6.2 高度なネットワークの設定と問題解決
6.2.1 ネットワーク関連ファイル
ifconfig
やip
,route
でも設定を行うことはできるが、揮発性- 永続化するには
/etc/
の各種ファイルに記述する
/etc/hostname
[wand@lpic2-study-1 ~]$ cat /etc/hostname
lpic2-study-1
/etc/hosts
小規模な名前解決
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.146.0.4 lpic2-study-1.asia-northeast1-b.c.lpic2-study.internal lpic2-study-1 # Added by Google
169.254.169.254 metadata.google.internal # Added by Google
普段遣いのUbuntu18.04 on WSL2環境のやつ
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateHosts = false
127.0.0.1 localhost
127.0.1.1 DESKTOP-2PJLLS0.localdomain DESKTOP-2PJLLS0
192.168.3.5 host.docker.internal
192.168.3.5 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/etc/networks
ネットワークのアドレスを記述する
cat /etc/networks
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0
A,B,Cクラスフル。/28
とかはサポートされない
/etc/nsswitch.conf
名前解決をする際の問い合わせ順を記述する
cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# sss Use sssd (System Security Services Daemon)
# [NOTFOUND=return] Stop searching if not found so far
#
# WARNING: Running nscd with a secondary caching service like sssd may lead to
# unexpected behaviour, especially with how long entries are cached.
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#initgroups: files sss
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: nisplus sss
publickey: nisplus
automount: files nisplus sss
aliases: files nisplus
書式
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# sss Use sssd (System Security Services Daemon)
# [NOTFOUND=return] Stop searching if not found so far
- files: /etc/hosts
- nis: Network Information Service
- dns: DNS
- ldap: LDAP
など
/etc/resolv.conf
問い合わせ先のDNSサーバ
man: https://linuxjm.osdn.jp/html/LDP_man-pages/man5/resolv.conf.5.html
cat /etc/resolv.conf
# Generated by NetworkManager
search asia-northeast1-b.c.lpic2-study.internal c.lpic2-study.internal google.internal
nameserver 169.254.169.254
書式
- domain: ホストが属するローカルドメイン名記述
-
search: domainの複数版
- domainとは排他
- 上記の例で
ping www
するとwww.asia-northeast1-b.c.lpic2-study.internal
,c.lpic2-study.internal
,google.internal
の名前解決を試みる
-
nameserver: 1.1.1.1とか8.8.8.8とか指定するやつ
- 複数指定するときは1行ずつ
/etc/sysconfig/network
up/down, ホスト名、デフォゲ等設定記述
cat /etc/sysconfig/network
# Created by anaconda
CentOS7/RHEL7などではnmcli
で設定推奨
nmcli
eth0: connected to System eth0
"Red Hat Virtio"
ethernet (virtio_net), 42:01:0A:92:00:04, hw, mtu 1460
ip4 default
inet4 10.146.0.4/32
route4 10.146.0.1/32
route4 0.0.0.0/0
route4 10.146.0.4/32
inet6 fe80::4001:aff:fe92:4/64
route6 fe80::/64
route6 ff00::/8
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
DNS configuration:
servers: 169.254.169.254
domains: asia-northeast1-b.c.lpic2-study.internal c.lpic2-study.internal google.internal
interface: eth0
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
/etc/sysconfig/network-scripts/
Red Hat系ディストロでネットワークインタフェースの設定が置かれているディレクトリ
ls -lF /etc/sysconfig/network-scripts/
total 232
-rw-r--r--. 1 root root 205 Nov 10 18:10 ifcfg-eth0
-rw-r--r--. 1 root root 254 Nov 10 18:10 ifcfg-lo
lrwxrwxrwx. 1 root root 24 Nov 10 18:06 ifdown -> ../../../usr/sbin/ifdown*
-rwxr-xr-x. 1 root root 1621 Dec 9 2018 ifdown-Team*
-rwxr-xr-x. 1 root root 1556 Dec 9 2018 ifdown-TeamPort*
-rwxr-xr-x. 1 root root 654 Aug 19 2019 ifdown-bnep*
-rwxr-xr-x. 1 root root 6532 Aug 19 2019 ifdown-eth*
-rwxr-xr-x. 1 root root 781 Aug 19 2019 ifdown-ippp*
-rwxr-xr-x. 1 root root 4540 Aug 19 2019 ifdown-ipv6*
lrwxrwxrwx. 1 root root 11 Nov 10 18:06 ifdown-isdn -> ifdown-ippp*
-rwxr-xr-x. 1 root root 2130 Aug 19 2019 ifdown-post*
-rwxr-xr-x. 1 root root 1068 Aug 19 2019 ifdown-ppp*
-rwxr-xr-x. 1 root root 870 Aug 19 2019 ifdown-routes*
-rwxr-xr-x. 1 root root 1456 Aug 19 2019 ifdown-sit*
-rwxr-xr-x. 1 root root 1462 Aug 19 2019 ifdown-tunnel*
lrwxrwxrwx. 1 root root 22 Nov 10 18:06 ifup -> ../../../usr/sbin/ifup*
-rwxr-xr-x. 1 root root 1755 Dec 9 2018 ifup-Team*
-rwxr-xr-x. 1 root root 1876 Dec 9 2018 ifup-TeamPort*
-rwxr-xr-x. 1 root root 12415 Aug 19 2019 ifup-aliases*
