The Linux Server serves as the gateway for the entire campus network to access the Internet. In the Linux environment, iptables is a flexible IP address filtering tool, this tool can be used only when multiple conditions are met before IP data can be used. This function enables Address binding. The design concept is that data forwarding is allowed only when both the IP address and the MAC address meet the conditions. The command is as follows:
Iptables-P FORWARD DROP
Iptables-a forward-s 192.168.6.200-m mac -- mac-source 00: 11: 5B: EF: 7A: D8-j ACCEPT
Iptables-a forward-s 192.168.6.201-m mac -- mac-source 50: 78: 4C: 4A: 46: C0-j ACCEPT
Iptables-a forward-s 192.168.6.202-m mac -- mac-source 00: 10: 5C: E4: A8: 50-j ACCEPT
The first line above is a forwarding policy, which means that no data is forwarded by a specified forwarding chain. The second line indicates that forwarding is allowed only when the IP address is 192.168.6.200 and the MAC address is 00: 11: 5B: EF: 7A: D8, similarly, rows 3 and 4 are respectively bound with 192.168.6.201 and 192.168.6.202. Each machine corresponds to such a line, you can bind the IP addresses of all machines to the MAC address. In the unbinding status, you only need to replace-A in the preceding command line with-D to delete the current forwarding chain and change the forwarding policy to ACCEPT. The above commands must be used with the POSTROUTING chain to implement the Internet function.
This article is from the "lfknight" blog, please be sure to keep this source http://lfknight.blog.51cto.com/20655/39600