首页 > 代码库 > 网络配置,IP路由转发,端口查看,ACL权限设置

网络配置,IP路由转发,端口查看,ACL权限设置

网络配置相关的文件:                                                                                       
[root@client01 ~]# vim /etc/udev/rules.d/70-persistent-net.rules //克隆出来的虚拟机                      
没有eth0网卡的问题                                                                                      
临时改主机名                                                                                           
[root@Server ~]# vim /etc/host                                                                   
永久改名                                                                                             
[root@Server ~]# vim /etc/sysconfig/network                                                      
                                                                                                 
                                                                                                 
/etc/sysconfig/network-scripts/ifcfg-ethX 网卡的局部配置文件                                              
/etc/sysconfig/network 网络的全局配置文件                                                                 
/etc/resolv.conf 域名解析文件(指定dns服务器)                                                                
/etc/hosts 本地域名解析                                                                                
                                                                                                 
配置静态IP地址:                                                                                        
1、图形化工具配置                                                                                        
setup                                                                                            
2、修改配置文件                                                                                         
vim /etc/sysconfig/network-scripts/ifcfg-eth0:1                                                  
                                                                                                 
DEVICE=eth0:1  设备名                                                                               
TYPE=Ethernet  网卡类型                                                                              
HWADDR=40:8d:5c:bb:cc:ff mac地址                                                                   
NM_CONTROLLED=yes 受NetworkManager服务影响;no不影响                                                      
UUID="e4678090-b16d-4225-aa1c-1d91a1329c86"                                                      
ONBOOT=yes 是否激活网卡,yes代表激活;no代表不激活                                                                
BOOTPROTO=none  获取ip地址的方式;dhcp代表动态获取;none和static代表静态ip                                           
IPADDR=10.1.1.11 IP地址                                                                            
NETMASK=255.255.255.0 子网掩码                                                                       
GATEWAY=192.168.0.254 网关                                                                         
DNS1=192.168.0.254 dns服务器                                                                        
IPV6INIT=no 不支持ipv6                                                                              
USERCTL=no  不支持普通用户启动网络                                                                          
3、重启服务                                                                                           
# service network restart                                                                        
                                                                                                 
主机名设定                                                                                            
 FQDN(完全符合规范的主机名)                                                                                
 node1.uplook.com ——>node1(主机头).uplook.com(域)                                                    
 stuxx.example.com                                                                               
 webserver node1 不规范                                                                             
查看主机名:                                                                                           
hostname                                                                                         
uname -n                                                                                         
临时更改主机名:                                                                                         
hostname webdb.uplook.com 退出重新登录,操作系统重启失效                                                        
永久更改主机名:                                                                                         
vim /etc/sysconfig/network                                                                       
                                                                                                 
NETWORKING=yes yes代表网络生效;no代表使用service network restart启动网络无效                                     
HOSTNAME=node1.uplook.com 修改后必须重启操作系统才能生效                                                        
GATEWAY=192.168.0.254 默认网关                                                                       
注意:当该文件和子接口文件里的网关冲突时,以子接口里的网关为准                                                                  
                                                                                                 
hostname stu33.example.com                                                                       
vim /etc/sysconfig/network                                                                       
...                                                                                              
HOSTNAME=stu33.example.com                                                                       
                                                                                                 
域名或主机名的解析:                                                                                       
                                                                                                 
vim /etc/resolv.conf                                                                             
nameserver 192.168.0.254 dns服务器的ip地址                                                             
                                                                                                 
vim /etc/hosts                                                                                   
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4                   
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6                   
以上两行不要修改也不要删除                                                                                    
                                                                                                 
IP选路:                                                                                            
route -n 打印路由表                                                                                   
route del default 删除默认路由                                                                         
route add default gw 192.168.0.254 dev eth0 添加默认网关                                               
route add -net 172.16.0.0 netmask 255.255.0.0 dev eth0 添加一条到目标网络的路由                              
route add -host 10.1.1.110 gw 192.168.0.1 dev eth0 添加一条到目标主机的路由                                  
route del -net 10.1.1.0 netmask 255.255.255.0                                                    
                                                                                                 
实验目的:实现不同网络之间的互通                                                                                 
A:192.168.0.1 开启路由转发的功能                                                                          
B:10.1.1.10                                                                                      
C:172.16.5.1                                                                                     
B主机能ping通C主机                                                                                     
                                                                                                 
步骤:                                                                                              
A主机:                                                                                             
1、开启路由转发功能                                                                                       
# cat /proc/sys/net/ipv4/ip_forward                                                              
0 代表关闭;1代表开启                                                                                     
# echo 1 > /proc/sys/net/ipv4/ip_forward                                                         
# cat /proc/sys/net/ipv4/ip_forward                                                              
1                                                                                                
2、增加到B主机和C主机的网络                                                                                  
                                                                                                 
