LPIC201/202 あずき本 ch6 ネットワーク (2/2)

LPIC201勉強メモ資格勉強

出典: 

6.2 高度なネットワークの設定と問題解決

6.2.1 ネットワーク関連ファイル

  • ifconfigip,routeでも設定を行うことはできるが、揮発性
  • 永続化するには/etc/の各種ファイルに記述する

/etc/hostname

[wand@lpic2-study-1 ~]$ cat /etc/hostname
lpic2-study-1

/etc/hosts

小規模な名前解決

cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.146.0.4 lpic2-study-1.asia-northeast1-b.c.lpic2-study.internal lpic2-study-1  # Added by Google
169.254.169.254 metadata.google.internal  # Added by Google

普段遣いのUbuntu18.04 on WSL2環境のやつ

# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateHosts = false
127.0.0.1	localhost
127.0.1.1	DESKTOP-2PJLLS0.localdomain	DESKTOP-2PJLLS0
192.168.3.5	host.docker.internal
192.168.3.5	gateway.docker.internal
127.0.0.1	kubernetes.docker.internal

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/networks

ネットワークのアドレスを記述する

cat /etc/networks
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0

A,B,Cクラスフル。/28とかはサポートされない

/etc/nsswitch.conf

名前解決をする際の問い合わせ順を記述する

cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	sss			Use sssd (System Security Services Daemon)
#	[NOTFOUND=return]	Stop searching if not found so far
#
# WARNING: Running nscd with a secondary caching service like sssd may lead to
# 	   unexpected behaviour, especially with how long entries are cached.

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files sss

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   nisplus sss

publickey:  nisplus

automount:  files nisplus sss
aliases:    files nisplus

書式

# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	sss			Use sssd (System Security Services Daemon)
#	[NOTFOUND=return]	Stop searching if not found so far
  • files: /etc/hosts
  • nis: Network Information Service
  • dns: DNS
  • ldap: LDAP

など

/etc/resolv.conf

問い合わせ先のDNSサーバ

man: https://linuxjm.osdn.jp/html/LDP_man-pages/man5/resolv.conf.5.html

cat /etc/resolv.conf
# Generated by NetworkManager
search asia-northeast1-b.c.lpic2-study.internal c.lpic2-study.internal google.internal
nameserver 169.254.169.254

書式

  • domain: ホストが属するローカルドメイン名記述
  • search: domainの複数版

    • domainとは排他
    • 上記の例で ping wwwすると www.asia-northeast1-b.c.lpic2-study.internal, c.lpic2-study.internal, google.internalの名前解決を試みる
  • nameserver: 1.1.1.1とか8.8.8.8とか指定するやつ

    • 複数指定するときは1行ずつ

/etc/sysconfig/network

up/down, ホスト名、デフォゲ等設定記述

cat /etc/sysconfig/network
# Created by anaconda

CentOS7/RHEL7などではnmcliで設定推奨

nmcli
eth0: connected to System eth0
	"Red Hat Virtio"
	ethernet (virtio_net), 42:01:0A:92:00:04, hw, mtu 1460
	ip4 default
	inet4 10.146.0.4/32
	route4 10.146.0.1/32
	route4 0.0.0.0/0
	route4 10.146.0.4/32
	inet6 fe80::4001:aff:fe92:4/64
	route6 fe80::/64
	route6 ff00::/8

lo: unmanaged
	"lo"
	loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
	servers: 169.254.169.254
	domains: asia-northeast1-b.c.lpic2-study.internal c.lpic2-study.internal google.internal
	interface: eth0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.

