Linux (Radhat) Basic Learning-network management

1.ip Fundamentals 1. What is IP? (Internet Protocol)

网络之间互连的协议（IP）是Internet Protocol的外语缩写，中文缩写为“网协”.网络之间互连的协议也就是为计算机网络相互连接进行通信而设计的协议。在因特网中，它是能使连接到网上的所有计算机网络实现相互通信的一套规则，规定了计算机在因特网上进行通信时应当遵守的规则。任何厂家生产的计算机系统，只要遵守IP协议就可以与因特网互连互通。IP地址具有唯一性，根据用户性质的不同，可以分为5类。另外，IP还有进入防护，知识产权，指针寄存器等含义。

2. What is an IP address? (Internet Protocol Address)

(1).IP地址是一个32位的二进制数，通常被分割为4个“8位二进制数”（也就是4个字节）。IP地址通常用“点分十进制”表示成（a.b.c.d）的形式，其中，a,b,c,d都是0~255之间的十进制整数。例：点分十进IP地址（100.4.5.6），实际上是32位二进制数（01100100.00000100.00000101.00000110）。(2).IP地址（英语：Internet Protocol Address）是一种在Internet上的给主机编址的方式，也称为网络协议地址。常见的IP地址，分为IPv4与IPv6两大类。(3).IP地址编址方案：IP地址编址方案将IP地址空间划分为A、B、C、D、E五类，其中A、B、C是基本类，D、E类作为多播和保留使用。(4).IPV4就是有4段数字，每一段最大不超过255。由于互联网的蓬勃发展，IP位址的需求量愈来愈大，使得IP位址的发放愈趋严格，各项资料显示全球IPv4位址可能在2005至2010年间全部发完(实际情况是在2011年2月3日IPv4位地址分配完毕）。(5).地址空间的不足必将妨碍互联网的进一步发展。为了扩大地址空间，拟通过IPv6重新定义地址空间。IPv6采用128位地址长度。在IPv6的设计过程中除了一劳永逸地解决了地址短缺问题以外，还考虑了在IPv4中解决不好的其它问题。

IPv4:

2进制32位-----10进制4段11111110.11111110.11111110.11111110 = 254.254.254.254ip分网络位和主机位

3. Subnet Mask:

(1).是用来区分网络区域，网络位和主即位(2).子网奄码非0的位对应ip上的数字表示这个Ip的网络位(3).子网奄码的0位对应数字是IP的主即位(4).网络位表示网络区域(5).主机位表示网络区域李的某台主机

4.IP Communication decision

The network bit is consistent, the host bit is inconsistent 2 IP can communicate directly
172.25.254.1/24 = 24 x 1 = 3 255 = 255.255.255.0 (first three segment consistent this IP can communicate directly with it)
172.25.254.2/24
172.25.0.1/16 = 16 x 1 = 2 x 255 = 255.255.0.0

4. Network Settings tool

    ping        检测网络是否通畅    ifconfig    查看网络接口    ifconfig device ip/掩码           临时设定ip    eg：ifconfig etho 172.25.254.100/24    ifconfig device up/down     开启/关闭网卡 eg：ifconfig eth0 down       ifconfig eth0 up        ip addr show    查看或网络接口    ip addr add 172.25.254.100/24 dev eth0  在没有IP时临时设定IP    ip addr 一般用来查看网络接口。

Note:The name of the device is a physical fact that exists and is not available.

5. Set IP

1. Graphical interface Setting IP

nm-connection-editornm = NetworkManager 记录网络状态

PS: To use this command to modify the set of IP, you need to do the following to update the IP
Systemctl Stop NetworkManager
Systemctl Restart Network
Systemctl Start NetworkManager

2. Text graphical interface settings
Nmtui
TAB Move Options

1.选择“edit a connection"进入下一步2.删除存在的 Ethernet 再选择"Add"3.选择“Ethernet” 进入下一步4.profile name 随便写，Device只能写存在的网卡，一般为"eth0"5.选择ipv4 的Automatic  选择manual  选择 show 输入ip/奄码（如172.25.254.157/24）6.ok

Both of these methods are permanently set IP

6. Command mode setting

1.NMCLI command

nmcli device connect eth0       启用eth0网卡nmcli device disconnect eth0        关闭nmcli device show eth0           查看eth0网卡信息nmcli device status eth0       查看eth0网卡服务

2. Add a static network:

nmcli connection add type ethernet con-name 连接名字 ifname 网卡名 ip4 ip/掩码        con-name：连接名字（如westos，自己随意命名）     ifname： 网卡名（不能自己命名，一般为eth0）

3. Add a dynamic network:

nmcli connection add type ethernet con-name 连接名称  ifname 网卡名字  autoconnect yes  #添加dhcp网络

4. Delete the network:

nmcli connection delete westos                          删除westos链接（等同于图形界面的删除已设定的IP）

5. Modify the network:

nmcli connection modify "westos" ipv4.addresses newip/24             #改变wetos的ipnmcli connection modify "westos" ipv4.method <auto|manual>          

6. Other commands:

nmcli connection show               显示所有网络链接nmcli connection down westos            关闭指定链接nmcli connection up westos                  开启指定链接

7. File Mode setting IP

Naming rules for network configuration files:
IFCFG-XXXX (xxxx arbitrary name, but generally with the NIC name or interface name, such as the NIC Eth0 interface file Ifcfg-eth0)

Edit file: Vim/etc/sysconfig/network-scripts/ifcfg-eth0
Write in File:

DEVICE=xxxx         ##设备名称BOOTPROTO=dhcp|static|none  ##设备工作方式（dhcp：动态 static和none:都是静态）ONBOOT=yes          ##网络服务开启时自动激活IPADDR= ip      ##设定静态网络此处填设定的ip，设定动态网络此行不需要写PREFIX=24           ##掩码（设定动态网络不需要写掩码）NETMASSK=255.255.255.0      #掩码（掩码第二种写法）NAME=               ##设置接口名字（可以不用写，系统自己命名）

Save exit and restart Network Service

Example: DHCP dynamic network settings

Vim/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0     ##接口使用设备BOOTPROTO=dhcp      ##网卡工作模式（动态，则不用写ip及掩码）ONBOOT=yes      ##网络服务开启时自动激活NAME=eth0       ##网络接口名称

Restart Web service: Systemctl Restart Network

Example: Static|none static network Settings

Static, none sets the device to work statically, choose one
Vim/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0          ##设备BOOTPROTO=none       ##设备工作方式ONBOOT=yes           ##开启网络服务激活设备NAME=eth0            ##网络接口名称IPADDR=172.25.254.157         ##IPNETMASK=255.255.255.0 | PREFIX=24 ##子网掩码

Restart Web service: Systemctl Restart Network

One NIC configures multiple IPs:

Vim/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0          BOOTPROTO=none       ONBOOT=yes           NAME=eth0            IPADDR0=第一个IPNETMASK0=第一个ip的掩码IPADDR1=第二个IPNETMSK1=第二个ip的掩码...

(in the file for specification, the subnet mask is written either entirely netmask or all prefix)
Restart Web service: Systemctl Restart Network

View of multiple IPs: IP addr Show eth0

8.lo Loopback Interface

The loopback interface----------human-like nerves.
The IP of each loopback interface is 127.0.0.1, the IP used to communicate between the internal services of the system
Do not modify the loopback interface, otherwise there will be an error inside the system.

