CentOS---Common network configuration detailed _linux

First, the configuration document detailed

In Linux systems such as Rhel or CentOS, the main setup files related to the network are as follows:

/etc/host.conf     Configure the Domain Name Service client's control file
/etc/hosts The       completion of the host name mapping to the IP address function
/etc/resolv.conf    domain Name Service client configuration file, The location that specifies the domain name server
/etc/sysconfig/network contains the most basic network information of the host for system startup.
/etc/sysconfig/network-script/  Some information about initializing the network when the system starts
/etc/xinetd.conf    defines the network services that are started by the super process xinetd
/etc/ Networks     complete the mapping of domain name and network address
/etc/protocols     set the protocol used by the host and the protocol number of each protocol
/etc/services     

1. The default information for/etc/host.conf files is as follows:

Multi on      #允许主机拥有多个IP地址
order hosts,bind  #主机名解析顺序, that is, local resolution, the sequence of DNS domain name resolution

This file generally does not need us to modify, the default parsing order is local resolution, DNS server resolution, that is, in this system for a host name first local resolution, if not local resolution, and then DNS server resolution.

2. The default content of the/etc/hosts file is probably as follows:

127.0.0.1  butbueatiful  localhost.localdomain localhost
:: 1       localhost6.localdomain6 Localhost6

Visible, the default situation is the native IP and some of the host name of the corresponding relationship, the first line is IPv4 information, the second line is IPv6 information, if you do not use the IPv6 of the native resolution, the line generally commented out.

The first line of the parsing effect is that butbueatiful localhost.localdomain localhost will be parsed into 127.0.0.1, we can try Ping.

[Root@butbueatiful ~]# ping-c 3 butbueatiful
ping butbueatiful (127.0.0.1) bytes of data.
Bytes from butbueatiful (127.0.0.1): icmp_seq=1 ttl=64 time=0.061 ms-bytes from
butbueatiful (127.0.0.1): icmp_s eq=2 ttl=64 time=0.052 ms
bytes from butbueatiful (127.0.0.1): icmp_seq=3 ttl=64 time=0.051 ms

---butbueatiful ping statistics---
3 Packets transmitted, 3 received, 0% packet loss, time 1999ms
RTT Min/avg/max/mdev = 0.051/0.054/0.061/0.009 ms

[Root@butbueatiful ~]# ping-c 3 localhost.localdomain
ping butbueatiful (127.0.0.1) bytes of data.
Bytes from butbueatiful (127.0.0.1): icmp_seq=1 ttl=64 time=0.055 ms-bytes from
butbueatiful (127.0.0.1): icmp_s eq=2 ttl=64 time=0.035 ms
bytes from butbueatiful (127.0.0.1): icmp_seq=3 ttl=64 time=0.050 ms

---butbueatiful ping statistics---
3 Packets transmitted, 3 received, 0% packet loss, time 1999ms
RTT Min/avg/max/mdev = 0.035/0.046/0.055/0.011 ms

See the results above, you may ask why Ping Localhost.localdomain, the following display is butbueatiful, this is because the first host name butbueatiful after the host names are actually butbueatiful host alias.

If we want to append a new local resolution, such as we want to parse yyyy.com and www.yyyy.com into 192.168.0.100 in our machine, append the following sentence:

192.168.0.100 yyyy.com www.yyyy.com

Again, here, Www.yyyy.com is the yyyy.com host alias.

If you think carefully, you will find, in fact, this file is very dangerous, if someone maliciously modified your file, such as Taobao's website domain name resolution to his fishing site, then you will be in the recruit.

3./etc/resolv.conf, specify DNS server IP information such as domain resolution, configuration parameters are generally contacted by 4:

• NameServer Specify the IP address of the DNS server
• Domain defines local domain name information
• Search list to define a domain name
• Sortlist to sort the addresses returned by gethostbyname

But the most commonly used configuration parameters are nameserver, the other can not be set, this parameter specifies the IP address of the DNS server, if the settings are not correct, you will not be able to perform normal domain name resolution.

Generally, it is recommended to set up 2 DNS servers, such as we use Google's free DNS server, then the file settings are as follows:

NameServer 8.8.8.8
nameserver 8.8.4.4

Similarly, this file is also dangerous, if someone maliciously changed to his own DNS server, he can do whatever you want to control the domain name access to each destination, which is often said DNS hijacking.

