Настройка network manager в консоли


To get the list of all the available network configurations, type:

# nmcli connection
eth0 94aaedf1-ca71-4789-87c8-88e5367125d5 802-3-ethernet Tue 28 Jan 2014 02:40:18 AM CET
eth0 914d2052-f0fd-4a05-86b7-405512427101 802-3-ethernet never
EEE 9a3642f0-600d-43f9-b9ce-7e555dd7b45d 802-11-wireless Tue 28 Jan 2014 01:01:58 PM CET

To display details about the network configuration that has never been used, type:

# nmcli c show configured 914d2052-f0fd-4a05-86b7-405512427101
connection.id: eth0
connection.uuid: 914d2052-f0fd-4a05-86b7-405512427101
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.timestamp: 0
connection.read-only: no
connection.zone: --
connection.master: --
connection.slave-type: --
connection.gateway-ping-timeout: 0
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: yes
802-3-ethernet.mac-address: 52:54:00:8A:45:52
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-nettype: --
ipv4.method: manual
ipv4.addresses: { ip =, gw = }
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: ignore
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-hostname: --

To delete this network configuration, type:

# nmcli c delete 914d2052-f0fd-4a05-86b7-405512427101

To get the list of the active network configurations, type:

# nmcli c show active
eth0 94aaedf1-ca71-4789-87c8-88e5367125d5 eth0 no no --

Note: It would have been possible to activate the previous network configuration before removal by typing:

# nmcli c up 914d2052-f0fd-4a05-86b7-405512427101

To get more information about connection management, go to the page about configuring IPv4 addresses.

You can also edit any kind of connection in an interactive way:

# nmcli c edit 914d2052-f0fd-4a05-86b7-405512427101

===| nmcli interactive connection editor |===

Editing existing '802-3-ethernet' connection: '914d2052-f0fd-4a05-86b7-405512427101'

Type 'help' or '?' for available commands.
Type 'describe ' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb


The package provides the client program , the daemon and the Wi-Fi monitoring tool .

Start/enable so it can be controlled using the command.


To get an interactive prompt do:

$ iwctl

The interactive prompt is then displayed with a prefix of .


  • In the prompt you can auto-complete commands and device names by hitting .
  • To exit the interactive prompt, send EOF by pressing .
  • You can use all commands as command line arguments without entering an interactive prompt. For example: .

To list all available commands:

# help

Connect to a network

This article or section needs expansion.

First, if you do not know your wireless device name, list all Wi-Fi devices:

# device list

Then, to scan for networks:

# station device scan

You can then list all available networks:

# station device get-networks

Finally, to connect to a network:

# station device connect SSID

If a passphrase is required, you will be prompted to enter it. Alternatively, you can supply as a command line argument:

$ iwctl --passphrase passphrase station device connect SSID


  • automatically stores network passphrases in the directory and uses them to auto-connect in the future. See .
  • To connect to a network with spaces in the SSID, the network name should be double quoted when connecting.
  • iwd only supports PSK pass-phrases from 8 to 63 ASCII-encoded characters. The following error message will be given if the requirements are not met: .

Connect to a network using WPS/WSC

If your network is configured such that you can connect to it by pressing a button (Wikipedia:Wi-Fi Protected Setup), check first that your network device is also capable of using this setup procedure.

# wsc list

Then, provided that your device appeared in the above list,

# wsc device push-button

and push the button on your router. The procedure works also if the button was pushed beforehand, less than 2 minutes earlier.

If your network requires to validate a PIN number to connect that way, check the command output to see how to provide the right options to the command.

