Windows system >> Linux system Tutorial >> Linux Tutorial

How to set IP and MAC binding on Linux routing

  

In some systems, there is a need to have certain IP addresses in the intranet connected to the Internet, and hope that these IP addresses are not stolen by illegal users. This can be achieved by the following solution:

First use ipchains or iptables to set only allow legitimate IP addresses to be connected.

Establish an IP/Mac bundle for legitimate IP. To discuss this problem, we first need to understand the working principle of the ARP protocol. The arp protocol is an abbreviation of the Address Resolution Protocol. Its function and working principle are as follows:

In the underlying network communication, two To want to communicate with each other, the nodes must first know the source and destination MAC addresses. In order for the system to quickly find the MAC address of a remote node, each local kernel maintains an instant lookup table (called ARP cache). ARP has a list of IP addresses that map remote hosts to their corresponding MAC addresses. The Address Resolution Protocol (ARP) cache is a resident memory structure in which the contents are managed and maintained by the kernel of the local system. By default, the ARP cache retains the IP address (and corresponding MAC address) of the node with which the local system communicated for the last ten minutes.

When the MAC address of a remote host exists in the ARP cache of the local host, there is no problem in translating the IP address of the remote node to the MAC address. However, in many cases, the remote host's MAC address does not exist in the local ARP cache. What happens to the system? When you know the IP address of a remote host, but the MAC address is not in the local ARP cache, the following The process is used to obtain the MAC address of the remote node: the local host sends a broadcast packet to all nodes in the network to ask if there is a corresponding IP address. A node (only one) will answer this ARP broadcast message. The MAC address of this remote host will be included in the response packet. After receiving the return packet, the local node records the MAC address of the remote node in the local ARP cache.

If we establish the IP/MAC correspondence as fixed, that is, establish a static MAC correspondence for those legitimate IP addresses, then even if the illegal user steals the IP address, the Linux router responds to the connection from these IPs. When requesting, it will not ask the mac address through the arp protocol, but use the static MAC address established by Linux and send the response data. If the IP is stolen, the response data will not be obtained and the network service cannot be used.

The method of establishing static IP/MAC binding is to establish the /etc/ethers file, which contains the correct IP/MAC mapping. The format is as follows:

192.168.2.32 08:00:4E :B0:24:47

Then add /arp-f to /etc/rc.d/rc.local.

2.4 kernel iptables can limit both IP and Mac at the same time. Use this function to define the IP address and Mac address for the legal IP rules.

Linux Tutorial
Windows system
Linux nginx supports .htaccess file to implement pseudo-static method!

The method is as follows: 1. Create a new .htaccess file in the directory where you need to use the
Too many open files Error resolution

Too many open files Errors are common faults in Linux systems. Solutions can be easily found on the

Single-chip drive LED, digital tube, lcd display

1, what is light-emitting diode Light-emitting diodes are everywhere in everyday appliances, it can
Linux environment programming - ftok () function detailed

system to establish IPC communication (such as message queue, shared memory) must specify an ID valu
Linux 12 is not known 12 insider

According to foreign media reports, Linux does not seem to be fully loved by people. Operating syste
Microsoft will pre-install Skype

for Windows 7 computers Microsoft will allow its computer OEMs and their system co-developers to d
  • Linux system FAQ
  • Linux Tutorial
  • About Linux

    • Windows system fault quick resolution skills

    Magic Group Policy allows Win 7 to prevent unfamiliar U disk boot

    Win7 system software upgrade always pops up "0X80070643" error code failure analysis and solution

    What should I do if the computer starts to report Error 1962? Computer error Error 1962 solution

    50 Windows 8 Application Tips Highlights

    How to use the win10 screenshot tool

    Win10 official version of the latest Chinese image download 64-bit (Professional Edition + Home Edition)

    Win10 removes three methods for uninstalling app icons

    Win10 computer QQ voice and video sound small solution

    Win7/Win8.1/Win10 command line configuration static IP address method

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved