1、网卡IP

使用ifconfig和ip add命令查看网卡IP。

[root@server01~]#ifconfig##查看网卡IP，如果不支持，需要安装net-tools
ens33:flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500
inet192.168.137.100netmask255.255.255.0broadcast192.168.137.255
inet6fe80::c1d7:5856:9856:2bb8prefixlen64scopeid0x20<link>
ether00:0c:29:0c:4d:a8txqueuelen1000(Ethernet)
RXpackets34093bytes19129820(18.2MiB)
RXerrors0dropped0overruns0frame0
TXpackets2629771bytes3934887034(3.6GiB)
TXerrors0dropped0overruns0carrier0collisions0

lo:flags=73<UP,LOOPBACK,RUNNING>mtu65536
inet127.0.0.1netmask255.0.0.0
inet6::1prefixlen128scopeid0x10<host>
looptxqueuelen1(LocalLoopback)
RXpackets76bytes6204(6.0KiB)
RXerrors0dropped0overruns0frame0
TXpackets76bytes6204(6.0KiB)
TXerrors0dropped0overruns0carrier0collisions0

[root@server01~]#ifconfig-a##查看所有网卡IP
ens33:flags=4163<UP,MULTICAST>mtu1500
inet192.168.137.100netmask255.255.255.0broadcast192.168.137.255
inet6fe80::c1d7:5856:9856:2bb8prefixlen64scopeid0x20<link>
ether00:0c:29:0c:4d:a8txqueuelen1000(Ethernet)
RXpackets34104bytes19130770(18.2MiB)
RXerrors0dropped0overruns0frame0
TXpackets2629778bytes3934888746(3.6GiB)
TXerrors0dropped0overruns0carrier0collisions0

lo:flags=73<UP,RUNNING>mtu65536
inet127.0.0.1netmask255.0.0.0
inet6::1prefixlen128scopeid0x10<host>
looptxqueuelen1(LocalLoopback)
RXpackets76bytes6204(6.0KiB)
RXerrors0dropped0overruns0frame0
TXpackets76bytes6204(6.0KiB)
TXerrors0dropped0overruns0carrier0collisions0

[root@server01~]#ipadd
1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNqlen1
link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
inet127.0.0.1/8scopehostlo
valid_lftforeverpreferred_lftforever
inet6::1/128scopehost
valid_lftforeverpreferred_lftforever
2:ens33:<BROADCAST,MULTICAST,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000
link/ether00:0c:29:0c:4d:a8brdff:ff:ff:ff:ff:ff
inet192.168.137.100/24brd192.168.137.255scopeglobalens33
valid_lftforeverpreferred_lftforever
inet6fe80::c1d7:5856:9856:2bb8/64scopelink
valid_lftforeverpreferred_lftforever

如果要附加一个地址，可以设定虚拟网卡ens33:1。然后使用ifdown ens33/ifup ens33命令重新启动网卡，使配置生效。

[root@server01~]#mii-toolens33##查看网卡连接状态
ens33:negotiated1000baseT-FDflow-control,linkok
[root@server01~]#ethtoolens33##查看网卡连接状态
Settingsforens33:
Supportedports:[TP]
Supportedlinkmodes:10baseT/Half10baseT/Full
100baseT/Half100baseT/Full
1000baseT/Full
Supportedpauseframeuse:No
Supportsauto-negotiation:Yes
Advertisedlinkmodes:10baseT/Half10baseT/Full
100baseT/Half100baseT/Full
1000baseT/Full
Advertisedpauseframeuse:No
Advertisedauto-negotiation:Yes
Speed:1000Mb/s
Duplex:Full
Port:TwistedPair
PHYAD:0
Transceiver:internal
Auto-negotiation:on
MDI-X:off(auto)
SupportsWake-on:d
Wake-on:d
Currentmessagelevel:0x00000007(7)
drvprobelink
Linkdetected:yes##该行“yes”表示网卡连接正常

2、DNS

[root@server01~]#hostnamectlset-hostnamejuispan##更改主机名
[root@server01~]#bash
[root@juispan~]#
[root@server01~]#cat/etc/resolv.conf##DNS的配置文件
#GeneratedbyNetworkManager
nameserver114.114.114.114##使用nameserver定义DNS，可以写多个DNS
[root@server01~]#
[root@server01~]#cat/etc/hosts##本地hosts文件，IP和域名映射
127.0.0.1localhostlocalhost.localdomainlocalhost4localhost4.localdomain4
::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain6
##一个IP能对应多个域名，一个域名对应一个IP；
##域名对应IP，以最后的映射为准。

