# 网络故障排查流程
# 1. 检查本地网络接口
# 2. 检查IP地址配置
# 3. 检查路由配置
# 4. 检查DNS解析
# 5. 检查防火墙规则
# 6. 检查网络连通性
# 7. 检查服务状态

# 常用排查工具
# ifconfig/ip: 查看网络接口
# route/ip route: 查看路由表
# ping: 测试连通性
# traceroute: 追踪路由
# nslookup/dig: DNS解析
# netstat/ss: 查看端口
# tcpdump: 抓包分析

# 查看网络接口状态
$ ip addr show
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever

# 查看网络接口统计信息
$ ip -s link show eth0
2: eth0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
10.0M 10000 0 0 0 0
TX: bytes packets errors dropped carrier collsns
5.0M 5000 0 0 0 0

# 查看网络接口详细信息
$ ethtool eth0
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: 1000Mb/s
Duplex: Full
Auto-negotiation: on
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
MDI-X: off (auto)
Supports Wake-on: umbg
Wake-on: d
Link detected: yes

# 检查网络接口是否启用
$ ip link show eth0 | grep state
2: eth0: mtu 1500 qdisc mq state UP

# 启用网络接口
$ sudo ip link set eth0 up

# 禁用网络接口
$ sudo ip link set eth0 down

# 查看路由表
$ ip route show
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100

# 查看特定目标的路由
$ ip route get 8.8.8.8
8.更多学习教程公众号风哥教程itpux_com8.8.8 via 192.168.1.1 dev eth0 src 192.168.1.100 uid 0
cache

# 检查默认网关
$ ip route show defrom PG视频:www.itpux.comfault
default via 192.168.1.1 dev eth0 proto static metric 100

# 添加默认网关
$ sudo ip route add default via 192.168.1.1

# 删除默认网关
$ sudo ip route del default via 192.168.1.1

# 添加静态路由
$ sudo ip route add 10.0.0.0/24 via 192.168.1.254

# 查看ARP缓存
$ ip neigh show
192.168.1.1 dev eth0 lladdr 00:11:22:33:44:55 REACHABLE
192.168.1.10 dev eth0 lladdr 08:00:27:ab:cd:ef REACHABLE

# 清除ARP缓存
$ sudo ip neigh flush all

# 测试网关连通性
$ ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.521 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.489 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.512 ms

— 192.168.1.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.489/0.505/0.521/0.013 ms

# 查看防火墙状态
$ sudo firewall-cmd –state
running

# 查看防火墙区域
$ sudo firewall-cmd –get-active-zones
public
interfaces: eth0

# 查看防火墙规则
$ sudo firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

# 查看iptables规则
$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
100K 10M ACCEPT all — * * 0.更多视频教程www.fgedu.net.cn0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
10 500 ACCEPT icmp — * * 0.0.0.0/0 0.0.0.0/0
100 5000 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
50 2500 ACCEPT tcp -学习交流加群风哥微信: itpux-com- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW

# 检查端口是否开放
$ sudo firewall-cmd –query-port=80/tcp
no

# 开放端口
$ sudo firewall-cmd –permanent –add-port=80/tcp
success
$ sudo firewall-cmd –reload
success

# 检查服务是否允许
$ sudo firewall-cmd –query-service=http
no

# 允许服务
$ sudo firewall-cmd –permanent –add-service=http
success
$ sudo firewall-cmd –reload
success

# 临时禁用防火墙（用于测试）
$ sudo systemctl stop firewalld

# 启用防火墙
$ sudo systemctl start firewalld

# 案例1：无法访问外网
# 步骤1：检查本地网络接口
$ ip addr show eth0
2: eth0: mtu 1500 qdisc mq state UP
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute eth0

# 步骤2：检查网关连通性
$ ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.521 ms

# 步骤3：检查DNS解析
$ nslookup www.google.com
;; connection timed out; no servers could be reached

# 解决方案：配置DNS服务器
$ sudo nmcli connection modify eth0 ipv4.dns “8.8.8.8”
$ sudo nmcli connection up eth0

# 案例2：SSH连接被拒绝
# 步骤1：检查SSH服务状态
$ sudo systemctl status sshd
● sshd.service – OpenSSH server daemon
Active: inactive (dead)

# 解决方案：启动SSH服务
$ sudo systemctl start sshd
$ sudo systemctl enable sshd

# 步骤2：检查SSH端口
$ sudo ss -tlnp | grep 22
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:((“sshd”,pid=12345,fd=3))

# 步骤3：检查防火墙
$ sudo firewall-cmd –query-service=ssh
yes

# 案例3：网络延迟高
# 步骤1：检查网络延迟
$ ping -c 10 8.8.8.8
PING 8.8.8.8 (8.8.8.学习交流加群风哥QQ1132571748) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=50.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=100.2 ms

# 步骤2：追踪路由
$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 gateway (192.168.1.1) 0.521 ms 0.489 ms 0.512 ms
2 * * *
3 172.16.0.1 (172.16.0.1) 50.678 ms 50.789 ms 50.890 ms

# 步骤3：检查网络接口统计
$ ip -s link show eth0
RX: bytes packets errors dropped overrun mcast
10.0M 10000 100 50 0 0

# 解决方案：检查网络设备和线路