A-A+

Centos7关闭ipv6

2016年03月08日 Linux运维 暂无评论 阅读 1,726 views 次

CentOS 7下禁用IPV6的方法和以前的版本不一样了,我们整理了处理方法:

一、最根本的解决方法:修改grub,在引导时就不加载IPV6模块

#vim /etc/default/grub

在第六行,添加“ipv6.disable=1”

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="ipv6.disable=1 vconsole.keymap=us crashkernel=auto  vconsole.font=latarcyrheb-sun16 rhgb quiet console=ttyS0,115200n8 video=800x600"
GRUB_DISABLE_RECOVERY="true"

重新加载,并重启服务器:

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-123.4.4.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-123.4.4.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-8d1fcbed219ea3264af0402615579c5a
Found initrd image: /boot/initramfs-0-rescue-8d1fcbed219ea3264af0402615579c5a.img
done
# reboot

修改之后,使用以下命令进行验证:

# lsmod | grep ipv6

二、第二种方式不如上面提到的方式彻底,但也是有效的!

禁用IPV6的操作步骤

Step 1: add this rule in /etc/sysctl.conf : net.ipv6.conf.all.disable_ipv6=1

Step 2: add this rule in /etc/sysconfig/network: NETWORKING_IPV6=no

Step 3: add this setting for each nic X (X is the corresponding number for each nic) in /etc/sysconfig/network-scripts/ifcfg-ethX: IPV6INIT=no

Step 4: disable the ip6tables service : chkconfig ip6tables off

Step 5: Reload the sysctl configuration:

# sysctl -p

or

# reboot

验证IPV6是否关闭,需要特别说明的是:在这种方法下,使用# lsmod | grep ipv6依然会有一些相关模块列出。

1. 通过命令:

Check to see if you’re installation is currently set up for IPv6:

# cat /proc/sys/net/ipv6/conf/all/disable_ipv6

If the output is 0, IPv6 is enabled.

If the output is 1, IPv6 is already disabled.

2. 通过ifconfig查看网卡信息或者netstat查看端口监听情况,以下为打开和关闭ipv6的差别:
已经关闭掉ipv6的:

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1454
        inet 10.11.28.225  netmask 255.255.0.0  broadcast 10.11.255.255
        ether 52:54:00:c6:1a:66  txqueuelen 1000  (Ethernet)
        RX packets 139156  bytes 190128403 (181.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 97576  bytes 9530483 (9.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address    State       PID/Program name
tcp        0      0 127.0.0.1:25       0.0.0.0:*          LISTEN      1895/master
tcp        0      0 0.0.0.0:10050      0.0.0.0:*          LISTEN      510/zabbix_agentd
tcp        0      0 0.0.0.0:3306       0.0.0.0:*          LISTEN      2677/mysqld
tcp        0      0 0.0.0.0:22         0.0.0.0:*          LISTEN      731/sshd

未关闭掉ipv6的:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 06:BE:BA:61:21:F1  
          inet addr:172.31.25.72  Bcast:172.31.31.255  Mask:255.255.240.0
          inet6 addr: fe80::4be:baff:fe61:21f1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
          RX packets:709194431 errors:0 dropped:0 overruns:0 frame:0
          TX packets:717067519 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:48370552455 (45.0 GiB)  TX bytes:274840175746 (255.9 GiB)
# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address    Foreign Address   State       PID/Program name  
tcp        0      0 0.0.0.0:21       0.0.0.0:*         LISTEN      4367/pure-ftpd (SER
tcp        0      0 0.0.0.0:22       0.0.0.0:*         LISTEN      3389/sshd          
tcp        0      0 0.0.0.0:10050    0.0.0.0:*         LISTEN      4402/zabbix_agentd
tcp        0      0 :::21            :::*              LISTEN      4367/pure-ftpd (SER
tcp        0      0 :::22            :::*              LISTEN      3389/sshd

注意:禁用IPV6后,可能会导致某些服务无法正常启动,比如SSHD和VSFTP,对于VSFTP,修改其配置文件中的listen和listen_ipv6两个选项:

listen=YES
listen_ipv6=NO
标签:

给我留言

本站理念:

致力于运维技术的分享,运维前源技术的探讨,欢迎广大朋友一起参与,一起分享,共同成长。

交流探讨:

QQ群:26489714