Linux network card operation and security initialization

I. Linux network-related concepts and methods for modifying IP addresses 1.1 Network card naming method

CENTOS6 Network card naming method:

It will change according to the situation and not unique and fixed, before CENTOS6, the network interface uses serial number naming: Eth0, eth1, etc.,

The name may change when the network card is added or removed

CENTOS7 the network card naming method:

Using Dmidecode acquisition naming scheme to get motherboard information; it can realize permanent uniqueness of network card name (Dmidecode This command can collect information about hardware)

1 if the index information provided by the firmware (firmware) or BIOS-integrated device on the main board is available and predictable, it is named according to this index, for example: Ifcfg-ens33  

2 if the index information provided by the firmware (firmware) or BIOS for the PCI-E expansion slot is available and predictable, it is named according to this index, with an example named, for example: Ifcfg-enp33

3 if the physical location information for the hardware interface is available, it is named according to this information, such as Enp2s0

When none of the above is available, the traditional naming mechanism is used.

Extended:

In CENTOS7, en says: Ethernet Ethernet, which is the LAN we are using now

EnX (X commonly has the following 3 types):

o  : Motherboard onboard NIC, device index number of the integrated device. If

P : Standalone NIC, PCI NIC

s : Hot-swappable nic, USB, etc., expansion slot index number

nnn ( number) means: MAC address + motherboard information calculates a unique sequence

use of 1.2 ifconfig

Ifconfig indicates that the network adapter is enabled

Ifconfig ENS33 View specified NIC

Ifconfig-a View all NICs (including down)

1.3 Modifying IP 1.3.1 Temporarily modify IP address, restart failure (System restart or nwtwork service restart)

Method 1: Directly modify the network card address

192.168. 9.110 255.255.
Restart failure
(Cnetos7:systemctl Restart Network
Cnetos6:service Network restart)

Method 2: Add a second address (multiple can be added)

sudo ifconfig ens33:0192.168. 9.9 255.255. 255.0 up

sudo ifconfig ens33:1 192.168.9.10 netmask 255.255.255.0 up

Ditto restart failure

Delete Second Address

sudo ifconfig ens33:0192.168.

1.3.2 Permanently Modify IP address

Related configuration Files

ls/etc/sysconfig/network-scripts/ifcfg-ens33     #IP地址, subnet mask, and other configuration files  /etc/sysconfig/ network-scripts/ifcfg-lo    /etc/resolv.conf   　　　　　　　　　　　　　　/etc/hosts    　　　　　　　　　　　　　/ etc/hostname  #设置主机名    　　　　　　　　　　　　　　　　

Method 1: Nmtui (Enter a configuration Interface)

Nmtui

Restart the network service to take effect.

Method 2: Modify the NIC configuration file (must be mastered)

Type=Ethernet Proxy_method=nonebrowser_only=nobootproto = None # after the equals sign: DHCP represents the dynamic acquisition of an IP address, satic means that the gesture Ip,none is not specified, is static. Defroute=Yesipv4_failure_fatal=Noipv6init=yesipv6_autoconf=Yesipv6_defroute=Yesipv6_failure_fatal=Noipv6_addr_gen_mode=stable-Privacyname=Ens33uuid=c517fa43-51a5-4237-a364-2e81d0cffb3bdevice=ens33onboot = Yes # with system boot, be sure toipaddr=192.168.9.111PREFIX=#掩码位数GATEWAY=192.168.9.1 #网关DNS1=8.8.8.8 #dns

Second, close the firewall

[Email protected] ~]# systemctl status Firewalld.service      ~]# systemctl Stop firewalld       ~]# systemctl start firewalld      ~]# systemctl Disable FIREWALLD     #开机自动关闭   // RHLE7 [Email protected] ~]# chkconfig--list|grep network    #查看开机是否启动   //RHLE6[email Protected] ~]# systemctl enable FIREWALLD    #开机自动启动　　

Third, close SELinux

Because this thing is more troublesome, the online production system is also closed

3.1 Temporary shutdown-restart will open automatically

Getenforce     #状态为enfocing to open setenfoce   0  #状态为Permissive

3.2 Permanently closed

vim/etc/selinux/config #直接修改配置文件 change enforing to Disabled .

Linux network card operation and security initialization