Solved

MAC and IP binding in CentOS 6.3

Posted on 2013-05-29
4
641 Views
Last Modified: 2013-07-14
I have a application which is running on CentOS 6.3 under tomcat web server and other computer in our LAN  can access this application. Is this possible to bind MAC and IP of  computers so that other computers in our LAN cannot make connection to to our application.
0
Comment
Question by:edreamers
  • 2
4 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39206131
You can setup host (ip) based ACL via hosts.allow or hosts.deny -

http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm

You can do mac address filtering in ip tables but it is not recommended as it is high maintenance -

http://techgurulive.com/2008/09/22/how-to-do-mac-address-packet-filtering-using-iptables/
0
 

Author Comment

by:edreamers
ID: 39248586
Thanks Mazdajai for reply, I working on the solution you provided. Will comment after testing. Thanx
0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 500 total points
ID: 39255217
I would rather do this:

#/bin/bash
LAN=eth0
MAC=00:02:A5:EC:00:8B
IP=10.0.0.110

# If the mac is arriving with a different ip than authorized, drop it:
 iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s! ${IP} -j DROP
 iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s ${IP} -j ACCEPT
#end of script

you can also have a file pairing ip's and mac addresses.

say you have the file mac_ip.txt (mac address, then a space, then the ip address)
-------------------------------------------------------------------
00:02:A5:EC:00:8B 10.0.0.110
00:12:B5:EC:00:1A 10.0.0.112
...
etc
-------------------------------------------------------------------

then a simple script like this do the job:
-------------------------------------------------------------------
#/bin/bash
LAN=eth0
while read mac ip; do
   iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s! ${IP} -j DROP
   iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s ${IP} -j ACCEPT
done < mac_ip.txt
-------------------------------------------------------------------

hope this helps
Gabriel
0
 

Author Comment

by:edreamers
ID: 39324305
I've tried all but not able to control things the way I want. So I am migrating to Windows Platform. Thanx every one for their support.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now