CentOS7 網路相關整理

可先透過 https://wiki.centos.org/zh-tw/FAQ/CentOS7 來了解 CentOS7 和之前版本的一些差異

沒有 ifconfig 命令問題

yum install net-tools

安裝紀錄

[root@centos7-tmp ~]# yum install net-tools
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
extras                                                   | 3.4 kB     00:00
updates                                                  | 3.4 kB     00:00
(1/4): base/7/x86_64/group_gz                              | 155 kB   00:00
(2/4): extras/7/x86_64/primary_db                          | 166 kB   00:00
(3/4): updates/7/x86_64/primary_db                         | 9.1 MB   00:01
(4/4): base/7/x86_64/primary_db                            | 5.3 MB   00:02
Determining fastest mirrors
 * base: ftp.yzu.edu.tw
 * extras: ftp.yzu.edu.tw
 * updates: ftp.yzu.edu.tw
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package         Arch         Version                          Repository  Size
================================================================================
Installing:
 net-tools       x86_64       2.0-0.17.20131004git.el7         base       304 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 304 k
Installed size: 917 k
Is this ok [y/d/N]: y
Downloading packages:
警告：/var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: 表頭 V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.17.20131004git.el7.x86_64.rpm is not installed
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm              | 304 kB   00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>"
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.17.20131004git.el7.x86_64                    1/1
  Verifying  : net-tools-2.0-0.17.20131004git.el7.x86_64                    1/1

Installed:
  net-tools.x86_64 0:2.0-0.17.20131004git.el7

Complete!

執行紀錄

[root@centos7-tmp ~]# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.104  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::5054:ff:fe70:9a7d  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:70:9a:7d  txqueuelen 1000  (Ethernet)
        RX packets 12252  bytes 16348084 (15.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7298  bytes 570168 (556.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:fb:86:e8  txqueuelen 1000  (Ethernet)
        RX packets 49  bytes 3016 (2.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

FirewallD (取代 iptables)

取得 zome
```
firewall-cmd --get-default-zone
```

查看目前開放的服務

firewall-cmd --zone=iredmail --list-services

新增臨時開放的服務

firewall-cmd --zone=iredmail --add-service=mysql

查看永久開放的服務

firewall-cmd --zone=iredmail --permanent --list-services

新增永久開放的服務

firewall-cmd --zone=iredmail --permanent --add-service=snmp

如果是直接修改 /etc/firewalld/services/ 或 /etc/firewalld/zones/ 裡面的設定檔
- Exp. /etc/firewalld/services/smtps.xml 與 /etc/firewalld/zones/iredmail.xml
更改後可以透過
```
firewall-cmd --complete-reload
```
讓設定生效

啟用與關閉 firewalld

[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
FirewallD is not running
[root@jonathan-vm1 ~]# systemctl start firewalld
[root@jonathan-vm1 ~]# systemctl enable firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
[root@jonathan-vm1 ~]# firewall-cmd --get-default-zone
public
[root@jonathan-vm1 ~]# firewall-cmd --list-services
cockpit dhcpv6-client ssh
[root@jonathan-vm1 ~]# systemctl stop firewalld
[root@jonathan-vm1 ~]# systemctl disable firewalld
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
[root@jonathan-vm1 ~]# systemctl list-unit-files | grep firewalld
firewalld.service                                                disabled

netstat 的替代語法 ss

看 listen port :

ss -l -n

Exp. 看 SMTP 25 port

# ss -l -n | grep 25
tcp    LISTEN     0      100       *:25                    *:*
tcp    LISTEN     0      100      :::25                   :::*

看 TCP 連線 :

ss -t -n

Exp. 看 IMAP port 143 連線

# ss -t -n | grep 143
ESTAB      0      0      192.168.0.236:143                60.248.245.172:56450
ESTAB      0      0      192.168.0.236:143                192.168.0.2:51137
ESTAB      0      0      192.168.0.236:143                192.168.0.254:14983
ESTAB      0      0      192.168.0.236:143                192.168.0.254:14902
:
ESTAB      0      0      192.168.0.236:143                60.248.245.172:62832

修改 IP 設定

Exp 修改 eth0 IP 為 192.168.1.28

vi /etc/sysconfig/network-scripts/ifcfg-eth0

:
BOOTPROTO=static
IPADDR=192.168.1.28
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
:
DNS1=192.168.1.254
DNS2=101.101.101.101

```
systemctl restart network.service
```

查看現在的 IP 與 route

```
ip a
ip route list
```

修改 DNS 設定

直接改 /etc/resolv.conf 一段時間就會被 NetworkManager 更改消失, 必須改使用 nmcli 來設定

Exp. 要設定網卡 eth0 的 DNS 為 192.168.11.242 與 168.95.192.1

nmcli con mod eth0 ipv4.dns "192.168.11.242 168.95.192.1"
nmcli con up eth0

關閉 IPv6 的方式

因為很多服務會認來源 IP (Exp. Mail Server), 因此避免來源 IP 變成 IPv6 造成問題, 因此有需要關閉

在 /etc/sysctl.conf 內增加以下兩行

:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

下命令生效
```
sysctl -p
```
最好重開機

參考網址

centos7, network