# route add -net 10.1.1.0 netmask 255.255.255.0 dev eth0                                         
# route add -net 172.16.5.0 netmask 255.255.255.0 dev eth0                                       
# route -n                                                                                       
Kernel IP routing table                                                                          
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface                    
0.0.0.0         192.168.0.254   255.255.255.0   UG    0      0        0 eth0                     
172.16.5.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0                     
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0                     
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0                     
10.1.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0                     
                                                                                                 
B主机:                                                                                             
添加默认网关为A主机                                                                                       
# route add -net 192.168.0.0/24 dev eth0                                                         
# route add default gw 192.168.0.1                                                               
                                                                                                 
C主机:                                                                                             
添加默认网关为A主机                                                                                       
# route add -net 192.168.0.0/24 dev eth0                                                         
# route add default gw 192.168.0.1                                                               
                                                                                                 
lsof -i :80   查看端口                                                                             
dos2unix 将windows文件转换成unix文件可以去掉^M                                                              
                                                                                                 
写脚本时想让屏幕上显示启动和关闭                                                                                 
可以调用/bin/true,/bin/false                                                                         
                                                                                                 
清空日志可以使用重定向                                                                                      
> /tmp/tmp.log                                                                                   
                                                                                                 
seq 5                                                                                            
seq 5 10                                                                                         
seq 2 2 10                                                                                       
seq 1 3 10                                                                                       
                                                                                                 
seq -s " " 2 10                                                                                  
seq -s "+" 10                                                                                    
seq -s "+" 100|bc                                                                                
seq -w 2 11                                                                                      
                                                                                                 
查看网站的服务类型                                                                                        
curl -I -s baidu.com                                                                             
curl -I -s --connect-timeout 10 163.com                                                          
                                                                                                 
                                                                                                 
cut -c 1-8  //截取1-8个字符                                                                           
chkconfig --list   ,查看服务开启/关闭状态                                                                  
                                                                                                 
查找文件or字符串                                                                                        
find path -name/type file                                                                        
find path -name/type "*.log"|xargs grep "string"                                                 
                                                                                                 
查看inode节点,每隔文件占用一个节点                                                                             
df -li                                                                                           
                                                                                                 
tail -f //可以跟踪文件末尾的变化                                                                            
                                                                                                 
at 定时命令                                                                                          
定时文件:crontab,                                                                                    
定时服务:crond                                                                                       
                                                                                                 
rpm -aq|grep filename   查看包是否安装                                                                  
                                                                                                 
ssh -p22 root@192.168.1.110 /sbin/ifconfig eth1 or eth0                                          
ssh 192.168.1.9                                                                                  
                                                                                                 
查看进程,端口的方法                                                                                       
netstat -lnp|grep 端口号(或者服务名)                                                                     
ps -ef|grep 端口号(或者服务名)                                                                           
lsof -i tcp  查看tcp                                                                               
lsof -i tcp:80                                                                                   
lsof -i :80  反查                                                                                  
                                                                                                 
                                                                                                 
rz 是一款很好用的linux虚拟机上传下载工具                                                                         
[root@client02 ~]# yum install lrzsz -y                                                          
[root@client02 ~]# rz                                                                            
                                                                                                 
-----------------------------------------------------------                                      
账户权限设置:                                                                                          
ACL访问控制权限,                                                                                       
由于系统的基本权限是针对文档所有者或其他账户进行控制的,无法针对其某个单独的账户进行控制,                                                    
所以就有了ACL访问控制列表的概念,使用ACL,我们可以针对单一账户设置文档的访问权限。                                                     
                                                                                                 
                                                                                                 
使用getfacl查看文档的ACL权限,使用setfacl来设置文档的ACL权限。                                                        
                                                                                                 
[root@Server ~]# getfacl install.log                                                             
# file: install.log                                                                              
# owner: root                                                                                    
# group: root                                                                                    
user::rw-                                                                                        
group::r--                                                                                       
mask::r--                                                                                        
other::r--                                                                                       
                                                                                                 
setfacl 设置文档访问控制列表                                                                               
-b  删除所有附加的ACL条目                                                                                 
-k 删除默认的ACL                                                                                      
-m 添加ACL条目                                                                                       
-x 删除制定的ACL条目                                                                                    
-R 递归处理所有的子文件与子目录                                                                                
                                                                                                 
[root@Server ~]# setfacl -b install.log                                                          
[root@Server ~]# setfacl -m u:oldboy:rw install.log                                              
[root@Server ~]# setfacl -m g:oldboy:r install.log                                               
[root@Server ~]# setfacl -x u:oldboy: install.log                                                
                                                                                                 
                                                                                                 
                                                                                                 

网络配置,IP路由转发,端口查看,ACL权限设置