How to set IP and Mac bindings on Linux routing
============================================================================================================================================================================================================= = Cartial creation article system http://www.usingdo.net/usingdonews/================================= ================== In some systems have such a need, I hope that a few IP addresses in the internal network will connect to the Internet, and I hope that these IP addresses are not illegal users. Steal. You can implement the following solution: First use IPChains or iptables to set only the legal IP address to be connected. An IP / MAC bundle is established for legal IP. To discuss this problem, we first need to understand the working principle of the ARP protocol, the ARP protocol is the abbreviation of address resolution protocol, its role and working principle are as follows: In the underlying network communication, two nodes want to communicate with each other. You must first know the MAC address of the source and the target. In order to quickly find a remote node's MAC address, each local kernel saves an instant query table (called ARP cache). A list of IP addresses in the ARP to the IP address of the remote host to its corresponding MAC address. The address resolution protocol (ARP) cache is a data structure of a resident memory, which is managed and maintained by the kernel of the local system. By default, the ARP cache retains an IP address (and the corresponding MAC address) with a node of the most recent local system and communication. When a remote host's MAC address exists in the ARP cache of the local host, the IP address of the conversion remote node will not encounter problems with the MAC address. However, in many cases, how does the remote host's MAC address does not exist in the local ARP cache? In a known IP address of a remote host, the MAC address is not in the local ARP cache, the following procedures are used to get the MAC address of the remote node: the local host sends a broadcast package to all nodes in the network, ask if there is The corresponding IP address. A node (only one) will answer this ARP broadcast information. The MAC address of this remote host will be included in the packet responded. After receiving this return package, the local node records the MAC address of the remote node in the local ARP cache. If we establish the IP / Mac correspondence to fixed, it is to establish a static MAC correspondence for those legal IP addresses, so even if the illegal user steals the IP address Linux router to respond to the connection request sent by these IPs, it will not pass The ARP protocol asks its MAC address but uses Linux's static MAC addresses, which makes a response data so that IP will not get a response data so that the network is not available.
