Home | 简体中文 | 繁体中文 | 杂文 | 知乎专栏 | Github | OSChina 博客 | 云社区 | 云栖社区 | Facebook | Linkedin | 视频教程 | 打赏(Donations) | About
知乎专栏多维度架构 微信号 netkiller-ebook | QQ群:128659835 请注明“读者”

部分 III. Network Application

目录

30. Networking 网络管理
30.1. hosts
30.1.1. /etc/hostname
30.1.2. hostnamectl - Control the system hostname
30.1.3. /etc/host.conf
30.1.4. /etc/hosts
30.1.5. hosts.allow / hosts.deny
30.1.6. /etc/resolv.conf
30.2. Network adapter 网络适配器
30.2.1. 接口名称
30.3. Ethernet Interfaces 以太网接口
30.3.1. ifquery
30.3.2. DHCP
30.3.3. CentOS
30.3.4. Ubuntu
30.4. Gateway 设置默认网关
30.4.1. CentOS
30.5. 配置 DNS
30.5.1. 常规 DNS 配置 /etc/resolv.conf
30.5.2. 安全 DNS 配置
30.5.2.1. 启用 DNS over TLS
30.5.2.2. 启用 DNSSEC
30.5.2.3. 同时启用 DNS over TLS 和 DNSSEC
30.5.2.4. 配置 NetworkManager
30.6. IP forwarding(IP转发)
30.7. bonding
30.7.1. bonding
30.7.2. Ubuntu
30.8. brctl
30.9. Wireless - WiFi 配置
30.9.1. rfkill - tool for enabling and disabling wireless devices
30.9.2. iwlist - Get more detailed wireless information from a wireless interface
30.9.3. iwconfig - configure a wireless network interface
30.9.4. /proc/net/wireless
30.10. CentOS 8
30.10.1. nmtui - Text User Interface for controlling NetworkManager
30.10.2. nmcli - command-line tool for controlling NetworkManager
30.10.2.1. 查看连接状态
30.10.2.2. 查看接口状态
30.10.2.3. 添加接口
30.10.2.4.
30.10.2.5. 停止接口
30.10.2.6.
30.10.2.7. 显示设备信息
30.11. 网络检查命令
30.11.1. ping
30.11.2. Finding optimal MTU
30.11.3. ss - another utility to investigate sockets
30.12. Ubuntu netplan (Ubuntu 18.04 之后才用 netplan 管理网络)
30.13. Linux IP And Router
30.13.1. netmask
30.13.1.1. iptab
30.13.1.2. netmask - a netmask generation and conversion program
30.13.2. arp - manipulate the system ARP cache
30.13.2.1. display hosts
30.13.2.2. delete a specified entry
30.13.2.3. /proc/net/arp
30.13.2.4. /etc/ethers
30.13.3. iproute2
30.13.3.1.
30.13.3.2. 添加路由
30.13.3.3. 删除路由
30.13.3.4. 变更路由
30.13.3.5. 替换已有的路由
30.13.3.6. 增加默认路由
30.13.3.7. cache
30.13.4. 策略路由
30.13.5. 负载均衡
30.13.6. MASQUERADE
30.13.7. ip tunnel
30.13.8. VLAN
30.13.9. Zebra
31. OpenNTPD
31.1. install
31.1.1. ntpd - Network Time Protocol (NTP) daemon
31.1.2. Ubuntu
31.1.3. ntpdate
31.2. ntpdate
31.2.1. CentOS 7
31.2.2. CentOS 6
31.3. ntpd.conf / ntp.conf
31.3.1. server 配置
31.3.2. ntp 安全设置
31.4. ntpstat - show network time synchronisation status
31.5. ntpq - standard NTP query program
32. DHCP
32.1. DHCP Server
32.2. dhclient
32.3. release matching connections
33. DNS/Bind
33.1. 安装 bind9
33.2. forwarders
33.3. Load Balancing
33.4. view
