Solaris 8网络管理笔记
时间:2005-05-27 来源:redhat2005
一、如何创建自己的启动脚本
现在创建一个简单的服务器进程启动脚本。假设该进程的可执行文件为/sbin/sample_server,该进程将在运行水平3上启动,运行水平2上关闭。
1 在/etc/init.d目录下创建一个启动脚本.将该脚本保存为文件/etc/init.d/my_server.
这个脚本如下所示:
#!/sbin/sh
case "$1" in
'start')
if [ -f /sbin/sample_server ]; then
/sbin/sample_server
fi
;;
'stop')
/usr/bin/pkill -x -u 0 sample_server
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
~
~
~
~
~
2 使用命令将脚本链接至启动和关闭目录
bash-2.03#ln -s /etc/init.d/sample_server /etc/rc3.d/S900my_server
bash-2.03#ln -s /etc/init.d/sample_server /etc/rc2.d/K900my_server
bash-2.03#netstat -a 这个命令会列出当前运行着的所有服务列表.显示的是端口和套接字 的监听状态。
二、DHCP 服务
不知道有没有人在Solaris中使用SUN的DHCP服务器,反正我是没用过,呵呵,自己也只是随便用用
1 常用的DHCP配置实用程序
dhtadm DHCP配置表管理程序
dhcpconfig DHCP服务配置程序
dhcpmgr(/usr/sadm/admin/bin/dhcpmgr) 图形化的DHCP管理器
dntadm DHCP网络表管理程序
2 对于图形化的服务配置方法,只要按提示配置即可,多数情况下是按回车
bash-2.03# /usr/sadm/admin/bin/dhcpmgr (配置界面会自动启动)
3 Solaris中传统的DHCP配置实用程序是dhcpconfig,配置和解除服务都是用它,图形程序在后台也是使用的它。注意,如果对于提问不输入任何的内容,多数将采用默认值,每个问题对应的默认值在方括号中。
bash-2.03# dhcpconfig
*** DHCP Configuration ***
Would you like to:
1) Configure DHCP Service
2) Configure BOOTP Relay Agent
3) Unconfigure DHCP or Relay Service
4) Exit
Choice: 1 # 1配置,3是解除
### DHCP Service Configuration ###
### Configure DHCP data store and location ###
Enter data store (SUNWbinfiles, SUNWfiles or SUNWnisplus) [SUNWnisplus]: SUNWfiles #选择数据存储,文本
Enter full path to data location [/var/dhcp]: # 数据存储的路径,可修改
Enter location for hosts data (none, files, dns, or nisplus) [none]: files # 数据存储模式,如果不使用NIS+,选择文本
Enter default DHCP lease policy (in days) [3]: # IP更新策略,每一天一更新
Do you want to allow clients to renegotiate their leases? ([Y]/N):y # 同意客户端更新IP地址
Created DHCP configuration file.
Created dhcptab.
Added "Locale" macro to dhcptab.
Added server macro to dhcptab - txd01.
DHCP server started.
### Common daemon option setup ###
Would you like to specify nondefault daemon options (Y/[N]):n # DHCP的后台程序指定,比如SYSLOG
### DHCP server option setup ###
Would you like to specify nondefault server options (Y/[N]): n # 设置DHCP的不同选项,为简便,选 N
### Select Networks For BOOTP/DHCP Support ###
Enable DHCP/BOOTP support of networks you select? ([Y]/N):y # 同意启用网络上DHCP支持
### Configure Local Networks ###
Configure BOOTP/DHCP on local LAN network: 192.168.0.0? ([Y]/N):y # 本地网络
Do you want hostnames generated and inserted in the SUNWfiles hosts table? (Y/[N]):n
Enter starting IP address [192.168.0.0]: 192.168.0.100 # IP地址池的初始IP
Enter the number of clients you want to add (x < 255): 10 # IP地址池的IP数量
Disable (ping) verification of 192.168.0.0 address(es)? (Y/[N]):n # 不要关闭ping验证
90% Complete.
Configured 10 entries for network: 192.168.0.0.
### Configure Remote Networks ###
Would you like to configure BOOTP/DHCP service on remote networks? ([Y]/N):
三、常见的以太网故障解决方法命令
1 ifconfig
基本上会用solaris的人,就应该会用这个命令了,它可以列出系统安装的所有的网络接口的详细信息.
bash-2.03# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.0.188 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:a7:91:ce
这个命令也可以用来创建和配置系统要安装的网络接口,后面我会有详细的例子.
2 netstat
该命令有多种用途,例如显示路由表、可用的服务端口以及目前建立的连接等。
bash-2.03# netstat
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
u10.32783 192.168.0.118.6000 65219 0 24820 0 ESTABLISHED
u10.32797 192.168.0.118.6000 65391 0 24820 0 ESTABLISHED
u10.32798 192.168.0.118.6000 65291 0 24820 0 ESTABLISHED
localhost.32904 localhost.32875 32768 0 32768 0 ESTABLISHED
localhost.32875 localhost.32904 32768 0 32768 0 ESTABLISHED
.....................................
