Linux Network Management

Source: Internet
Author: User
Tags ftp file key string ftp protocol ftp transfer nslookup scp command ssh secure shell asymmetric encryption

For the OSI seven layer model, TCP five layer model, TCP three handshake, HTTP protocol, DNS parsing and other related network basics please refer to my blog: http://www.cnblogs.com/wxisme/p/4699049.html

the port used by the TCP protocol, 0-65535,1-1024 is the system port, so development applications generally use a port number greater than 1024Common Port numbers: ftp:20 (data transfer), 21 (Command communication)SSH Login:telnet:23dns:53http:80smtp:25pop3:110imap:143https:443 View all ports opened by the server: Netstat-an Hosts file has precedence over DNS resolutionthe Hosts file is formatted as a line: IP address host name #为注释There are only 13 root domain servers, and the top-level domains are developed by ISO organizationtop-level domains are divided into: organization domain, country, and region domaina gateway is a server or router that acts as a transformation task, and a gateway is a device for data communication between the intranet and the external network.LAN access is not required gateway, if you want to access the Internet, you must determine the gateway and DNS to communicate with the external network normallyAutomatic IP acquisition requires DNS server configurationHow to configure Linux networks:1, ifconfig command temporary configuration, view network status2. Setup tool Configuration3. Modify configuration file Permanent configuration4, graphical interface configuration (generally not commonly used, the server generally does not install graphical interface) ifconfig View network configuration information generally have eth0 lo two, lo is a loopback address, general view other useful informationtemporarily set the IP address and subnet mask of the eth0, and fail after restarting or resetting the network settings:ifconfig eth0 192.168.1.36 netmask 255.255.255.0Permanent configuration (Redhat series):1, Setup according to the prompt configuration can be configured when DHCP, the input space for *, the configuration * for DHCP, the following IP is not configured, the default is * input space can be canceled *, and then can edit the static IP address, all configuration completed after confirmation and exit2. Then restart the Network service to make the configuration effective (ensure the following configuration file Onboot=yes): Service Network Restartafter reboot, the remote connection tool will be temporarily disconnected when restarting the service, and if there are no other problems, wait a moment to reconnect  Configure IP by modifying the network configuration file (all files under Linux, network settings are also placed in the configuration file):File storage location:/etc/sysconfig/network-scripts/ifcfg-network card name such as Ifcfg-eth0,ifcfg-lo, there are several network cards have several configuration files, network card name through the ifconfig command view using the setup configuration is also written to this fileattribute Explanation:Device=eth0 Configure the NIC file name, the attribute value and file name location must be consistent, the file name is Ifcfg-eth1 device=eth1BOOTPROTO=DHCP configuration is automatically acquired or manually configured, DHCP is automatically acquired, none or static is manually specifiedif set to DHCP the IP address is not configured, otherwise all properties need to be configured manuallyhwaddr=00:0c:29:17:c4:09 Setting the MAC addresswhether the Nm_controlled=yes can be hosted by the Network Manager graphical management toolOnboot=yes Set the network card configuration to start with the Internet service, the recommended setting is yes, or the above settings restart the Network service does not necessarily take effect, set to Yes to start normallytype=ethernet Type is Ethernetuuid=ba72570b-7dbb-487a-b0b7-3af6d53f094a Unique identification code, when installing multiple computer images, you can directly copy the network configuration file, only need to modify the uniqueness of the UUID, if the LAN is the same UUID, And the other configurations are the same, then the computer will not be able to surf
 ipaddr=192.168.1.36 Configuring IP addressesnetmask=255.255.255.0 Configuring the subnet maskgateway=192.168.1.1 Configuring the Gatewaydns1=114.114.114.114 Primary DNS configurationIpv6init=no do not enable IPV6Userctl=no does not allow non-root users to control this network card Host name file:/etc/sysconfig/networkNetworking=yes Start host communication, no is not enabledHOSTNAME can configure host name, server related service configuration, need to configure host nameRestart the computer after you modify the hostname to take effect on the host namehostname test1 Temporarily modifies host name, reboot invalidTherefore, if you do not want to restart, permanently modify the host name, the configuration file +hostname temporary settings, to ensure that the permanent effecthostname command to view the current host namethe host name of the remote shell prompt needs to be reconnected when the login is not updatedDNS configuration file:/etc/resolv.conf If the above network settings are DHCP then you will definitely use the settings hereSearch NET if not full, then auto-complete the set of domain names, where the completion of the full netnameserver 219.147.1.66 Here is the set name server address, which is the address of the DNS server, you can set more than one If the Setup tool can be used, it is recommended to use Setup, the above configuration file modification is a standard configuration, for all Linux generic, only individual Linux file storage location is not the same Virtual Machine Network configuration:1, first use the setup configuration, modify the configuration file Onboot=yes, and then restart the network service2, if you clone more than one virtual machine, you need to modify the network configuration file uuid, modify the method as follows:first delete the network configuration file/etc/sysconfig/network-scripts/ifcfg-eth0, open the file, delete the Hwaddr=mac address line, save exitmanually remove the NIC and MAC address bindings file: Rm-rf/etc/udev/rules.d/70-persistent-net.rulesrestarting the operating systemafter startup, the UUID can be modified successfully, if the CD-ROM manually installed Linux system, the UUID problem is not considered3, Virtual machine settings: Bridge settings, is the virtual machine use and real computer network card for independent IP address configuration, not only can communicate with LAN computer, also can access the external networkNAT setting, using the second virtual connection established by the network settings to assign IP, can access the extranet and communicate with the local computer, but cannot communicate with other computers in the LANhost-only settings, using the network settings of the first virtual connection, can only communicate with the local LAN, and other computers and external network communication, it is recommended to use the bridge, the real network card to communicate. 