route，iptables，/proc/net，netstat，ifconfig，ip，vconfig

最新推荐文章于 2025-04-12 11:11:23 发布

原创最新推荐文章于 2025-04-12 11:11:23 发布 · 3.6k 阅读

1 ·

本内容遵循CC 4.0 BY-SA版权协议

linux Command 专栏收录该内容

76 篇文章

订阅专栏

本文详细介绍了Linux网络管理中常用的几个命令，包括route的路由设置（如-j, -A, -F等选项），iptables的包过滤与NAT管理，/proc/net下的网络状态查看，netstat用于显示网络连接、路由表等信息，ifconfig用于配置网络接口及硬件地址，以及ip和vconfig在创建子接口与虚拟IP方面的应用。通过对这些命令的深入理解，可以更好地管理和维护Linux网络环境。" 116431051,9945396,MATLAB实现人脸五官定位：最大类间方差法,"['图像处理', 'MATLAB', '人脸识别', '图像识别', '算法']

一、route

-j 即jump

-A 即append

-F 刷新，-N新建，-X删除链操作

-D删除

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.25.126.0 * 255.255.255.192 U 0 0 0 vmnet1
135.252.170.0 * 255.255.255.0 U 0 0 0 eth0
135.252.162.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default Bj107306-apac-L 0.0.0.0 UG 0 0 0 eth0

route -A inet6 -n
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:da8:8003:801::/64 :: U 256 1 0 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2001:da8:8003:801::1 UG 1 0 0 eth0
::1/128 :: U 0 124 1 lo
2001:da8:8003:801:202:120:1:2/128 :: U 0 0 1 lo
fe80::20c:29ff:fe0f:aa40/128 :: U 0 0 1 lo
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 eth0

route add -net 1.2.3.4 netmask 255.255.255.0 gw eth0

route add -net 1.2.3.4 netmask 255.255.255.0 dev eth0

route del -net 1.2.3.4 netmask 255.255.255.0 dev eth0

route add -host 1.2.3.4 dev eth0

二、iptables - administration tool for IPv4 packet filtering and NAT

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined.
Each table contains a number of built-in chains and may also contain user-defined chains.
Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a 'target',
which may be a jump to a user-defined chain in the same table.

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug prefix `TOMCASE filtering: '
REJECT udp -- anywhere anywhere udp dpt:sunrpc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:sunrpc reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

另一个例子：

Chain INPUT (policy ACCEPT)
target prot opt source destination
anzi all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain anzi(1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.25.126.13 tcp dpt:10636
ACCEPT tcp -- anywhere 172.25.126.13 tcp dpt:10389
REJECT tcp -- anywhere anywhere tcp dpt:10636 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:10389 reject-with icmp-port-unreachable

三、/proc/net

/proc/net/dev -- device information
/proc/net/raw -- raw socket information
/proc/net/tcp -- TCP socket information
/proc/net/udp -- UDP socket information
/proc/net/igmp -- IGMP multicast information
/proc/net/unix -- Unix domain socket information
/proc/net/ipx -- IPX socket information
/proc/net/ax25 -- AX25 socket information
/proc/net/appletalk -- DDP (appletalk) socket information
/proc/net/nr -- NET/ROM socket information
/proc/net/route -- IP routing information
/proc/net/ax25_route -- AX25 routing information
/proc/net/ipx_route -- IPX routing information
/proc/net/nr_nodes -- NET/ROM nodelist
/proc/net/nr_neigh -- NET/ROM neighbours
/proc/net/ip_masquerade -- masqueraded connections
/proc/net/snmp -- statistics

cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo:617075702 2349438 0 0 0 0 0 0 617075702 2349438 0 0 0 0 0 0
eth0:843520553 99286271 0 47 0 157 0 10830 1364790247 117876284 0 0 0 0 0 0
eth1:306035826 4763093 0 0 0 0 0 514 12640 101 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
vmnet1: 0 9492760 0 0 0 0 0 0 0 11758473 0 0 0 0 0 0

cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
vmnet1 007E19AC 00000000 0001 0 0 0 C0FFFFFF 0 0 0
eth0 00AAFC87 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 00A2FC87 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
eth0 00000000 01AAFC87 0003 0 0 0 00000000 0 0 0

四、netstat

查看端口信息 a 所有 n数字显示 t tcp协议 u udp协议

--interface=iface , -i
Display a table of all network interfaces, or the specified iface).

--numeric , -n
Show numerical addresses instead of trying to determine symbolic host, port or user names.

--route , -r
Display the kernel routing tables.

-a, --all
Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not marked

-p, --program
Show the PID and name of the program to which each socket belongs.

netstat -i 显示接口信息。
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 99296530 0 47 0 117892833 0 0 0 BMRU
eth1 1500 0 4764293 0 0 0 101 0 0 0 BMRU
lo 16436 0 2349618 0 0 0 2349618 0 0 0 LRU
vmnet1 1500 0 9495807 0 0 0 11758733 0 0 0 BMRU

netstat -r 和route等价。
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.25.126.0 * 255.255.255.192 U 0 0 0 vmnet1
135.252.170.0 * 255.255.255.0 U 0 0 0 eth0
135.252.162.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default Bj107306-apac-L 0.0.0.0 UG 0 0 0 eth0

netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN 3187/xinetd

tcp 0 1 ::ffff:135.252.170.19:40040 ::ffff:135.252.182.15:13346 SYN_SENT 21216/java

udp 0 0 0.0.0.0:7 0.0.0.0:* 3187/xinetd
udp 0 0 172.25.126.1:137 0.0.0.0:* 3673/nmbd
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 6568 2936/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 10177 3658/xfs /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 7197 3175/cupsd /var/run/cups/cups.sock

unix 3 [ ] STREAM CONNECTED 75192261 9296/Xvnc /tmp/.X11-unix/X2
unix 3 [ ] STREAM CONNECTED 75192260 19672/java

五、ifconfig

缺省只显示active的网络接口；-a显示全部。

ifconfig [interface]
ifconfig interface [aftype] options | address ...

option的可能：

up
down
[-]arp Enable or disable the use of the ARP protocol on this interface.
hw class address 设置硬件地址，如MAC地址

Set the hardware address of this interface, if the device driver supports this operation.
The keyword must be followed by the name of the hardware class and the printable ASCII
equivalent of the hardware address. Hardware classes currently supported include ether
(Ethernet), ax25 (AMPR AX.25), ARCnet and netrom (AMPR NET/ROM).

举例：

Ifconfig eth1 192.168.1.252 hw ether 04:64:03:00:12:51 netmask 255.255.255.0 broadcast 192.168.1.255 up
ifconfig eth1 hw ether 04:64:03:00:12:51
ifconfig eth1 192.168.1.252 netmask 255.255.255.0 broadcast 192.168.1.255 up
虚拟IP: ifconfig eth0:1 192.168.0.1 netmask 255.255.255.0

ifconfig eth2 inet6 add/del 2001::20c:29ff:fe0f:aa4a/64 ---------- 添加或删除IPv6地址！

ifconfig eth1 192.168.1.252 netmask 255.255.255.0 -------------- 添加IPv4地址！

ip addr del 192.168.0.1/24 dev eth0:1 ---------------------------------- 删除IPv4地址！