注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

itoedr的it学苑

记录从IT文盲学到专家的历程

 
 
 

日志

 
 

UBUNTU下的网卡预设命令工具interfaces说明书  

2013-08-26 19:57:27|  分类: 网络应用 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

######################################################################
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
#
# A "#" character in the very first column makes the rest of the line
# be ignored. Blank lines are ignored. Lines may be indented freely.
# A "\" character at the very end of the line indicates the next line
# should be treated as a continuation of the current one.
#
# The "pre-up", "up", "down" and "post-down" options are valid for all
# interfaces, and may be specified multiple times. All other options
# may only be specified once.
#
# See the interfaces(5) manpage for information on what options are
# available.
######################################################################

# We always want the loopback interface.
#
# auto lo
# iface lo inet loopback

# An example ethernet card setup: (broadcast and gateway are optional)
#
# auto eth0
# iface eth0 inet static
#     address 192.168.0.42
#     netmask 255.255.255.0
#     gateway 192.168.0.1

# A more complicated ethernet setup, with a less common netmask, and a downright
# weird broadcast address: (the "up" lines are executed verbatim when the
# interface is brought up, the "down" lines when it's brought down)
#
# auto eth0
# iface eth0 inet static
#     address 192.168.1.42
#     netmask 255.255.255.128
#     up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
#     up route add default gw 192.168.1.200
#     down route del default gw 192.168.1.200
#     down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

# A more complicated ethernet setup with a single ethernet card with
# two interfaces.
# Note: This happens to work since ifconfig handles it that way, not because
# ifup/down handles the ':' any differently.
# Warning: There is a known bug if you do this, since the state will not
# be properly defined if you try to 'ifdown eth0' when both interfaces
# are up. The ifconfig program will not remove eth0 but it will be
# removed from the interfaces state so you will see it up until you execute:
# 'ifdown eth0:1 ; ifup eth0; ifdown eth0'
# BTW, this is "bug" #193679 (it's not really a bug, it's more of a
# limitation)
#
# auto eth0 eth0:1
# iface eth0 inet static
#     address 192.168.0.100
#     netmask 255.255.255.0
#     gateway 192.168.0.1
# iface eth0:1 inet static
#     address 192.168.0.200
#     netmask 255.255.255.0

# "pre-up" and "post-down" commands are also available. In addition, the
# exit status of these commands are checked, and if any fail, configuration
# (or deconfiguration) is aborted. So:
#
# auto eth0
# iface eth0 inet dhcp
#     pre-up [ -f /etc/network/local-network-ok ]
#
# will allow you to only have eth0 brought up when the file
# /etc/network/local-network-ok exists.

# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet. If their MAC addresses get swapped (because an
# updated kernel uses a different order when probing for network cards,
# say), then they don't get brought up at all.
#
# auto eth0 eth1
# iface eth0 inet static
#     address 192.168.42.1
#     netmask 255.255.255.0
#     pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66
#     pre-up /usr/local/sbin/enable-masq
# iface eth1 inet dhcp
#     pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF
#     pre-up /usr/local/sbin/firewall

# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet, identified by MAC address rather than interface
# name:
#
# auto eth0 eth1
# mapping eth0 eth1
#     script /path/to/get-mac-address.sh
#     map 11:22:33:44:55:66 lan
#     map AA:BB:CC:DD:EE:FF internet
# iface lan inet static
#     address 192.168.42.1
#     netmask 255.255.255.0
#     pre-up /usr/local/sbin/enable-masq $IFACE
# iface internet inet dhcp
#     pre-up /usr/local/sbin/firewall $IFACE