33.5. Master / Slave
33.5.1. master /etc/named.conf
33.5.1.1. /var/named/example.com.zone
33.5.1.2. /var/named/example.com.zone
33.5.2. slave /etc/named.conf
33.5.3. FAQ
33.5.3.1. Master 更改后 Slave 不同步
33.5.3.2. Master 与 Slave 的 Test
33.6. DNS tools
33.6.1. dig - DNS lookup utility
33.6.1.1. any
33.6.1.2. ns
33.6.1.3. A
33.6.1.4. mx
33.6.1.5. cname
33.6.1.6. txt
33.6.1.7. -x addr 反向解析
33.6.1.8. web dig
33.6.2. nslookup - query Internet name servers interactively
33.6.2.1. 刷新 DNS 解析缓存
33.6.2.2. 查看NS记录
33.6.2.3. Mx 记录
33.6.2.4. txt
33.7. DNS
33.7.1. OpenDNS
33.7.2. Google DNS
33.8. NamedManager
34. dnsmasq
34.1. Install
34.1.1. CentOS / Redhat
34.1.2. Debian / Ubuntu
34.1.3. Firewall 设置
34.2. /etc/dnsmasq.conf
34.3. dnsmasq.resolv.conf
34.4. dnsmasq.hosts
34.5. /etc/dnsmasq.d/dnsmasq.server.conf
34.6. /etc/dnsmasq.d/dnsmasq.address.conf
34.6.1. 域名劫持
34.7. FAQ
35. rinetd — internet “redirection server”
35.1. rinetd install
35.1.1. ubuntu
35.1.2. centos
35.2. rinetd.conf
35.3. 防御脚本
35.4. rinetd.log
36. News Group (innd)
36.1. Ubuntu
36.2. CentOS
36.3. User Authentication
36.4. usenet 管理
36.5. 通过SSL连接
36.6. src.rpm 安装
36.7. 常用新闻组
37. IRC - Internet Relay Chat
37.1. IRC Protcol
37.2. IRC Commands
37.3. ircd-irc2 - The original IRCNet IRC server daemon
37.4. ircd-hybrid
37.5. IRC Client
37.5.1. Irssi - a modular IRC client for UNIX
37.5.1.1. 安装 Irssi
37.5.1.2. irssi 命令参数
37.5.1.3. network
37.5.1.4. server
37.5.2. ircII - interface to the Internet Relay Chat system
37.5.3. HydraIRC
37.5.4. XChat
37.5.5. F-IRC
37.6. Web IRC
37.6.1. QuakeNet Web IRC
37.6.2. freenode
37.6.3. Web IRC
37.6.4. hackint
38. jabber XMPP
38.1. ejabberd - Distributed, fault-tolerant Jabber/XMPP server written in Erlang
38.1.1. ejabberdctl
38.2. tigase
38.3. Openfire
38.4. DJabberd
38.5. freetalk - A console based Jabber client
38.6. library
38.6.1. python-xmpp
39. Proxy Server
39.1. Apache Proxy
39.2. Squid - Internet Object Cache (WWW proxy cache)
39.2.1. 源码安装
39.2.2. debian/ubuntu 安装
39.2.3. 配置
39.2.3.1. 正向代理
39.2.3.2. 代理服务器
39.2.3.3. Squid作为反向代理Cache服务器(Reverse Proxy)
39.2.3.4. 代理+反向代理
39.2.4. Squid 管理
39.2.4.1. squidclient
39.2.4.2. reset cache
39.2.5. 禁止页面被Cache
39.2.6. Squid 实用案例
39.2.6.1. Squid Apache/Lighttpd 在同一台服务器上
39.2.6.2. 用非 root 用户守护 Squid
39.2.7. squid+icap+clamav
39.3. Web page proxy
39.3.1. Surrogafier
39.3.2. CGIproxy
39.3.3. PHPProxy
39.3.4. BBlocked
39.3.5. Glype
39.3.6. Zelune
39.4. Socks/Socks5
39.4.1. Socks5
39.4.2. dante-server - SOCKS (v4 and v5) proxy daemon(danted)