/etc/sysconfig/network-scripts/

Red Hat系ディストロでネットワークインタフェースの設定が置かれているディレクトリ

ls -lF /etc/sysconfig/network-scripts/
total 232
-rw-r--r--. 1 root root   205 Nov 10 18:10 ifcfg-eth0
-rw-r--r--. 1 root root   254 Nov 10 18:10 ifcfg-lo
lrwxrwxrwx. 1 root root    24 Nov 10 18:06 ifdown -> ../../../usr/sbin/ifdown*
-rwxr-xr-x. 1 root root  1621 Dec  9  2018 ifdown-Team*
-rwxr-xr-x. 1 root root  1556 Dec  9  2018 ifdown-TeamPort*
-rwxr-xr-x. 1 root root   654 Aug 19  2019 ifdown-bnep*
-rwxr-xr-x. 1 root root  6532 Aug 19  2019 ifdown-eth*
-rwxr-xr-x. 1 root root   781 Aug 19  2019 ifdown-ippp*
-rwxr-xr-x. 1 root root  4540 Aug 19  2019 ifdown-ipv6*
lrwxrwxrwx. 1 root root    11 Nov 10 18:06 ifdown-isdn -> ifdown-ippp*
-rwxr-xr-x. 1 root root  2130 Aug 19  2019 ifdown-post*
-rwxr-xr-x. 1 root root  1068 Aug 19  2019 ifdown-ppp*
-rwxr-xr-x. 1 root root   870 Aug 19  2019 ifdown-routes*
-rwxr-xr-x. 1 root root  1456 Aug 19  2019 ifdown-sit*
-rwxr-xr-x. 1 root root  1462 Aug 19  2019 ifdown-tunnel*
lrwxrwxrwx. 1 root root    22 Nov 10 18:06 ifup -> ../../../usr/sbin/ifup*
-rwxr-xr-x. 1 root root  1755 Dec  9  2018 ifup-Team*
-rwxr-xr-x. 1 root root  1876 Dec  9  2018 ifup-TeamPort*
-rwxr-xr-x. 1 root root 12415 Aug 19  2019 ifup-aliases*
-rwxr-xr-x. 1 root root   910 Aug 19  2019 ifup-bnep*
-rwxr-xr-x. 1 root root 13574 Aug 19  2019 ifup-eth*
-rwxr-xr-x. 1 root root 12075 Aug 19  2019 ifup-ippp*
-rwxr-xr-x. 1 root root 11893 Aug 19  2019 ifup-ipv6*
lrwxrwxrwx. 1 root root     9 Nov 10 18:06 ifup-isdn -> ifup-ippp*
-rwxr-xr-x. 1 root root   650 Aug 19  2019 ifup-plip*
-rwxr-xr-x. 1 root root  1064 Aug 19  2019 ifup-plusb*
-rwxr-xr-x. 1 root root  4997 Aug 19  2019 ifup-post*
-rwxr-xr-x. 1 root root  4154 Aug 19  2019 ifup-ppp*
-rwxr-xr-x. 1 root root  2001 Aug 19  2019 ifup-routes*
-rwxr-xr-x. 1 root root  3303 Aug 19  2019 ifup-sit*
-rwxr-xr-x. 1 root root  2780 Aug 19  2019 ifup-tunnel*
-rwxr-xr-x. 1 root root  1836 Aug 19  2019 ifup-wireless*
-rwxr-xr-x. 1 root root  5419 Aug 19  2019 init.ipv6-global*
-rw-r--r--. 1 root root 20678 Aug 19  2019 network-functions
-rw-r--r--. 1 root root 31027 Aug 19  2019 network-functions-ipv6
cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by parse-kickstart
IPV6INIT="no"
DHCP_HOSTNAME="localhost"
BOOTPROTO="dhcp"
DEVICE="eth0"
ONBOOT="yes"
UUID="dc63451f-28c0-45e0-99c3-30e97939fb92"
MTU=1460
PERSISTENT_DHCLIENT="y"
IPV6INIT=yes

/etc/network/

ls -lF /etc/network/
total 24
-rw-r--r-- 1 root root 1463 Sep  9  2019 fan
drwxr-xr-x 2 root root 4096 Sep  9  2019 if-down.d/
drwxr-xr-x 2 root root 4096 Sep  9  2019 if-post-down.d/
drwxr-xr-x 2 root root 4096 Sep  9  2019 if-pre-up.d/
drwxr-xr-x 2 root root 4096 Sep  9  2019 if-up.d/
-rw-r--r-- 1 root root  190 May 21  2019 interfaces

Ubuntu18.04ではすでにリプレースされてた

cat /etc/network/interfaces
# ifupdown has been replaced by netplan(5) on this system.  See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
#    sudo apt install ifupdown

16.10からnetplanというのが使われるようになったらしい

ls -lF /etc/netplan
total 0

yamlでネットワークインタフェースの設定を記述するらしい

/etc/hosts.allow, /etc/hosts.deny

cat /etc/hosts.allow
#
# hosts.allow	This file contains access rules which are used to
#		allow or deny connections to network services that
#		either use the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#
cat /etc/hosts.deny
#
# hosts.deny	This file contains access rules which are used to
#		deny connections to network services that either use
#		the tcp_wrappers library or that have been
#		started through a tcp_wrappers-enabled xinetd.
#
#		The rules in this file can also be set up in
#		/etc/hosts.allow with a 'deny' option instead.
#
#		See 'man 5 hosts_options' and 'man 5 hosts_access'
#		for information on rule syntax.
#		See 'man tcpd' for information on tcp_wrappers
#

サービスとホストベースのACLを設定できる

in.telnetd: 192.168.0. 
in.ftpd: 192.168.0.  host.example.com
sshd: 192.168.0.  host.example.com

Column: NetworkManager

最近のディストロではNetworkManagerで動的にネットワークを制御する

nmcli, nmtui等で設定する

  • nmtui: text user interface

6.2.2 ネットワークの問題解決

疎通確認と名前解決の確認

    1. L1疎通確認
    1. L2疎通確認
ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 42:01:0a:92:00:04 brd ff:ff:ff:ff:ff:ff

インタフェースが表示されていなければL2 downが疑われる。ifupする

  1. pingでLAN内のL3疎通確認

    • 名前解決できているかどうかの切り分けも
  2. LAN内で疎通があるがインターネットに出ていけない: routeでルーティングテーブル確認

    • デフォルトゲートウェイが設定されているか、等
  3. それでも駄目ならtraceroute, tracepath, mtr --report 等で経路確認
mtr --report
-bash: mtr: command not found

ないので入れる

yum provides mtr
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * epel: d2lzkl7pfhq30w.cloudfront.net
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
2:mtr-0.85-7.el7.x86_64 : A network diagnostic tool
Repo        : base
sudo yum install -y mtr

mtr --report lpic.jp
Start: Sun Dec 20 05:59:01 2020
HOST: lpic2-study-1               Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 209.85.241.8               0.0%    10    2.1   2.1   1.9   2.3   0.0
  2.|-- as7506.ix.jpix.ad.jp       0.0%    10    4.0   3.5   3.1   4.5   0.3
  3.|-- 150.95.5.62                0.0%    10    2.8   3.1   2.8   3.6   0.0
  4.|-- 150.95.5.134               0.0%    10    2.6   2.9   2.6   3.5   0.0
  5.|-- unused-133-130-015-158.in  0.0%    10    7.7   9.1   6.7  15.8   2.5
  6.|-- www7.conoha.ne.jp          0.0%    10    2.2   2.3   2.2   2.5   0.0
traceroute lpic.jp
traceroute to lpic.jp (163.44.187.20), 30 hops max, 60 byte packets
 1  209.85.241.8 (209.85.241.8)  23.543 ms  2.552 ms  2.564 ms
 2  as7506.ix.jpix.ad.jp (210.171.224.65)  4.055 ms  3.931 ms  4.003 ms
 3  150.95.5.62 (150.95.5.62)  3.881 ms  3.848 ms  3.805 ms
 4  150.95.5.134 (150.95.5.134)  4.196 ms  3.390 ms  3.984 ms
 5  unused-133-130-015-158.interq.or.jp (133.130.15.158)  11.623 ms  11.278 ms  11.494 ms
 6  www7.conoha.ne.jp (163.44.187.20)  2.785 ms !X  1.931 ms !X  1.896 ms !X
tracepath lpic.jp
 1?: [LOCALHOST]                                         pmtu 1460
 1:  209.85.241.8                                          6.261ms asymm  5 
 1:  209.85.241.8                                          1.829ms asymm  5 
 2:  as7506.ix.jpix.ad.jp                                  3.299ms asymm  6 
 3:  150.95.5.62                                           3.782ms asymm  7 
 4:  150.95.5.134                                          3.259ms asymm  8 
 5:  unused-133-130-015-158.interq.or.jp                  14.104ms asymm  9 
 6:  www7.conoha.ne.jp                                     2.436ms !H
     Resume: pmtu 1460