# A PCMCIA interface for a laptop that is used in different locations:
# (note the lack of an "auto" line for any of these)
#
# mapping eth0
#    script /path/to/pcmcia-compat.sh
#    map home,*,*,*                  home
#    map work,*,*,00:11:22:33:44:55  work-wireless
#    map work,*,*,01:12:23:34:45:50  work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
#     address 10.15.43.23
#     netmask 255.255.255.0
#     gateway 10.15.43.1
#
# Note, this won't work unless you specifically change the file
# /etc/pcmcia/network to look more like:
#
#     if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi
#     get_info $DEVICE
#     case "$ACTION" in
#         'start')
#             /sbin/ifup $DEVICE
#             ;;
#         'stop')
#             /sbin/ifdown $DEVICE
#             ;;
#     esac
#     exit 0

# An alternate way of doing the same thing: (in this case identifying
# where the laptop is is done by configuring the interface as various
# options, and seeing if a computer that is known to be on each particular
# network will respond to pings. The various numbers here need to be chosen
# with a great deal of care.)
#
# mapping eth0
#    script /path/to/ping-places.sh
#    map 192.168.42.254/24 192.168.42.1 home
#    map 10.15.43.254/24 10.15.43.1 work-wireless
#    map 10.15.43.23/24 10.15.43.1 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
#     address 10.15.43.23
#     netmask 255.255.255.0
#     gateway 10.15.43.1
#
# Note that the ping-places script requires the iproute package installed,
# and the same changes to /etc/pcmcia/network are required for this as for
# the previous example.


# Set up an interface to read all the traffic on the network. This
# configuration can be useful to setup Network Intrusion Detection
# sensors in 'stealth'-type configuration. This prevents the NIDS
# system to be a direct target in a hostile network since they have
# no IP address on the network. Notice, however, that there have been
# known bugs over time in sensors part of NIDS (for example see
# DSA-297 related to Snort) and remote buffer overflows might even be
# triggered by network packet processing.
#
# auto eth0
# iface eth0 inet manual
#     up ifconfig $IFACE 0.0.0.0 up
#       up ip link set $IFACE promisc on
#       down ip link set $IFACE promisc off
#       down ifconfig $IFACE down

# Set up an interface which will not be allocated an IP address by
# ifupdown but will be configured through external programs. This
# can be useful to setup interfaces configured through other programs,
# like, for example, PPPOE scripts.
#
# auto eth0
# iface eth0 inet manual
#       up ifconfig $IFACE 0.0.0.0 up
#       up /usr/local/bin/myconfigscript
#       down ifconfig $IFACE down

********************************************************
linux interfaces文件配置说明

  1 auto lo

  2 iface lo inet loopback

  3

  4 # The primary network interface

  5 auto eth0

  6 iface eth0 inet static

  7      address 192.168.0.42

  8      network 192.168.0.0

  9      netmask 255.255.255.0

  10      broadcast 192.168.0.255

  11      gateway 192.168.0.1

  上面的配置中,

  第1行跟第5行说明lo接口跟eth0接口会在系统启动时被自动配置;

  第2行将lo接口设置为一个本地回环(loopback)地址;

  第6行指出eth0接口具有一个静态的(static)IP配置;

  第7行-第11行分别设置eth0接口的ip、网络号、掩码、广播地址和网关。

  再来看一个更复杂点的:

  12 auto eth0

  13 iface eth0 inet static

  14     address 192.168.1.42

  15     network 192.168.1.0

  17     netmask 255.255.255.128

  18     broadcast 192.168.1.0

  19     up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

  20     up route add default gw 192.168.1.200

  21     down route del default gw 192.168.1.200

  22     down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

  这次,有了一个复杂一些的掩码,和一个比较奇怪的广播地址。还有就是增加的接口启用、禁用时的路由设置;

  第19行和20行配置的左右是在接口启用的时候,添加一条静态路由和一个缺省路由;

  第21行和22行会在接口禁用的时候,删掉这两条路由配置。

  至于配置路由的写法,仔细看,它就是route命令嘛。

  继续,下面是一个物理网卡上多个接口的配置方法:

  23 auto eth0 eth0:1

  24 iface eth0 inet static

  25     address 192.168.0.100

  26     network 192.168.0.0

  27     netmask 255.255.255.0

  28     broadcast 192.168.0.255

  29     gateway 192.168.0.1

  30 iface eth0:1 inet static

  31     address 192.168.0.200

  32     network 192.168.0.0

  33     netmask 255.255.255.0

  30行到33行在eth0上配置了另外一个地址,这种配置方法在配置一块网卡多个地址的时候很常见:有几个地址就配置几个接口。冒号后面的数字可以随便写的,只要几个配置的名字不重复就可以。

  下面是pre-up和post-down命令时间。这是一组命令(pre-up、up、post-up、pre-down、down、post-down),分别定义在对应的时刻需要执行的命令。

  34 auto eth0

  35 iface eth0 inet dhcp

  36     pre-up [ -f /etc/network/local-network-ok ]

  第36行会在激活eth0之前检查/etc/network/local-network-ok文件是否存在,如果不存在,则不会激活eth0。

  再更进一步的例子:

  37 auto eth0 eth1

  38 iface eth0 inet static

  39     address 192.168.42.1

  40     netmask 255.255.255.0

  41     pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66

  42     pre-up /usr/local/sbin/enable-masq

  43 iface eth1 inet dhcp

  44     pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF

  45     pre-up /usr/local/sbin/firewall

  第41行和第44行中,check-mac-address.sh放在/usr/share/doc/ifupdown/examples/目 录 中,使用的时候需要给它加上可执行权限。这两行命令会检测两块网卡的MAC地址是否为11:22:33:44:55:66和 AA:BB:CC:DD:EE:FF,如果正确,则启用网卡。如果MAC地址错误,就不会启用这两块网卡。

  第42行和第45行是假定在这两块网卡上分别执行的命令,你可以把它们替换成你想要的任何玩意 :)

  手册上说,这种方法主要是用来检测两块网卡的MAC地址交换(If their MAC addresses get swapped),其实就是两块网卡名互换了,这种情况在debian系统上再常见不过了,主要是因为内核识别网卡的顺序发生了变化。这个问题可以用下面 的这种方法来避免。

  46 auto eth0 eth1

  47 mapping eth0 eth1

  48     script /path/to/get-mac-address.sh

  49     map 11:22:33:44:55:66 lan

  50     map AA:BB:CC:DD:EE:FF internet

  51 iface lan inet static

  52     address 192.168.42.1

  53     netmask 255.255.255.0

  54     pre-up /usr/local/sbin/enable-masq $IFACE

  55 iface internet inet dhcp

  56     pre-up /usr/local/sbin/firewall $IFACE

  第48行中的get-mac-address.sh也在/usr/share/doc/ifupdown/examples/目录里,也同样要加可执行权限。这个脚本的作用,就是获得每块网卡的MAC地址。

  这段配置首先配置了两个逻辑接口(这个名词的定义请参见debian参考手册 <http://www.debian.org/doc/manuals/reference/ch-gateway.zh- cn.html>)lan和internet,然后根据网卡的MAC地址,将逻辑接口映射(mapped)到物理接口上去。

  再来看下面这段配置:

57   auto eth0

58   iface eth0 inet manual

59       up ifconfig $IFACE 0.0.0.0 up 

60       up /usr/local/bin/myconfigscript 

61       down ifconfig $IFACE down

  这段配置只是启用一个网卡,但是ifupdown不对这个网卡设置任何ip,而是由外部程序来设置ip。

  最后一段配置,这段配置启用了网卡的混杂模式,用来当监听接口。

  177 auto eth0

  178 iface eth0 inet manual

  179     up ifconfig $IFACE 0.0.0.0 up

  180     up ip link set $IFACE promisc on

  181     down ip link set $IFACE promisc off

  182     down ifconfig $IFACE down

 ## interfaces主要用于为网卡预设网数据,使之可以随系统加电自动完成网络参数配置。

  评论这张
 
阅读(222)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017