39.4.3. SSH Socks5 Tunnel
39.4.4. hpsockd - HP SOCKS server
39.4.5. Shadowsocks - A secure socks5 proxy, designed to protect your Internet traffic.
39.4.5.1. Server
39.4.5.1.1. Python PyPI
39.4.5.1.2. GitHub
39.4.5.2. ssserver 命令
39.4.5.3. Client
39.4.5.3.1. Shadowsocks for Windows
40. Firewall
40.1. TCP/IP 相关内核配置项
40.1.1. net.ipv4.ip_forward
40.1.2. net.ipv4.icmp_echo_ignore_all
40.2. iptables - administration tools for packet filtering and NAT
40.2.1. Getting Started
40.2.1.1. CentOS/Redhat TUI 工具
40.2.2. 用户自定义规则连
40.2.2.1. Chains List
40.2.2.2. Chains Refresh
40.2.2.3. Chains Admin
40.2.2.4. 重置
40.2.3. Protocols 协议
40.2.4. Interfaces 网络适配器接口
40.2.5. 源IP地址
40.2.6. Ports 端口
40.2.6.1. range
40.2.6.2. multiport
40.2.7. NAT
40.2.7.1. Redirect
40.2.7.2. Postrouting and IP Masquerading
40.2.7.3. Prerouting
40.2.7.4. DNAT and SNAT
40.2.7.5. DMZ zone
40.2.8. Module(模块)
40.2.8.1. IPTables and Connection Tracking
40.2.8.2. string
40.2.8.3. connlimit
40.2.8.4. recent
40.2.8.5. limit
40.2.8.6. nth
40.2.8.6.1. DNAT
40.2.8.6.2. SNAT
40.2.8.7. random 模块
40.2.9. IPV6
40.2.10. iptables-xml - Convert iptables-save format to XML
40.2.11. access.log IP封锁脚本
40.2.12. Example
40.2.12.1. INPUT Rule Chains
40.2.12.1.1. OpenSSH
40.2.12.1.2. FTP
40.2.12.1.3. DNS
40.2.12.1.4. WWW
40.2.12.1.5. SOCKS5
40.2.12.1.6. Mail Server
40.2.12.1.7. MySQL
40.2.12.1.8. PostgreSQL
40.2.12.1.9. DHCP
40.2.12.1.10. Samba
40.2.12.1.11. ICMP
40.2.12.1.12. 禁止IP访问自己
40.2.12.1.13. DENY
40.2.12.2. OUTPUT Rule Chains
40.2.12.2.1. outbound
40.2.12.2.2. ICMP
40.2.12.2.3. NFS
40.2.12.2.4. SSH
40.2.12.2.5. 禁止自己访问某个IP
40.2.12.3. Forward
40.2.12.3.1. TCPMSS
40.2.12.4. Malicious Software and Spoofed IP Addresses
40.2.12.5. /etc/sysconfig/iptables 操作系统默认配置
40.3. ulogd - The Netfilter Userspace Logging Daemon
40.4. ufw - program for managing a netfilter firewall
40.4.1. /etc/default/ufw
40.4.2. ip_forward
40.4.3. DHCP
40.4.4. Samba
40.5. CentOS 7 Firewalld
40.5.1. 如果你不习惯使用firewalld想用回Iptables
40.5.2. 安装 firewalld
40.5.3. firewalld 配置文件
40.5.3.1. 规则配置文件
40.5.3.2. 服务配置文件
40.5.3.3. 区域配置文件
40.5.4. firewall-cmd
40.5.4.1. 查看版本号
40.5.4.2. 查看帮助
40.5.4.3. 显示状态
40.5.4.4. 重新载入防火墙规则
40.5.4.5. 持久化
40.5.4.6. 检查配置正确性
40.5.4.7. 日志选项
40.5.4.8. 拒绝所有包
40.5.4.9. 直接模式
40.5.5. 区域
40.5.5.1. 查看区域
40.5.5.2. 查看默认区域
40.5.5.3. 设置默认区域
40.5.5.4. 查看区域对应的网络接口
40.5.5.5. 查看指定区域的所有配置
40.5.5.6. 查看所有区域的配置信息
40.5.5.7. 删除区域
40.5.5.8. 区域接口
40.5.5.8.1. 接口列表
40.5.5.8.2. 查询接口所在区域
40.5.5.8.3. 设置区域接口
40.5.5.9. 更在区域接口
40.5.6. 端口操作
40.5.6.1. 开放端口
40.5.6.2. 查看端口状态
40.5.6.3. 禁用端口
40.5.6.4. 指定端口协议
40.5.6.5. 端口转发
40.5.6.6. IP 转发
40.5.7. 服务
40.5.7.1. 查看可用的服务器
40.5.7.2. 启用服务
40.5.7.3. 禁用服务
40.5.7.4. 指定区域添加服务
40.5.7.5. 查询服务状态
40.5.7.6. 查看持久化服务
40.5.8. IP 伪装
40.5.8.1. 开启 IP 伪装
40.5.8.2. 查看 IP 伪装
40.5.8.3. 关闭 IP 伪装
40.5.9. 富规则
40.6. Shorewall
40.6.1. Installation Instructions
40.6.1.1. Install using RPM
40.6.1.2. Install using apt-get
40.6.2. Configuring Shorewall
40.6.2.1. zones
40.6.2.2. policy
40.6.2.3. interfaces
40.6.2.4. masq