4./etc/sysconfig/network, the typical configuration is as follows:

Networking=yes
networking_ipv6=no
hostname=butbueatiful
gateway=192.168.0.1

Parameter Brief explanation:

• Network set Network is valid, yes is valid, no is invalid
• Networking_ipv6 set IPv6 network is valid, yes is valid, no is invalid
• HOSTNAME set the hostname of the server, preferably the same as in/etc/hosts, otherwise there will be problems when using some programs.
• Gateway specifies default gateway IP

5. Ifcfg-ethx, set the corresponding network port IP and other information, such as the first network port, then is/etc/sysconfig/network-scripts/ifcfg-eth0, configuration example:

Device= "eth0"
bootproto= "static"
broadcast= "192.168.0.255"
hwaddr= "00:16:36:1b:bb:74"
192.168.0.100 "
netmask=" 255.255.255.0 "
onboot=" yes "

Parameter Brief explanation:

• DEVICE device name, do not change their own, and file Ifcfg-ethx in the ETHX to be consistent
• Broadcast broadcast address
• HWADDR Physical Address, this you don't change
• IPADDR IP Address
• NETMASK Subnet Mask
• Onboot If the device is started when the network is started or restarted, yes is started, no is not started
• Bootproto boot protocol, the most common three parameters are as follows:

①static (static IP)

②none (unspecified, set fixed IP situation, this is OK, but if you want to set the multi-port binding bond, you must set to none)

③DHCP (Dynamic access to IP-related information)

6. Route-ethx, such as the first network port eth0 routing information, then is/etc/sysconfig/network-scripts/route-eth0:

For example, we now have such a demand, through eth0 to the network 172.17.27.0/24 do not go to the default route, need to walk 192.168.0.254, then our first reaction, must be to use the route command to append routing information:

[root@butbueatiful ~]# Route add-net 172.17.27.0 netmask 255.255.255.0 gw 192.168.0.254 Dev eth0

However, what you do not realize is that this is only dynamic append, restart the network, the routing information disappears, so need to set the static route, this time will be set/etc/sysconfig/network-scripts/route-eth0 file, if not the file, You'll create a new one:

[Root@butbueatiful ~]# vi/etc/sysconfig/network-scripts/route-eth0
#追加
172.17.27.0/24via 192.168.0.254

Even if you restart the network and reboot the system, the route will automatically load, of course, if you do not need it, then the file will not need to be created and configured.

Second, the commonly used network configuration

With the passage of time Red Hat company launched the RHEL6.2, followed by CentOS also followed by the exit CentOS6.2. The new system has a lot of virtualization and cloud computing elements, as well as a lot of changes in detail, and we'll just do a detailed description of the network parameters in the new system.

The network parameters in Linux roughly include the following:

• IP Address
• Subnet mask
• Gateway
• DNS Server
• Host Name

The usual ways to modify these parameters in a Linux system are: commands, two of files. The command set can take effect immediately, but it will expire after the reboot, and the file modification implementation is permanent, but will not take effect immediately.

First, let's take a look at the order:

• Ifconfig: View and set IP address, subnet mask
• Hostname: View and set host name
• Route: View and set routing information (default gateway, etc.)

Modified in the form of a file:

/etc/sysconfig/network-scripts/ifcfg-device name (usually Ifcfg-eth0)

/etc/sysconfig/network

/etc/resolv.conf files: Setting up a DNS server

All of these methods can be implemented at the same time in 5.0 and 6.0 systems, but the 6.0 system after the official document described: Ifconfig and route are very old commands, replaced by IP commands.

So let's take a look at the old command usage:

*************************************************************************

Ifconfig Interface Options | address

# ifconfig eth0 up     # open eth0 network card
# ifconfig eth0    down # Turn off eth0 network card
# ifconfig Eth0-arp    # Turn off eth0 network card ARP protocol 
   
    # ifconfig eth0 Promisc   # turn on eth0 network card blending mode
# ifconfig eth0 MTU 1400  # set ETH0 network card Maximum Transmission Unit 1400
# ifconfig eth0 192.168.0.2/24  # set eth0 nic IP address
# ifconfig eth0 192.168.0.2 netmask 255.255.255.0  # function ditto
   

*************************************************************************
Host Name:

# hostname #    View host name
# hostname butbueatiful.com  # Set host name to Butbueatiful.com

*************************************************************************
Gateway settings:

Route add [-net|-host] target [netmask] GW
route del [-net|-host] target [netmask] GW

# route add-net 192.168.3.0/24 GW 192.168.0.254  # set to 192.168.3.0 network segment Gateway 192.168.0.254
# route Add-net netmask 255.255.255.0 GW 192.168.0.254  # features ditto
# route add-host 192.168.4.4 GW 192.168.0.254  # set to 192.168.4.4 Host's Gateway is 192.168.0.254
# # 
Route del-net 192.168.3.0/24            # Remove gateway information for 192.168.3.0 network Segment
# route Del-host 192.168.4.4            # Delete 192.168.4.4 host Gateway Information
# route add default GW 192.168.0.254        # Set default gateway to 192.168.0.254
# Route del default GW 192.168.0.254        # Delete default gateway for 192.168.0.254