-rwxr-xr-x. 1 root root 910 Aug 19 2019 ifup-bnep*
-rwxr-xr-x. 1 root root 13574 Aug 19 2019 ifup-eth*
-rwxr-xr-x. 1 root root 12075 Aug 19 2019 ifup-ippp*
-rwxr-xr-x. 1 root root 11893 Aug 19 2019 ifup-ipv6*
lrwxrwxrwx. 1 root root 9 Nov 10 18:06 ifup-isdn -> ifup-ippp*
-rwxr-xr-x. 1 root root 650 Aug 19 2019 ifup-plip*
-rwxr-xr-x. 1 root root 1064 Aug 19 2019 ifup-plusb*
-rwxr-xr-x. 1 root root 4997 Aug 19 2019 ifup-post*
-rwxr-xr-x. 1 root root 4154 Aug 19 2019 ifup-ppp*
-rwxr-xr-x. 1 root root 2001 Aug 19 2019 ifup-routes*
-rwxr-xr-x. 1 root root 3303 Aug 19 2019 ifup-sit*
-rwxr-xr-x. 1 root root 2780 Aug 19 2019 ifup-tunnel*
-rwxr-xr-x. 1 root root 1836 Aug 19 2019 ifup-wireless*
-rwxr-xr-x. 1 root root 5419 Aug 19 2019 init.ipv6-global*
-rw-r--r--. 1 root root 20678 Aug 19 2019 network-functions
-rw-r--r--. 1 root root 31027 Aug 19 2019 network-functions-ipv6
cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by parse-kickstart
IPV6INIT="no"
DHCP_HOSTNAME="localhost"
BOOTPROTO="dhcp"
DEVICE="eth0"
ONBOOT="yes"
UUID="dc63451f-28c0-45e0-99c3-30e97939fb92"
MTU=1460
PERSISTENT_DHCLIENT="y"
IPV6INIT=yes
/etc/network/
ls -lF /etc/network/
total 24
-rw-r--r-- 1 root root 1463 Sep 9 2019 fan
drwxr-xr-x 2 root root 4096 Sep 9 2019 if-down.d/
drwxr-xr-x 2 root root 4096 Sep 9 2019 if-post-down.d/
drwxr-xr-x 2 root root 4096 Sep 9 2019 if-pre-up.d/
drwxr-xr-x 2 root root 4096 Sep 9 2019 if-up.d/
-rw-r--r-- 1 root root 190 May 21 2019 interfaces
Ubuntu18.04ではすでにリプレースされてた
cat /etc/network/interfaces
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
16.10からnetplanというのが使われるようになったらしい
ls -lF /etc/netplan
total 0
yamlでネットワークインタフェースの設定を記述するらしい
/etc/hosts.allow, /etc/hosts.deny
cat /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
cat /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
サービスとホストベースのACLを設定できる
in.telnetd: 192.168.0.
in.ftpd: 192.168.0. host.example.com
sshd: 192.168.0. host.example.com
Column: NetworkManager
最近のディストロではNetworkManagerで動的にネットワークを制御する
nmcli
, nmtui
等で設定する
- nmtui: text user interface
6.2.2 ネットワークの問題解決
疎通確認と名前解決の確認
-
- L1疎通確認
-
- L2疎通確認
ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 42:01:0a:92:00:04 brd ff:ff:ff:ff:ff:ff
インタフェースが表示されていなければL2 downが疑われる。ifup
する
-
ping
でLAN内のL3疎通確認- 名前解決できているかどうかの切り分けも
-
LAN内で疎通があるがインターネットに出ていけない:
route
でルーティングテーブル確認- デフォルトゲートウェイが設定されているか、等
- それでも駄目なら
traceroute
,tracepath
,mtr --report
等で経路確認
mtr --report
-bash: mtr: command not found
ないので入れる
yum provides mtr
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* epel: d2lzkl7pfhq30w.cloudfront.net
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
2:mtr-0.85-7.el7.x86_64 : A network diagnostic tool
Repo : base
sudo yum install -y mtr
mtr --report lpic.jp
Start: Sun Dec 20 05:59:01 2020
HOST: lpic2-study-1 Loss% Snt Last Avg Best Wrst StDev
1.|-- 209.85.241.8 0.0% 10 2.1 2.1 1.9 2.3 0.0
2.|-- as7506.ix.jpix.ad.jp 0.0% 10 4.0 3.5 3.1 4.5 0.3
3.|-- 150.95.5.62 0.0% 10 2.8 3.1 2.8 3.6 0.0
4.|-- 150.95.5.134 0.0% 10 2.6 2.9 2.6 3.5 0.0
5.|-- unused-133-130-015-158.in 0.0% 10 7.7 9.1 6.7 15.8 2.5
6.|-- www7.conoha.ne.jp 0.0% 10 2.2 2.3 2.2 2.5 0.0
traceroute lpic.jp
traceroute to lpic.jp (163.44.187.20), 30 hops max, 60 byte packets
1 209.85.241.8 (209.85.241.8) 23.543 ms 2.552 ms 2.564 ms
2 as7506.ix.jpix.ad.jp (210.171.224.65) 4.055 ms 3.931 ms 4.003 ms
3 150.95.5.62 (150.95.5.62) 3.881 ms 3.848 ms 3.805 ms
4 150.95.5.134 (150.95.5.134) 4.196 ms 3.390 ms 3.984 ms
5 unused-133-130-015-158.interq.or.jp (133.130.15.158) 11.623 ms 11.278 ms 11.494 ms
6 www7.conoha.ne.jp (163.44.187.20) 2.785 ms !X 1.931 ms !X 1.896 ms !X
tracepath lpic.jp
1?: [LOCALHOST] pmtu 1460
1: 209.85.241.8 6.261ms asymm 5
1: 209.85.241.8 1.829ms asymm 5
2: as7506.ix.jpix.ad.jp 3.299ms asymm 6
3: 150.95.5.62 3.782ms asymm 7
4: 150.95.5.134 3.259ms asymm 8
5: unused-133-130-015-158.interq.or.jp 14.104ms asymm 9
6: www7.conoha.ne.jp 2.436ms !H
Resume: pmtu 1460