40.6.2.5. rules
40.6.2.6. params
40.7. Firewall GUI Tools
40.8. Endian Firewall
40.9. Smooth Firewall
40.10. Sphirewall
41. Stunnel - universal SSL tunnel
42. OpenSSH
42.1. 安装 OpenSSH
42.2. /etc/ssh/
42.2.1. IP地址限制
42.2.2. sshd_config
42.2.2.1. Authentication 配置
42.2.2.2. Automatic SSH / SSH without password
42.2.2.3. disable password authentication
42.2.2.4. GSSAPI options
42.2.2.5. 忽略known_hosts文件
42.2.2.6. UseDNS no
42.2.2.7. 禁止root用户登录
42.2.2.8. 限制SSH验证重试次数
42.2.2.9. 禁止证书登陆
42.2.2.10. 使用证书替代密码认证
42.2.2.11. 图形窗口客户端记忆密码的问题
42.2.2.12. 用户白名单权限控制
42.2.2.13. 用户黑名单控制
42.2.2.14. 组白名单权限
42.2.2.15. 组黑名单权限
42.2.2.16. 禁止SSH端口映射
42.2.3. ssh_config
42.2.3.1. ForwardAgent
42.2.4. ~/.ssh/config
42.3. ssh client
42.3.1. -o option 参数详解
42.4. OpenSSH Tunnel
42.4.1. SOCKS v5 Tunnel
42.5. ssh-keygen — authentication key generation, management and conversion
42.5.1. .ssh/known_hosts
42.6. ssh-keyscan
42.7. ssh-copy-id - install your public key in a remote machine's authorized_keys
42.8. ssh-agent
42.8.1. ssh-add
42.8.2. Lock / Unlock agent
42.8.3. Set lifetime (in seconds) when adding identities.
42.9. OpenSSH for Windows
42.9.1. Putty Client
42.10. Google Authenticator - Android Apps on Google Play
42.11. 禁止SSH密码穷举
42.12. FAQ
42.12.1. Pseudo-terminal will not be allocated because stdin is not a terminal.
42.12.2. 去掉 passphrase
42.12.3. 打印调试信息
43. VPN (Virtual Private Network)
43.1. OpenVPN (openvpn - Virtual Private Network daemon)
43.1.1. 安装 OpenVPN Server
43.1.1.1. 源码安装
43.1.1.2. Ubuntu
43.1.1.2.1. create keys for the server
43.1.1.2.2. create keys for the clients
43.1.1.3. CentOS
43.1.2. Easy-RSA 3
43.1.2.1. 吊销用户证书
43.1.2.2. 导出 PKCS 7/PKCS 12 证书
43.1.2.3. 查看请求文件
43.1.2.4. 查看证书
43.1.2.5. 导入 req 文件
43.1.2.6. 更新数据库
43.1.2.7. Easy-RSA 2 吊销(revoke)用户证书
43.1.3. Openvpn Client
43.1.4. OpenVPN GUI for Windows
43.1.4.1. Windows Server
43.1.4.2. Windows Client
43.1.4.2.1. 客户端路由设置
43.1.5. point-to-point VPNs
43.1.6. VPN 案例
43.1.6.1. server and client vpn
43.1.6.2. Ethernet Bridging Example
43.1.6.3. IDC Example
43.1.7. OpenVPN安全
43.2. pptpd
43.2.1. Server 服务端
43.2.2. Client 客户端
43.2.2.1. 创建账号
43.2.2.2. 内核模块安装
43.2.2.3. 拨入VPN
43.2.2.4. 路由配置
43.2.2.4.1. 自动配置路由
43.2.2.4.2. 手工配置路由
43.2.3. FAQ
43.2.3.1. 800 错误
43.2.3.2. 测试 PPTP 端口
43.2.3.3. debug
43.3. l2tpd - dummy package for l2tpd to xl2tpd transition
43.4. strongswan - IPSec utilities for strongSwan
43.4.1. 安装 strongswan VPN 服务器
43.4.2. 防火墙配置
43.4.3. 配置 IPSEC
43.4.4. Windows 10 VPN 客户端配置
43.4.5. FAQ
43.4.5.1. 查看证书信息
43.5. openswan - IPSEC utilities for Openswan
43.6. Ipsec VPN
43.6.1. ipsec-tools - IPsec tools for Linux
43.7. N2N VPN
43.8. Hypersocket VPN
44. Point to Point
44.1. download
44.1.1. rtorrent - ncurses BitTorrent client based on LibTorrent
44.1.2. mldonkey-server - Door to the 'donkey' network
44.1.3. amule - client for the eD2k and Kad networks, like eMule

1. tc - show / manipulate traffic control settings

1.1. 模拟网络丢包

		
tc qdisc add dev eth0 root netem corrupt 0.2% loss 10%