CentOS details of common network configuration
- 2020-05-14 05:45:44
- OfStack
1. Details of configuration files
In the Redhat Linux system such as RHEL or CentOS, the main Settings related to the network are as follows:
/etc/host.conf Configure the domain name service client control file
/etc/hosts Complete the hostname mapping to IP Function of address
/etc/resolv.conf Profile for the domain name service client , Used to specify the location of the domain name server
/etc/sysconfig/network Contains the most basic network information of the host , For system startup .
/etc/sysconfig/network-script/ Initializing the network when the system is started 1 Some of the information
/etc/xinetd.conf Defined by the super process xinetd Start the network service
/etc/networks Complete the mapping of domain name and network address
/etc/protocols It sets the protocol used by the host and the protocol number of each protocol
/etc/services Configure the network service for different ports of the host 1. The default information of the /etc/ host.conf file is as follows:
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order The default parsing order is local parsing,DNS server parsing, that is to say, in this system for a host name first local parsing, if there is no local parsing, then DNS server parsing.
2. The default content of /etc/hosts is as follows:
127.0.0.1 butbueatiful localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
It can be seen that the default situation is the corresponding relationship between the local ip and the local 1 hostname. The first line is ipv4 information, and the second line is ipv6 information. If ipv6 is not used for native parsing, 1 should comment out the line.
The parsing effect of the first line is, butbueatiful localhost.localdomain localhost will be parsed to 127.0.0.1, so we can try ping.
[root@butbueatiful ~]# ping -c 3 butbueatiful
PING butbueatiful (127.0.0.1) 56(84) bytes of data.
64 bytes from butbueatiful (127.0.0.1): icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from butbueatiful (127.0.0.1): icmp_seq=2 ttl=64 time=0.052 ms
64 bytes from butbueatiful (127.0.0.1): icmp_seq=3 ttl=64 time=0.051 ms
--- butbueatiful ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.051/0.054/0.061/0.009 ms
[root@butbueatiful ~]# ping -c 3 localhost.localdomain
PING butbueatiful (127.0.0.1) 56(84) bytes of data.
64 bytes from butbueatiful (127.0.0.1): icmp_seq=1 ttl=64 time=0.055 ms
64 bytes from butbueatiful (127.0.0.1): icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from butbueatiful (127.0.0.1): icmp_seq=3 ttl=64 time=0.050 ms
--- butbueatiful ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.035/0.046/0.055/0.011 ms
When you see the results above, you may ask why ping localhost.localdomain is shown below butbueatiful, because the hostnames following the first hostname butbueatiful are actually host aliases for butbueatiful.
If we want to append the new local parsing, for example, we want to parse both yyyy.com and www.yyyy.com to 192.168.0.100 in our machine, then append the following sentence:
192.168.0.100 yyyy.com www.yyyy.com
Again, in this case, www.yyyy.com is the host alias for yyyy.com.
If you think carefully 1, will find, in fact, this file is very dangerous, if someone maliciously modified your file, such as the taobao website domain name to his phishing site, then you will be recruited.
3. /etc/ resolv. conf, DNS server IP and other information designated for domain name resolution.
nameserver specifies the IP address of the DNS server domain defines local domain name information search defines a search list of domain names sortlist sorts the address returned by gethostbyname
However, the most commonly used configuration parameter is nameserver, and the others can be left unset. This parameter specifies the IP address of the DNS server. If the Settings are not correct, normal domain name resolution cannot be performed.
1 generally speaking, it is recommended to set up two DNS servers. For example, if we use google's free DNS server, the Settings of this file are as follows:
nameserver 8.8.8.8
nameserver 8.8.4.4Also, this file is also dangerous, if someone maliciously changed to his own DNS server, he can do whatever he wants to control every destination you access through the domain name, this is often referred to as DNS hijacking.
4. / etc/sysconfig/network, typical configuration is as follows:
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=butbueatiful
GATEWAY=192.168.0.1Brief explanation of parameters:
NETWORK sets whether the network is valid, yes is valid, no is invalid NETWORKING_IPV6 sets whether the ipv6 network is valid, yes is valid, no is invalid HOSTNAME set the hostname of the server, and it is better to set the same as /etc/hosts, otherwise there will be problems when using some programs. GATEWAY specifies the default gateway IP5. ifcfg-ethX, set IP and other information corresponding to the port, such as the first port, then it is /etc/sysconfig/ network-scripts/ifcfg-eth0, configuration example:
DEVICE="eth0"
BOOTPROTO="static"
BROADCAST="192.168.0.255"
HWADDR="00:16:36:1B:BB:74"
IPADDR="192.168.0.100"
NETMASK="255.255.255.0"
ONBOOT="yes"Brief explanation of parameters:
DEVICE device name, don't change it yourself, and ethX in ifcfg-ethX should be 1 BROADCAST broadcast address HWADDR physical address. Don't mess with that IPADDR IP address NETMASK subnet mask Whether to start the device when ONBOOT starts or restarts the network? yes is started, no is not started BOOTPROTO startup protocol, the three most common parameters are as follows:
1) static IP (static)
none(do not specify, set the fixed ip case, this is fine, but if you want to set the multi-port binding bond, must be set to none)
dhcp(get IP information dynamically)
6. route-ethX, such as the routing information of the first port eth0, is /etc/sysconfig/ network-scripts/route-eth0:
For example, we now have a requirement to go to network 172.17.27.0/24 through eth0 instead of the default route, we need to go 192.168.0.254. Then our first response must be to append the route information with route command:
[root@butbueatiful ~]# route add -net 172.17.27.0 netmask 255.255.255.0 gw 192.168.0.254 dev eth0
However, what you don't realize is that this is just a dynamic append. When you restart the network, the routing information will disappear, so you need to set the static route. At this point, you need to set the file /etc/sysconfig/ network-scripts/route-eth0.