4. Set up the network card that is connected to the bridgeThe General computer has a local connection and wireless connection two connections, namely the wired network card and wireless network card, depending on the computer connected to the networking environment, so the virtual machine should edit the network Bridge to the wireless network card or the wired network card, configured correctly after the local network to communicate with normal   use Ifconfig to view network card information, including IP, subnet mask, IPV6, etc.Ifdown network card device name disable NICafter disabling, the information cannot be viewed through ifconfig.ifup network card device name enable NIC netstat-t List The status of the TCP protocol network status, currently opennetstat-u List UDP protocol network statusnetstat-tn by IP and port to avoid DNS resolutionNETSTAT-TNL only View all TCP ports that are listeningNETSTAT-TUNL View all listening ports for TCP and UDP, typically view the ports on which the service was startedNetstat-an View all network connection status, including program connections According to the information provided by Netstat, the current server has a total of how many remote connections:Netstat-an | grep establishedCount Server Concurrent connections: Netstat-an | grep established | wc-lList Routing tables: Netstat-rn can view gateways and commands route-n results,-n means to display with IP instead of domain name display, fasterTemporary Modify Gateway: Route add default GW 192.168.0.2 must be and original gateway is the same network segment, not recommended setting, this will cause datagrams to fail, so pass command: Route del default GW 192.168.0.2 Remove the added Gateway Gateway is divided into intranet gateway and extranet gateway, generally through the router to transform, intranet gateway can be set through the computer and router, if there is no extranet gateway, then the router will not know where the datagram should be sent, so the loop retransmission caused the failure, the extranet gateway belongs to the relatively public network, Is the first level of network allocation, is generally operator allocation, so through the extranet gateway, you can transfer data normally nslookup www.baidu.com Use DNS settings to view the IP address of the domain name, you can print the DNS address of the setting and the IP address that the domain name resolves to Enter only nslookup to enter interactive input, then enter server to view the DNS address of the setting (both preferred and standby), enter exit to exit to the original command line Check network connectivity: Ping www.baidu.com (first resolve IP and then test) or ping 114.114.114.114Linux sends ICMP packets to the specified server to count the data in response, but does not stop the detection, some websites prohibit the ping commandPing 192.168.1.2-c 5 Specifies the number of pings Telnet 220.168.0.252 80 can be managed remotely, the most popular is to use the encrypted SSH 22 port shell Shell connection, because Telnet plaintext transmission, so generally do not use, or some servers shut down Port 23 and the Telnet service use Netstat-tuln to view locally connected portsuse Telnet 192.168.1.58 80 to test whether the other computer is on port 80, and many Linux currently have no Telnet command and need to install the Telnet servicetraceroute domain name or IP view to the specified domain name or IP routing node, the essence is to use ping to send the packet, if the display * is a node route prohibit Pingpath is usually a local gateway, extranet gateway, and so on after all the routing, route tracking can generally see network errors, local or operator failure, is one of the common commands in fault detection wget URL Remote download file for specified URLGrab Package Command: tcpdump-i ETH0-NNX port 21 Parameter explanation:-i specifies the network card device,-nn the domain name as an IP address,-x displays the packet contents in 16 binary and ASCII code, port specifies the listening port, such as 21 is the FTP transport port, FTP is also transmitted in plaintext and is not secure.tcpdump-i eth2-nnx Port 8983 >> test.log The capture results can be placed in a log file for easy analysis  symmetric encryption algorithm: Also known as single-key encryption, encryption and decryption using the same key, the middle of the use of ciphertext transmission, the problem: Using the same key, the other side need to know the key, security reduced Asymmetric Encryption: The two sides use public and private keys to communicate, the public key is the lock, the private key is equivalent to the key, using both public key encryption, use the private key can be opened, thereby protecting the security of both sides of the password SSH Secure Shell protocol, is based on asymmetric encryption algorithm encryption, SSH to ensure the security of data transmission, although the transmission process of security but to prevent the poor lifting method to crack or to set high-strength password to improve security; SSH is safe during transmission but cannot be guaranteed at local input , so be aware of the threat of local Trojan virus, so as to improve security; SSH connection before the general to download the public key from the remote server, consent to enter the password to connect, ssh password-free login also need to download the public key and password check the first timecommon public key location to connect other servers is placed in: ~/.ssh/known_hosts, the public key string according to IPIf you need to regenerate the public key, delete the known_hosts corresponding server to re-download the public keySSH IP allows remote access to other servers or SSH [email protected] settings to root user accessSCP local file IP: Server path for uploading files, scp-r local file IP: Server path recursively uploading entire directorydownload the file directly in reverse, for example: Scp-r 192.168.1.32:/usr/app/abc//home/abc/SCP is a secure transfer of files based on SSH protocol, SSH login or SCP transfer files, the host can also be written as: [email protected]: means to log in as username user or transfer files FileZilla or WINSCP are two FTP upload tools, the default FTP protocol uses 21 ports, data plaintext transmission, and need to build FTP file Server VSFTPD service on the server side, so we recommend using the SFTP protocol, SSH encrypted FTP protocol, Only need to download the key once, do not need any server configuration to use using network Remote Data communication mode:Command line remote operation: SSHfile transfer during Linux service: SCP command line, SSH-based CP Operationfile transfer between Windows and Linux servers: SFTP protocol, SSH-based FTP transfer

Linux Network Management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.