To disconnect from a network:

# station device disconnect

Show device and connection information

To display the details of a WiFi device, like MAC address:

# device device show

To display the connection state, including the connected network of a Wi-Fi device:

# station device show

Manage known networks

To list networks you have connected to previously:

# known-networks list

To forget a known network:

# known-networks SSID forget

Compare nm-settings with ifcfg-* directives (IPv6)

nmcli con mod ifcfg-* file Effect
IPv6 is configured statically
Will configure network settings using SLAAC from router advertisements.
Will configure network settings by using DHCPv6, but not SLAAC
Sets static IPv6 Address and Gateway
Modify /etc/resolv.conf to use this nameserver
Modify /etc/resolv.conf to use to use this domain in the search directive
Ignore DNS server information from the DHCP server
Automatically activates the connection at boot
The name of this connection
The connection is bound to this network interface with this name
The connection is bound to the network interface with this MAC Address

Network management

To set up a network connection, go through the following steps:

  1. Ensure your is listed and enabled.
  2. Connect to the network. Plug in the Ethernet cable or connect to the wireless LAN.
  3. Configure your network connection:
    • dynamic IP address: use


iproute2 is a dependency of the meta package and provides the command-line interface, used to manage , and the . Be aware that configuration made using will be lost after a reboot. For persistent configuration, you can use a network manager or automate ip commands using scripts and . Also note that commands can generally be abbreviated, for clarity they are however spelled out in this article.

Network interfaces

Tip: To change interface names, see and .

Listing network interfaces

Both wired and wireless interface names can be found via or . Note that is the loop device and not used in making network connections.

Wireless device names can also be retrieved using . See also .

If your network interface is not listed, make sure your device driver was loaded successfully. See or .

Enabling and disabling network interfaces

Network interfaces can be enabled or disabled using , see .

To check the status of the interface :

$ ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN mode DEFAULT qlen 1000

The in is what indicates the interface is up, not the later .

Note: If your default route is through interface , taking it down will also remove the route, and bringing it back up will not automatically re-establish the default route. See for re-establishing it.

Static IP address

A static IP address can be configured with most standard and also dhcpcd.

To manually configure a static IP address, add an IP address as described in , set up your and configure your DNS servers.

IP addresses

IP addresses are managed using .

List IP addresses:

$ ip address show

Add an IP address to an interface:

# ip address add address/prefix_len broadcast + dev interface
Note that:
  • the address is given in to also supply a subnet mask
  • is a special symbol that makes derive the broadcast address from the IP address and the subnet mask
Note: Make sure manually assigned IP addresses do not conflict with DHCP assigned ones.

Delete an IP address from an interface:

# ip address del address/prefix_len dev interface

Delete all addresses matching a criteria, e.g. of a specific interface:

# ip address flush dev interface

Routing table

The routing table is used to determine if you can reach an IP address directly or what gateway (router) you should use. If no other route matches the IP address, the default gateway is used.

The routing table is managed using .

PREFIX is either a CIDR notation or for the default gateway.

List IPv4 routes:

$ ip route show

List IPv6 routes:

$ ip -6 route

Add a route:

# ip route add PREFIX via address dev interface

Delete a route:

# ip route del PREFIX via address dev interface


A Dynamic Host Configuration Protocol (DHCP) server provides clients with a dynamic IP address, the subnet mask, the default gateway IP address and optionally also with DNS name servers.

To use DHCP you need a DHCP server in your network and a DHCP client:

Client Package Archiso Note Systemd units
dhcpcd Yes DHCP, DHCPv6, ZeroConf, static IP ,
Yes DHCP, DHCPv6, BOOTP, static IP

Alternatively, has a built-in DHCP client that can be used with some configuration: .


  • You should not run two DHCP clients simultaneously.
  • Instead of directly using a DHCP client you can also use a .

Tip: You can check if a DHCP server is running with .

Tip: While waiting for an IP to be assigned you can run something like


This article or section needs expansion.

Server Package IPv4 IPv6 GUI Interfaces Storage backend(s) Note
dhcpd Yes Yes ? File
dnsmasq Yes Yes No ? File Also DNS, PXE and TFTP
Kea Yes Yes REST, RADIUS and NETCONF File, MySQL, PostgreSQL and Cassandra Also DNS

Network managers

A network manager lets you manage network connection settings in so called network profiles to facilitate switching networks.

Note: There are many solutions to choose from, but remember that all of them are mutually exclusive; you should not run two daemons simultaneously.