[root@butbueatiful ~]# vi /etc/sysconfig/network-scripts/route-eth0
# additional
172.17.27.0/24via 192.168.0.254Even if you restart the network, restart the system, the path will automatically load, of course, if you do not have such a need, then there is no need to create and configure the file.
2. Common network configuration
Over time, Red Hat launched RHEL6.2, which was followed by CentOS exiting CentOS6.2. In the new system, vendors have added a lot of virtualization and cloud computing elements, and they have also changed a lot of details. Here we will only elaborate on the network parameters in the new system.
Network parameters in Linux generally include the following contents:
IP address Subnet mask The gateway DNS server The host nameTraditionally, there are two ways to modify these parameters in Linux system: command and file. Among them, the command Settings can take effect immediately but will be invalid after restart. The file modification can achieve permanent effect but will not take effect immediately.
First, let's take a look at the way commands work:
ifconfig: view and set the IP address, subnet mask hostname: view and set the hostname route: view and set routing information (default gateway, etc.)Modify by means of files:
/etc/sysconfig/ network-scripts /ifcfg- device name (usually ifcfg-eth0)
/etc/sysconfig/network
etc/ resolv.conf file: set up DNS server
All of the above can be implemented in both 5.0 and 6.0 systems, but the official documentation after 6.0 system describes ifconfig and route as very old commands, replaced by the ip command.
So let's look at the old command first:
*************************************************************************
ifconfig interface option | address
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order
*************************************************************************
Host name:
# hostname # View hostname
# hostname butbueatiful.com # Set hostname butbueatiful.com
*************************************************************************
Gateway Settings:
route add [-net|-host] target [netmask] gw
route del [-net|-host] target [netmask] gw
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order *************************************************************************
Now the authorities no longer recommend the use of such an archaic command but ip. Here's how it works:
ip [options] operation object {link|addr|route... }
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order
**************************************************************
Now let's look at modifying network parameters by file :(CentOS6.2 system as an example)
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order
**************************************************************
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order **************************************************************
Note: In the era of 5.0, DNS server was written in /etc/ resolv.conf file, but in the era of 6.0, DNS could be written in /etc/ resolv.conf. However, PEERDNS=no configuration should be added in /etc/sysconfig/ network-scripts/ifcfg-eth0 file. Otherwise, every time you restart your nic, you will rewrite the /etc/ resolv.conf file, or you can write it directly in the /etc/sysconfig/ network-scripts/ifcfg-eth0 file.
Postscript:
1. Configuration /etc/ resolv.confg restart loss solution:
One way is to set PEERDNS to "no".
Find the network card configuration file, location and: /etc/sysconfig/ network-scripts/ifcfg-eth file to add the PEERDNS option. It could be 0, 1, 2, etc., representing different network card profiles. For example, if the first nic on the system is eth0, then its configuration file is /etc/sysconfig/ network-scripts/ifcfg-eth0 and then change PEERDNS to 'no' in the file.
Such as:
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Ethernet
PEERDNS=noThis option allows /etc/ resolv.conf not to be overwritten after a system restart.
Another way is to add DNS to this file:
Such as:
DNS1=127.0.0.1
DNS2=8.8.8.8 2. Security Settings
As we said before, if /etc/ resolv.conf and /etc/hosts have been tampered with, it will be very dangerous. After setting up two files, we will do 1 processing, so that these two files cannot be directly modified by default, even if root cannot be modified. Execute the following command:
multi on # Allows hosts to have multiple hosts IP address
order hosts,bind # Hostname resolution order, that is, local resolution ,DNS Domain name resolution order
If we want to modify ourselves, execute:
[root@butbueatiful ~]# chattr -i /etc/{resolv.conf,hosts}And then you're ready to change, and don't forget to +i when you're done.
3. Network elimination
Check the configuration file for errors (handwriting, grammar, etc.)
Check whether the native network protocol is correct:
# ping -c 3 127.0.0.1
Check whether the local network card link is correct:
# ping -c 3 192.168.0.1( This machine IP address )Check whether the gateway is correct:
# ping -c 3 192.168.0.254( The gateway IP address )
Check external connectivity:
# ping -c 3 www.google.com.hk
Check the hardware