*************************************************************************

Now the authorities are no longer recommending the use of such an old command and recommend the use of IP this command, the following we look at its use:

IP [Options] Action object {Link|addr|route ...}

# IP link         Show # Display Network interface information
# IP link set eth0 UPI     # Open Nic
# IP link set eth0     down # Turn off network card
# IP link s ET eth0 promisc  on # Open Network card blending mode
# IP link set eth0 promisc offi # Turn off the mixed mode of the NIC
# IP link set eth0 txqueuelen 1200< c10/># Set network card queue Length
# IP link set eth0 MTU 1400   # Set network card Maximum transmission unit
# IP Addr         Show # Display network card IP info
# IP addr Add 192.168.0.1/24 Dev eth0 # set eth0 network card IP address 192.168.0.1
# ip addr del 192.168.0.1/24 dev eth0 # delete eth0 network card IP address

# IP rout E List         # view routing information
# IP route add 192.168.4.0/24 via 192.168.0.254 Dev eth0 # set up 192.168.4.0 network segment Gateway 192.168.0.254, Data go E Th0 Interface
# IP route add default via 192.168.0.254 dev eth0  # Set default gateway to 192.168.0.254
# ip route del 192.168.4.0/2 4  # Remove 192.168.4.0 network Segment Gateway
# IP route del default  # Delete default route

**************************************************************
Next look at the file to modify the network parameters: (CentOS6.2 system for example)

# Cat/etc/sysconfig/network-scripts/ifcfg-eth0  

device= "eth0"       device name
nm_controlled= "Yes"    Whether the device is NetworkManager managed
onboot= "No" boot
hwaddr= "00:0c:29:59:e2:d3" Hardware address (MAC address)
Type=ethernet       type
Bootproto=none       startup protocol {NONE|DHCP}
ipaddr=192.168.0.1     IP address
prefix=24         Subnet mask
gateway= 192.168.0.254   Default gateway
dns1=202.106.0.20     Primary DNS
domain=202.106.46.151   secondary DNS
uuid= 5FB06BD0-0BB0-7FFB-45F1-D6EDD65F3E03  Device UUID number

**************************************************************

# cat/etc/sysconfig/network

hostname=butbueatiful.com  host name

**************************************************************

Note: In the 5.0 era the DNS server was written in the/etc/resolv.conf file, but in the 6.0 era DNS could be written in/etc/resolv.conf but at this point the need for/etc/sysconfig/network-scripts/ Ifcfg-eth0 file to add Peerdns=no configuration, or each restart the network card will rewrite the contents of the/etc/resolv.conf file, of course, can also be written directly in/etc/sysconfig/network-scripts/ Ifcfg-eth0 file.

Postscript:

1. Configure/ETC/RESOLV.CONFG Restart loss Resolution:

One way is to set the Peerdns to "no".

Locate the NIC configuration file, location, and: Add the Peerdns option to the/etc/sysconfig/network-scripts/ifcfg-eth file. Can be 0, 1, 2, and so on, representing different network adapter profiles. For example, the first NIC on the system is eth0, and its configuration file is/etc/sysconfig/network-scripts/ifcfg-eth0 and then the peerdns is changed to ' No ' in the file.

For example:

Device=eth0
bootproto=dhcp
onboot=yes
type=ethernet
peerdns=no

This option allows/etc/resolv.conf to not be overwritten after the system restarts.

Another approach is to add DNS to this file:

Such as:

dns1=127.0.0.1

2. Security settings

We said earlier/etc/resolv.conf and/etc/hosts was tampered with, it will be very dangerous, then we set up 2 files, do some processing, so that the 2 files by default can not be directly modified, even if root is not, the implementation of the following command:

[Root@butbueatiful ~]# chattr +i/etc/{resolv.conf,hosts}

If we want to modify our own time, execute:

[Root@butbueatiful ~]# Chattr-i/etc/{resolv.conf,hosts}

Then you can modify it, and don't forget to +i it.

3. Network Elimination idea

Check the configuration file for errors (written and grammatical errors, etc.)

Check that the native network protocol is correct:

# ping-c 3 127.0.0.1

Check that the local network card link is correct:

 # ping-c 3 192.168.0.1 (native IP address)

Check that the gateway is correct:

# ping-c 3 192.168.0.254 (Gateway IP address)

Check for external connectivity:

# ping-c 3 www.google.com.hk

Check Hardware

The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.