Network manager GUI CLI tools PPP support (e.g. 3G modem) Systemd units
ConnMan 8 unofficial No Yes (with AUR) internal
netctl 2 unofficial No , wifi-menu Yes dhcpcd or ,
NetworkManager Yes No , Yes internal or
systemd-networkd No Yes () internal ,
Wicd Yes No , No dhcpcd or


netctl uses profiles to manage network connections and different modes of operation to start profiles automatically or manually on demand.

The netctl profile files are stored in and example configuration files are available in .

To use an example profile, simply copy it from to and configure it to your needs; see basic below. The first parameter you need to create a profile is the network , see for details.


  • For wireless settings, you can use as root to generate the profile file in . The package is required to use wifi-menu.
  • Use in your profile to enable a static IP profile on a wired interface no matter if the cable is connected or not.

See for a complete list of profile options.

Как добавить статический маршрут в CentOS

Для управления маршрутизацией в CentOS может понадобиться добавить статический маршрут. Сделать это достаточно просто с помощью консольной команды. Для начала проверим существующие маршруты, используя netstat:

В данном случае у нас один маршрут для адреса шлюз используется, он же шлюз по-умолчанию. То есть по сути, статических маршрутов никаких нет. Добавим один из них.

Допустим, у нас есть подсеть маска, трафик в эту подсеть маршрутизирует шлюз Добавляем маршрут:

Проверяем, появился ли добавленный маршрут в таблицу маршрутизации:

Все в порядке, маршрут добавлен. Делаем то же самое с помощью утилиты ip.

Но после перезагрузки этот статический маршрут будет удален. Чтобы этого не произошло и добавленные маршруты сохранялись, необходимо их записать в специальный файл. В папке /etc/sysconfig/network-scripts создаем файл с именем route-eth0 следующего содержания:

Перезагружаемся и проверяем, на месте ли маршрут:

Все в порядке, статический маршрут добавлен.


为了配置和轻松使用网络管理器,大多数用户会希望安装一个托盘组件。图形前端往往显示在系统托盘(或通知区域),从而允许用户选择网络或者配置 NetworkManager。不同类型的桌面环境下有多种托盘插件。



为了存储连接密码,请安装并配置 GNOME/Keyring。

请注意,如果对某个连接启用了 选项,NetworkManager就会将密码明文存储,虽然相应的文件只能被root或者其他使用 的用户访问。参照 。

在没有系统托盘的情况下运行 ,可以使用 或者

nm-applet    2>&1 > /dev/null &
stalonetray  2>&1 > /dev/null
killall nm-applet

当关闭 stalonetray 窗口的时候,它会关闭 ,所以当你完成网络配置后它就不会再占用内存。

为了在禁用消息提示的情况下使用 ,用以下命令运行程序:

$ nm-applet --no-agent

Tip: 可能被 自启动desktop文件 自动启动,这种情况下要添加—no-agent选项请修改Exec那一行:

Exec=nm-applet --no-agent


$ nm-applet --indicator

AUR 是一个通过 dmenu 而不是 来管理 NetworkManager 连接的脚本。它提供了所有必要的功能, 例如连接到已有的 WiFi 或有线网络、连接到新的 WiFi 网络、在需要的时候询问密码、连接到已有的 VPN、启用/停用网络连接、运行图形界面 nm-connection-editor 等等。

What is Network Bridge?

  • A network bridge consolidates the resources of multiple physical interfaces into one virtual interface.
  • A network bridge is similar to a virtual LAN interface but sort of the opposite.
  • Network bridges join network adapters to a single subnet and present a unified network to all bridge clients.
  • For instance, if you have a 16 port unmanaged switch and it is full and you need to add additional clients to the same network, then you could add a network adapter to your pfSense installation and then create a network bridge to join a new switch full of clients to the same network.

The basic format of a command is as follows:

nmcli  OBJECT { COMMAND | help }

where OBJECT can be one of the following options: general, networking, radio, connection, device, agent, and monitor. You can use any prefix of these options in your commands. For example, , , generate the same output.

Follow man page of nmcli to get more details.

