this ok [y/d/N]: y
Downloading packages:
警告:/var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: 表頭 V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.17.20131004git.el7.x86_64.rpm is not installed
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm | 304 kB 00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) "
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Verifying : net-tools-2.0-0.17.20131004git.el7.x86_64 1/1
Installed:
net-tools.x86_64 0:2.0-0.17.20131004git.el7
Complete!
++++
++++ 執行紀錄 |
[root@centos7-tmp ~]# ifconfig
ens3: flags=4163 mtu 1500
inet 192.168.0.104 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::5054:ff:fe70:9a7d prefixlen 64 scopeid 0x20
ether 52:54:00:70:9a:7d txqueuelen 1000 (Ethernet)
RX packets 12252 bytes 16348084 (15.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7298 bytes 570168 (556.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens4: flags=4163 mtu 1500
ether 52:54:00:fb:86:e8 txqueuelen 1000 (Ethernet)
RX packets 49 bytes 3016 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
++++
* 參考網址 - http://www.centoscn.com/CentosBug/osbug/2014/0916/3750.html
* https://wiki.centos.org/zh-tw/FAQ/CentOS7
===== FirewallD (取代 iptables) =====
* 取得 zome firewall-cmd --get-default-zone
* 查看目前開放的服務 firewall-cmd --zone=iredmail --list-services
* 新增臨時開放的服務 firewall-cmd --zone=iredmail --add-service=mysql
* 查看永久開放的服務 firewall-cmd --zone=iredmail --permanent --list-services
* 新增永久開放的服務 firewall-cmd --zone=iredmail --permanent --add-service=snmp
* 如果是直接修改 /etc/firewalld/services/ 或 /etc/firewalld/zones/ 裡面的設定檔
* Exp. /etc/firewalld/services/smtps.xml 與 /etc/firewalld/zones/iredmail.xml
* 更改後可以透過
firewall-cmd --complete-reload
讓設定生效
* 啟用與關閉 firewalld
[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
FirewallD is not running
[root@jonathan-vm1 ~]# systemctl start firewalld
[root@jonathan-vm1 ~]# systemctl enable firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
public
[root@jonathan-vm1 ~]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@jonathan-vm1 ~]# systemctl stop firewalld
[root@jonathan-vm1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@jonathan-vm1 ~]# systemctl list-unit-files | grep firewalld
firewalld.service disabled
===== netstat 的替代語法 ss =====
* 看 listen port :ss -l -n
Exp. 看 SMTP 25 port
# ss -l -n | grep 25
tcp LISTEN 0 100 *:25 *:*
tcp LISTEN 0 100 :::25 :::*
* 看 TCP 連線 :ss -t -n
Exp. 看 IMAP port 143 連線
# ss -t -n | grep 143
ESTAB 0 0 192.168.0.236:143 60.248.245.172:56450
ESTAB 0 0 192.168.0.236:143 192.168.0.2:51137
ESTAB 0 0 192.168.0.236:143 192.168.0.254:14983
ESTAB 0 0 192.168.0.236:143 192.168.0.254:14902
:
ESTAB 0 0 192.168.0.236:143 60.248.245.172:62832
===== 修改 IP 設定 =====
* Exp 修改 eth0 IP 為 192.168.1.28
-
:
BOOTPROTO=static
IPADDR=192.168.1.28
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
:
DNS1=192.168.1.254
DNS2=101.101.101.101
- systemctl restart network.service
===== 查看現在的 IP 與 route =====
*
ip a
ip route list
===== 修改 DNS 設定 =====
* 直接改 /etc/resolv.conf 一段時間就會被 NetworkManager 更改消失, 必須改使用 nmcli 來設定
* Exp. 要設定網卡 eth0 的 DNS 為 192.168.11.242 與 168.95.192.1
nmcli con mod eth0 ipv4.dns "192.168.11.242 168.95.192.1"
nmcli con up eth0
===== 關閉 IPv6 的方式 =====
* 因為很多服務會認來源 IP (Exp. Mail Server), 因此避免來源 IP 變成 IPv6 造成問題, 因此有需要關閉
* 在 /etc/sysctl.conf 內增加以下兩行
:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
* 下命令生效
sysctl -p
* 最好重開機
===== 參考網址 =====
* [[https://www.phpini.com/linux/rhel-centos-7-setup-static-ip|RHEL / CentOS 7 設定網路固定 IP]]
* [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7|How To Set Up a Firewall Using FirewallD on CentOS 7]]
* https://www.phpini.com/linux/rhel-centos-7-change-dns-server
* [[https://shazi.info/%E5%9C%A8-centos-7-%E4%B8%AD%E6%89%80%E4%B8%8D%E8%A6%8B%E7%9A%84%E5%91%BD%E4%BB%A4-round-1%EF%BC%9A-ifconfig%E3%80%81route%E3%80%81netstat%E3%80%81traceroute/|在-centos-7-中所不見的命令-round-1:-ifconfig、route、netstat、traceroute/]]
* https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/
{{tag>centos7 network}}