Active UNIX domain sockets
Address Type Vnode Conn Local Addr Remote Addr
30000e57b08 stream-ord 300000731a8 00000000 /tmp/.X11-unix/X0
30000e57cb8 stream-ord 00000000 00000000
在如下使用时,列出IPV4和IPV6地址、输入和输出数据包、错误数以及所有网络接口的冲突次数。
bash-2.03# netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 14681 0 14681 0 0 0
hme0 1500 u10 u10 83538 0 85852 0 0 0
3 snoop
用来捕获和显示网络流量。它可能是数据包级解决网络问题最有用的命令。
bash-2.03# snoop
Using device /dev/hme (promiscuous mode)
u10 -> 192.168.0.12 XWIN C port=32899
192.168.0.12 -> u10 XWIN R port=32899
u10 -> 192.168.0.12 XWIN C port=32899
192.168.0.12 -> u10 XWIN R port=32899
u10 -> 192.168.0.12 XWIN C port=32899
192.168.0.12 -> u10 XWIN R port=32899
192.168.0.12 -> u10 XWIN R port=32899
u10 -> 192.168.0.12 XWIN C port=32899
该命令持续显示捕获的数据包,直到按下Ctrl+C中断该进程。该命令的输出显示了源和目的主机的主机名或IP地址,还显示了数据包的类型、应用该数据包的服务和端口号。为了得到每个数据包的详细信息,应如下使用snoop -v
bash-2.03# snoop -v
Using device /dev/hme (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 6 arrived at 15:35:1.27
ETHER: Packet size = 60 bytes
ETHER: Destination = 8:0:20:a7:91:ce, Sun
ETHER: Source = 0:10:5c:ea:ef:6d,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 40 bytes
IP: Identification = 36152
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = eb7e
IP: Source address = 192.168.0.12, 192.168.0.12
IP: Destination address = 192.168.0.188, u10
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 6000
TCP: Destination port = 32899
为了以文本格式保存的输出,应使用重定向方法,而不是-0或-i参数.可用cat more查看.
bash-2.03# snoop -v > snoop.txt
Using device /dev/hme (promiscuous mode)
4 ndd
该命令用于显示网络驱动的信息。
bash-2.03# ndd /dev/hme ?
? (read only)
transceiver_inuse (read only)
link_status (read only)
link_speed (read only)
link_mode (read only)
ipg1 (read and write)
ipg2 (read and write)
use_int_xcvr (read and write)
pace_size (read and write)
adv_autoneg_cap (read and write)
adv_100T4_cap (read and write)
adv_100fdx_cap (read and write)
......................................
bash-2.03# ndd /dev/udp ?
? (read only)
udp_wroff_extra (read and write)
udp_ipv4_ttl (read and write)
udp_ipv6_hoplimit (read and write)
udp_smallest_nonpriv_port (read and write)
udp_do_checksum (read and write)
udp_smallest_anon_port (read and write)
udp_largest_anon_port (read and write)
udp_xmit_hiwat (read and write)
....................................................
后面的值(read and write)表示可修改,(read only)表示只读不可修改。例如:
bash-2.03# ndd /dev/udp udp_ipv4_ttl
255
表示UDP包的生存期是255,可修改用-set参数。
bash-2.03# ndd -set /dev/udp udp_ipv4_ttl 50
bash-2.03# ndd /dev/udp udp_ipv4_ttl
50
5 ping traceroute 这两个命令就不用说了,地球人都知道。但还有一些常用的用法,可供参考.
ping
1)连续ping
bash-2.03# ping -s 192.168.0.1
PING 192.168.0.1: 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0. time=1. ms
64 bytes from 192.168.0.1: icmp_seq=1. time=0. ms
64 bytes from 192.168.0.1: icmp_seq=2. time=0. ms
64 bytes from 192.168.0.1: icmp_seq=3. time=0. ms
64 bytes from 192.168.0.1: icmp_seq=4. time=0. ms
64 bytes from 192.168.0.1: icmp_seq=5. time=0. ms
^C
----192.168.0.1 PING Statistics----
6 packets transmitted, 6 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/1
2)在ping命令中使用不同的确包长度 默认采用的是56+8字节长的数据包,然而为了检测网络对长数据包的响应情况可以在命令中指定包的长度.这对于掌握主机是否因为IP分片的原因而丢弃数据包非常有用.各位可试一下,我没有在实际中用过.试验的机子也是旧机型,不能超过1500.1400就可以,呵呵!
bash-2.03# ping -s 192.168.0.1 1500
PING 192.168.0.1: 1500 data bytes
^C
----192.168.0.1 PING Statistics----
6 packets transmitted, 0 packets received, 100% packet loss
bash-2.03# ping -s 192.168.0.1 1400
PING 192.168.0.1: 1400 data bytes
1408 bytes from 192.168.0.1: icmp_seq=0. time=2. ms
1408 bytes from 192.168.0.1: icmp_seq=1. time=1. ms
1408 bytes from 192.168.0.1: icmp_seq=2. time=1. ms
^C
----192.168.0.1 PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/2
大家可以注意到长数据包的响应时间增加了.
