Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to set ip and mac binding in Linux routing. Many people may not know much about it. In order to let everyone know more, Xiaobian summarizes the following contents for everyone. I hope everyone can gain something according to this article.

First use ipchains or iptables to set up only valid IP addresses to be connected.

Establish IP/Mac bundling for legitimate IP. To discuss this problem we first need to understand how ARP works. ARP is an abbreviation for Address Resolution Protocol. Its role and working principle are as follows:

In the underlying network communication, two nodes want to communicate with each other, they must first know the MAC address of the source and destination. In order for the system to quickly find the MAC address of a remote node, each local kernel maintains an immediate lookup table (called an ARP cache). ARP contains a list that maps IP addresses of remote hosts to their MAC counterparts. An Address Resolution Protocol (ARP) cache is a memory-resident data structure whose contents are managed and maintained by the kernel of the native system. By default, the ARP cache holds the IP addresses (and corresponding MAC addresses) of nodes with which the local system has communicated for the last ten minutes.

When a remote host's MAC address exists in the local host's ARP cache, translating the remote node's IP address to a MAC address does not cause problems. However, in many cases, the MAC address of the remote host does not exist in the local ARP cache. When the IP address of a remote host is known, but the MAC address is not in the local ARP cache, the following procedure is used to obtain the MAC address of the remote node: The local host sends a broadcast packet to all nodes in the network asking if there is a corresponding IP address. One node (and only one) will reply to this ARP broadcast message. The MAC address of the remote host will be included in the response packet. After receiving this return packet, the local node records the MAC address of the remote node in the local ARP cache.

If we establish the IP/MAC correspondence as fixed, that is, to establish a static MAC correspondence for those legitimate IP addresses, then even if illegal users steal IP addresses, linux routers will not ask for their MAC addresses through arp protocol when responding to connection requests sent by these IPs, but use Linux to establish static MAC addresses and send response data.

The way to establish static IP/MAC binding is to create the/etc/ethers file, which contains the correct IP/MAC mapping, in the following format:

192.168.2.32 08:00:4E:B0:24:47

Then add/etc/rc.d/rc.local***: arp -f

2.4 The kernel iptables can limit both IP and Mac addresses. Use this function to limit both IP addresses and Mac addresses to legal IP rules.

After reading the above, do you have any further understanding of how to set ip and mac bindings in Linux routing? If you still want to know more knowledge or related content, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.