3、防火墙

[root@server01~]#setenforce0##临时关闭selinux
[root@server01~]#getenforce##查看selinux状态
Permissive
[root@server01~]#cat/etc/selinux/config##selinux配置文件

#ThisfilecontrolsthestateofSELinuxonthesystem.
#SELINUX=cantakeoneofthesethreevalues:
#enforcing-SELinuxsecuritypolicyisenforced.
#permissive-SELinuxprintswarningsinsteadofenforcing.
#disabled-NoSELinuxpolicyisloaded.
SELINUX=enforcing##改成disabled可以永久关闭
#SELINUXTYPE=cantakeoneofthreetwovalues:
#targeted-Targetedprocessesareprotected,#minimum-Modificationoftargetedpolicy.Onlyselectedprocessesareprotected.
#mls-MultiLevelSecurityprotection.
SELINUXTYPE=targeted

在CentOS 7之前使用netfilter防火墙；CentOS 7开始使用firewalld防火墙。CentOS 7默认采用的是firewalld管理netfilter子系统，底层调用的仍然是iptables命令。不同的防火墙软件相互间存在冲突，使用某个时应禁用其他的。

�关闭firewalld开启netfilter：

[root@server01~]#systemctlstopfirewalld
[root@server01~]#systemctldisablefirewalld
Removedsymlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removedsymlink/etc/systemd/system/basic.target.wants/firewalld.service.
[root@server01~]#yuminstall-yiptables-services
......
已安装:
iptables-services.x86_640:1.4.21-17.el7

完毕！
[root@server01~]#systemctlenableiptables
Createdsymlinkfrom/etc/systemd/system/basic.target.wants/iptables.serviceto/usr/lib/systemd/system/iptables.service.
[root@server01~]#systemctlstartiptables

4、Netfilter

�Netfilter有5张表：

filter:
Thisisthedefaulttable(ifno-toptionispassed).Itcontainsthebuilt-inchainsINPUT(forpacketsdestinedtolocalsockets),FORWARD(forpacketsbeingroutedthroughtheBox),andOUTPUT(forlocally-generatedpackets).
##filter表用于过滤包，是最常用的表，有INPUT、FORWARD、OUTPUT三个链。
nat:
Thistableisconsultedwhenapacketthatcreatesanewconnectionisencountered.Itconsistsofthreebuilt-ins:PREROUTING(foralteringpacketsassoonastheycomein),OUTPUT(foralteringlocally-generatedpacketsbeforerouting),andPOSTROUTING(foralteringpacketsastheyareabouttogoout).IPv6NATsupportisavailablesincekernel3.7.
##nat表用于网络地址转换，有PREROUTING、OUTPUT、POSTROUTING三个链。
mangle:
Thistableisusedforspecializedpacketalteration.Untilkernel2.4.17ithadtwobuilt-inchains:PREROUTING(foralteringincomingpacketsbeforerouting)andOUTPUT(foralteringlocally-generatedpacketsbeforerouting).Sincekernel2.4.18,threeotherbuilt-inchainsarealsosupported:INPUT(forpacketscomingintotheBoxitself),FORWARD(foralteringpacketsbeingroutedthroughtheBox),andPOSTROUTING(foralteringpacketsastheyareabouttogoout).
##managle表用于给数据包做标记，几乎用不到。
raw:
ThistableisusedmainlyforconfiguringexemptionsfromconnectiontrackingincombinationwiththeNOTRACKtarget.Itregistersatthenet�\filterhookswithhigherpriorityandisthuscalledbeforeip_conntrack,oranyotherIPtables.Itprovidesthefollowingbuilt-inchains:PREROUTING(forpacketsarrivingviaanynetworkinterface)OUTPUT(forpacketsgeneratedbylocalprocesses)
##raw表可以实现不追踪某些数据包，几乎用不到。
security:
ThistableisusedforMandatoryAccessControl(MAC)networkingrules,suchasthoseenabledbytheSECMARKandCONNSECMARKtargets.MandatoryAccessControlisimplementedbyLinuxSecurityModulessuchasSELinux.Thesecuritytableiscalledafterthefiltertable,allowinganyDis�\cretionaryAccessControl(DAC)rulesinthefiltertabletotakeeffectbeforeMACrules.Thistableprovidesthefollowingbuilt-inchains:INPUT(forpacketscomingintotheBoxitself),andFORWARD(foralteringpacketsbeingroutedthroughtheBox).
##security表在CentOS6中并没有，用于强制访问控制（MAC）的网络规则，几乎用不到。