3)发送固定数量的ping包 比如发送三个
bash-2.03# ping -s 192.168.0.1 1400 3
PING 192.168.0.1: 1400 data bytes
1408 bytes from 192.168.0.1: icmp_seq=0. time=1. ms
1408 bytes from 192.168.0.1: icmp_seq=1. time=1. ms
1408 bytes from 192.168.0.1: icmp_seq=2. time=1. ms
----192.168.0.1 PING Statistics----
3 packets transmitted, 3 packets received, 0% packet loss
round-trip (ms) min/avg/max = 1/1/1
6 arp 命令 增加一条记录用-s,删除用-d,pub关键字使得这些记录对于所有的主机都是公开的.
也可以手工增加多条记录,使用一个文本文件记录:
<IP地址> <MAC地址> pub 再用命令 :
arp -f <文件名>
bash-2.03# arp -a
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
hme0 192.168.0.118 255.255.255.255 00:11:25:80:2f:d7
hme0 192.168.0.12 255.255.255.255 00:10:5c:ea:ef:6d
hme0 192.168.0.111 255.255.255.255 00:0d:61:97:04:08
hme0 u10 255.255.255.255 SP 08:00:20:a7:91:ce
hme0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
bash-2.03# arp -s 192.168.0.13 11:11:11:11:11:11 pub
bash-2.03# arp -a
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
hme0 192.168.0.118 255.255.255.255 00:11:25:80:2f:d7
hme0 192.168.0.12 255.255.255.255 00:10:5c:ea:ef:6d
hme0 192.168.0.111 255.255.255.255 00:0d:61:97:04:08
hme0 192.168.0.13 255.255.255.255 SP 11:11:11:11:11:11
hme0 u10 255.255.255.255 SP 08:00:20:a7:91:ce
hme0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
bash-2.03# arp -d 192.168.0.13
192.168.0.13 (192.168.0.13) deleted
bash-2.03# arp -a
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
hme0 192.168.0.118 255.255.255.255 00:11:25:80:2f:d7
hme0 192.168.0.12 255.255.255.255 00:10:5c:ea:ef:6d
hme0 192.168.0.111 255.255.255.255 00:0d:61:97:04:08
hme0 u10 255.255.255.255 SP 08:00:20:a7:91:ce
hme0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
四、在Solaris中配置网络接口
1 配置实际网络接口 Solaris中的网络接口通常命名为hmen、erin、cen等,这里n是数字,单词hme等表示一种绑定在网络接口上的驱动类型(http://bbs.chinaunix.net/forum/viewtopic.php?t=503948&highlight=jiangping上有更为详细的说明)。数字n通常对于第一个接口是0,第二个是1,类推。如果给接口hme0配置IP为192.168.2.222,掩码为255.255.255.0 如下:
1)创建一个文件: /etc/hostname.hme0,只有一行内容,将主机名如下
sun280
2)编辑文件/etc/hosts,加入一行
192.168.2.222 sun280
3)编辑文件/etc/netmasks并增加如下一行
192.168.2.222 255.255.255.0
系统启动时,网络初始化脚本/etc/init.d/network将被执行,读取这些文件并配置网络接口.
该配置是固化在系统中,也可以用命令ifconfig临时更改网络接口,重启后无效.
bash-2.03#ifconfig hme0 plumb
bash-2.03#ifconfig hme0 192.168.2.222 netmask 255.255.255.0 up
2 配置虚拟接口 如果在系统上安装了一个hme0的网络适配器,则可以使用类似hme0:n这样的多个虚拟接口,这里的n大于等于1,hme0:1 hme0:2等.
方法如下:
创建一个文件/etc/hostname.hme0:1,记录一行主机名
sun280_1
编辑/etc/hosts文件,增加
192.168.1.111 sun280_1
编辑文件/etc/netmasks文件,为这个新接口增加一行
192.168.1.111 255.255.255.0
再次重启时,该接口就存在了.也可以手工配置:
bash-2.03#ifconfig hme0:1 plumb
bash-2.03#ifconfig hme0:1 192.168.1.111/24 up
bash-2.03#ifconfig hme0:1
配置完成后,可以使用ping命令来验证接口是否得到响应.
五、Solaris网络中的路由配置
1 静态路由配置
bash-2.03# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.188 U 1 7 hme0
224.0.0.0 192.168.0.188 U 1 0 hme0
127.0.0.1 127.0.0.1 UH 24 20850 lo0
]bash-2.03# route add -net 192.168.0.0/24 192.168.0.1
add net 192.168.0.0/24: gateway 192.168.0.1
bash-2.03# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.188 U 1 9 hme0
192.168.0.0 192.168.0.1 UG 1 0
224.0.0.0 192.168.0.188 U 1 0 hme0
127.0.0.1 127.0.0.1 UH 24 21100 lo0
2 配置默认路由 创建/etc/defaultrouter文件,记录下指定默认路由的IP地址即可.
3 如果不想启用路由功能,只要创建/etc/norouter文件即可.则IP转发和动态路由都是关闭的.
4 动态路由配置需要使用RIP和RDISC,本人在实际中应用极少.
_________________
佛曰:前世五百次的回眸才换来今生一次擦肩而过