2.gateway Gateway

1. Routers

主要功能是用来作nat的nat：网络地址转换，分为两类    (1).dnat    目的地地址转换    (2).snat    源地址转换

2. Gateways
When connecting to a router, the IP on the router and the connecting device in the same network segment is called the Gateway for this device

3. Turn the real host into a router
(1).

systemctl stop libvirtd ##先关闭libvirt放防止防火墙重启失败。systemctl restart firewalld ##重启火墙systemctl start libvirtd

(2).

firewall-cmd --permanent --add-masquerade     ##开启地址伪装firewall-cmd --reload       ##重新加载服务

(3).

执行命令：firewall-cmd --list-all

Command output:

public (active)    target: default    icmp-block-inversion: no    interfaces: br0 enp0s25 wlp3s0    sources:     services: dhcpv6-client ssh    ports:     protocols:     masquerade: yes    ##yes表示地址伪装已经开启    forward-ports:     sourceports:     icmp-blocks:     

3. Set the gateway for the virtual machine

systemctl stop  NetwrokManager  ##此服务会干扰以下操作的设定，建议关闭。

Method One: Set the global Gateway (valid for all NICs that do not have a gateway set)

编辑文件：vim /etc/sysconfig/network添加内容：GATEWAY=网关ip

Ystemctl Restart Netwrok

Method Two: Single NIC interface setting gateway

编辑文件：vim /etc/sysconfig/network-scripts/ifcfg-xxxx   ##网卡配置文件 添加内容：GATEWAY=网关ip    **当网卡中设定的IP有多个时，指定对其中某一个生效：**eg：GATEWAY0=网关ip        ##对第一个IP生效

Systemctl Restart Netwrok

4. Querying the Gateway

route -n

Display effect: (Gateway IP is available under Gateway, not 0.0.0.0)
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
0.0.0.0 172.25.0.254 0.0.0.0 UG 0 0 0 eth0
172.25.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

3.dns1.dns (Domain name resolution Service)

(1). DNS (domain Name System), a distributed database of domain names and IP addresses that are mapped to each other on the World Wide Web, makes it easier for users to access the Internet without remembering the number of IP strings that can be read directly by the machine. Through the domain name, the process of obtaining the IP address of the domain name is called Domain name resolution (or hostname resolution). The DNS protocol runs on top of the UDP protocol, using the port number 53.
(2). Each IP address can have a host name, which consists of one or more strings separated by a decimal point. With the hostname, do not memorize each IP device IP address, just remember the relative intuitive meaningful host name on the line. This is the function of the DNS protocol.
(3). Host name-to-IP-address mappings are available in two ways:
< static mapping, each device is configured with host-to-IP address mapping, each device independently maintains its own mapping table, and only for the use of this device;
< dynamic mapping, set up a set of domain Name resolution system (DNS), only on the dedicated DNS server to configure the host-to-IP address mapping, the network needs to use host name communication device, first need to DNS server to query the host's corresponding IP address. [1
The process of obtaining the IP address of the host name through the hostname is called Domain name resolution (or hostname resolution). In resolving the domain name, you can first use static domain name resolution method, if the static domain name resolution is not successful, then use dynamic Domain name resolution method. You can put some common domain names into the static Domain name resolution table, which can greatly improve the efficiency of domain name resolution.

Domain Name resolution
/etc/hosts Local parsing file
/etc/resolv.conf DNS pointing to files
/etc/nsswitch.conf determining the priority of DNS resolution

2. Local parsing file

Vim/etc/hosts
IP host name (domain name)

2.dns parsing of the pointing file

---> Temporary (restart the service after the file Lee's DNS IP will be changed)
Vim/etc/resolv.conf
NameServer DNS server IP (114.114.114.114) Ask this IP when you need an IP address for a domain name

---> Permanent
vim/etc/sysconfig/network-scripts/ifcfg-NIC configuration file
dns1=114.114.114.114 (this IP points to a DNS server)

(When network operating mode is DHCP, the system automatically obtains the IP gateway DNS
Then/etc/resolv.conf will be getting the information modified
If you do not need to obtain DNS information, append: Preedns=no in the network card configuration file)

3. Set priority for Domain name resolution

System default:
/etc/hosts >/etc/resolv.conf
Local resolution takes precedence over DNS service resolution

You can modify the setting priority vim/etc/nsswitch.conf

#hosts: DB Files Nisplus NIS DNS
Hosts:files DNS # #files代表本地解析文件, DNS on behalf of the DNS server, that priority in the front

This three file is changed to take effect without restarting the service

Test priority: In the local file to the domain name with another IP, and then ping the domain name, the IP to see which one can be judged.

###############################################
Virtual machine ping does not pass:
Remove the configured IP reconfiguration
Virtual function ping with the real machine but Ping does not pass the extranet:
Firewall on (IP address spoofing enabled)
Real machine Reload Nic: Virt-manager
If it still doesn't work,
Real machine execution: sysctl-a | grep Ip_forward
Net.ipv4.ip_forward = 0
NET.IPV4.IP_FORWARD_USE_PMTU = 0
That way, vim/etc/sysctl.conf.
File added: net.ipv4.ip_forward=1
Sysctl-p Restart the service. So that the value after this is 1 when viewed
################################################

All network management-related commands can be found in the file/usr/share/doc/initscripts-x.x.xx this file

Configuration of the 4.DHCP service

1. On the real machine, after resetting the two virtual machines, set the NIC IP for the DHCP server host servers and restart the network service for it to take effect.
2. Edit file: Vim/etc/yum.repos.d/rhel_dvd.repo
Line 5th: BaseURL = HTTP://172.25.254.250/RHEL7 connection to Red Hat's software warehouse

3.yum repolist list Look at the currently manageable software listing (if the previous step points to an error, it will output a large segment of Erro)
Yum Clean all clears the software list
Yum repolist get software list

4. Install the DHCP service software: Yum install dhcp-y

5. Switch Directories:
Cd/etc/dhcp
View files: Vim ddhcpd.conf
Copy a file directory/usr/share/doc/dhcp*/dhcpd.conf.example in the file to/etc/dhcp/ddhcpd.conf
6. Edit file: Vim ddhcpd.conf
A. Delete all content after 35 lines
B. Delete 27, 28 rows
C. Set the subnet, IP address pool (assigned IP range), gateway (here because the real machine as a router, all the real IP as the gateway)

7. Restart the DHCP service: systemctl restart DHCPD
Shutting down the firewall of the server server: Systemctl stop FIREWALLD

8. Test:
Restart the network service at the test machine (here is the desktop virtual machine): Systemctl restart
Execute the command ifconfig view the assigned IP, Gateway. In the log, you can see the DNS domain name, IP address assigned to the IP. On the DNS server side,/var/lib/dhcpd/dhcpd.leases this file specifically records the DHCP assigned IP situation.

This completes the setup.

[Email protected] dhcp]# systemctl start DHCPD
[Email protected] dhcp]# systemctl status DHCPD
Dhcpd.service-dhcpv4 Server Daemon
loaded:loaded (/usr/lib/systemd/system/dhcpd.service; disabled)
Active:active (running) since Thu 2017-11-02 11:34:44 CST; 3s ago
DOCS:MAN:DHCPD (8)
Man:dhcpd.conf (5)
Main pid:3024 (DHCPD)

Virtual Machine Internet access
Add firewall policy to hosts that can connect to the network
Firewall-cmd--permanent--add-masquerade
Firewall-cmd--permanent--add-rich-rule= ' rule family=ipv4 source address=172.20.10.2 Masquerade '
The address added within the rule is the IP address that we can connect to the network to get
Wlp3s0:inet 172.20.10.2
Firewall-cmd--reload

Virtual machines
Vim/etc/resolv.conf
NameServer 172.20.10.1 Real-computer connection to the network gets to the DNS
Vim/etc/sysconfig/network
gateway=172.25.254.250 which host to connect to the network

Linux (Radhat) Basic Learning-network management