The ‘nmcli radio’ sub-command

Use the nmcli radio object to show radio switch status, or to enable and disable the switches. The following command provides help on the nmcli radio object:

# nmcli radio help
Usage: nmcli radio { COMMAND | help }
COMMAND := { all | wifi | wwan }
  all | wifi | wwan 

Some examples of using this command are given.

Example 1 : Check Radion Switch status

The following command displays the radio switch status.

# nmcli radio
enabled  enabled  enabled  enabled

Example 2: Disable Wi-Fi in NetworkManager

Following Example disable the Wi-Fi in NetworkManager.

# nmcli radio wifi off
# nmcli radio
enabled  disabled  enabled  enabled


To get a general status, type:

# nmcli general
connected full enabled enabled enabled disabled

To get the same result in a better output, type:

# nmcli -p g
NetworkManager status
connected full enabled enabled enabled disabled

To get some informations about the permissions, type:

# nmcli g permissions
org.freedesktop.NetworkManager.enable-disable-network yes
org.freedesktop.NetworkManager.enable-disable-wifi yes
org.freedesktop.NetworkManager.enable-disable-wwan yes
org.freedesktop.NetworkManager.enable-disable-wimax yes
org.freedesktop.NetworkManager.sleep-wake yes
org.freedesktop.NetworkManager.network-control yes
org.freedesktop.NetworkManager.wifi.share.protected yes
org.freedesktop.NetworkManager.wifi.share.open yes
org.freedesktop.NetworkManager.settings.modify.system yes
org.freedesktop.NetworkManager.settings.modify.own yes
org.freedesktop.NetworkManager.settings.modify.hostname yes

To get some informations about the level of logging, type:

# nmcli g logging


To get the server hostname, type:

# nmcli g hostname

To assign a new hostname (here desktop.example.com) to the server, type:

# nmcli g hostname desktop.example.com

Other Packages Related to network-manager

  • dep:

    add and remove users and groups
  • dep:
    (>= 1.1.2)
    simple interprocess messaging system (daemon and utilities)
  • dep:

    Small caching DNS proxy and DHCP/TFTP server
  • dep:
    (>= 1.18~)
    helper tools for all init systems
  • dep:
    (>= 4.3.1-5ubuntu1)
    DHCP client for automatically obtaining an IP address
  • dep:
    (>= 4.91)
    Library to use the BlueZ Linux Bluetooth stack
  • dep:
    (>= 2.17)
    GNU C Library: Shared libraries also a virtual package provided by


    (>= 2.22)
  • dep:
    (>= 2.39.4)
    GLib library of C routines
  • dep:
    (>= 3.4.0)
    GNU TLS library — main runtime library
  • dep:
    (>= 165)
    GObject-based wrapper library for libudev
  • dep:
    (>= 1.0.0)
    D-Bus service for managing modems — shared libraries
  • dep:
    (>= 1.2)
    Library for Neighbor Discovery Protocol
  • dep:

    Not Erik’s Windowing Toolkit — text mode windowing with slang
  • dep:
    (>= 3.2.7)
    library for dealing with netlink sockets
  • dep:
    (>= 1.1.93)
    GObject-based client library for NetworkManager
  • dep:

    system and service manager — PAM module
  • dep:
    (>= 0.99)
    PolicyKit Authentication Agent API
  • dep:
    (>= 0.104)
    PolicyKit Authorization API
  • dep:
    (>= 6.0)
    GNU readline and history libraries, run-time libraries
  • dep:
    (>= 2.40)
    HTTP library implementation in C — Shared library
  • dep:

    systemd utility library
  • dep:
    (>= 2.16)
    Universally Unique ID library
  • dep:
    (>= 4.1+Debian11ubuntu7)
    Linux Standard Base init script functionality
  • dep:

    framework for managing administrative policies and privileges
  • dep:

    /dev/ and hotplug management daemon
  • dep:
    (>= 0.7.3-1)
    client support for WPA and WPA2 (IEEE 802.11i)
  • rec:

    wireless Central Regulatory Domain Agent
  • rec:

    administration tools for packet filtering and NAT
  • rec:

    Tool to send ICMP echo requests to an ARP address
  • rec:

    D-Bus service for managing modems also a virtual package provided by


  • rec:

    network management framework (GNOME frontend)

    Package not available

    Plasma5 networkmanager library.
  • rec:

    network management framework (PPTP plugin core)
  • rec:
    (>= 2.4.6)
    Point-to-Point Protocol (PPP) — daemon


The TCP window scaling problem

TCP packets contain a «window» value in their headers indicating how much data the other host may send in return. This value is represented with only 16 bits, hence the window size is at most 64Kb. TCP packets are cached for a while (they have to be reordered), and as memory is (or used to be) limited, one host could easily run out of it.

It appears that some broken routers and firewalls on the Internet are rewriting the Scale Factor to 0 which causes misunderstandings between hosts. The Linux kernel 2.6.17 introduced a new calculation scheme generating higher Scale Factors, virtually making the aftermaths of the broken routers and firewalls more visible.

The resulting connection is at best very slow or broken.

How to diagnose the problem

First of all, let us make it clear: this problem is odd. In some cases, you will not be able to use TCP connections (HTTP, FTP, …) at all and in others, you will be able to communicate with some hosts (very few).

When you have this problem, the ‘s output is OK, logs are clean and will report normal status… and actually everything appears normal.

If you cannot browse any website, but you can ping some random hosts, chances are great that you are experiencing this problem: ping uses ICMP and is not affected by TCP problems.

You can try to use Wireshark. You might see successful UDP and ICMP communications but unsuccessful TCP communications (only to foreign hosts).

Ways of fixing it


To fix it the bad way, you can change the value, on which Scale Factor calculation is based. Although it should work for most hosts, it is not guaranteed, especially for very distant ones.

# echo "4096 87380 174760" > /proc/sys/net/ipv4/tcp_rmem

Simply disable Window Scaling. Since Window Scaling is a nice TCP feature, it may be uncomfortable to disable it, especially if you cannot fix the broken router. There are several ways to disable Window Scaling, and it seems that the most bulletproof way (which will work with most kernels) is to add the following line to (see also sysctl):

net.ipv4.tcp_window_scaling = 0

This problem is caused by broken routers/firewalls, so let us change them. Some users have reported that the broken router was their very own DSL router.

More about it

There are also several relevant threads on the LKML.

Connected second PC unable to use bridged LAN

First PC have two LAN. Second PC have one LAN and connected to first PC. Lets go second PC to give all access to LAN after bridged interface:

This article or section needs expansion.

# sysctl net.bridge.bridge-nf-filter-pppoe-tagged=0
# sysctl net.bridge.bridge-nf-filter-vlan-tagged=0
# sysctl net.bridge.bridge-nf-call-ip6tables=0
# sysctl net.bridge.bridge-nf-call-iptables=0
# sysctl net.bridge.bridge-nf-call-arptables=0

Verify network bridge configuration

Now we are all done with the steps to create and configure network bridge using nmcli in RHEL/CentOS 7. To verify our configuration, we can check if app-br0 has been assigned with the IP Address.

# ip addr show dev app-br0
23: app-br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 9c:dc:71:77:ef:51 brd ff:ff:ff:ff:ff:ff
    inet brd scope global app-br0
       valid_lft forever preferred_lft forever
    inet6 fe80::f479:8a1:4dd0:1df0/64 scope link
       valid_lft forever preferred_lft forever

Next try to ping the gateway of the bridge interface and make sure it is reachable

# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=19.0 ms
64 bytes from icmp_seq=2 ttl=64 time=0.706 ms
64 bytes from icmp_seq=3 ttl=64 time=19.6 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.706/13.134/19.671/8.792 ms

Since makes persistent changes to the network configuration, you can also verify the network configuration files created by . The bridge interface configuration file is «»

# cd /etc/sysconfig/network-scripts/
# cat ifcfg-bridge-app-br0

Similarly verify the configuration file of the slave interface of network bridge.

# cat ifcfg-br-slave-1

# cat ifcfg-br-slave-2

Check your default gateway

# ip route
default via dev app-bridge proto static metric 426
Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *