Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

MAC and IP binding in CentOS 6.3

Posted on 2013-05-29
4
657 Views
Last Modified: 2013-07-14
I have a application which is running on CentOS 6.3 under tomcat web server and other computer in our LAN  can access this application. Is this possible to bind MAC and IP of  computers so that other computers in our LAN cannot make connection to to our application.
0
Comment
Question by:edreamers
  • 2
4 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39206131
You can setup host (ip) based ACL via hosts.allow or hosts.deny -

http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm

You can do mac address filtering in ip tables but it is not recommended as it is high maintenance -

http://techgurulive.com/2008/09/22/how-to-do-mac-address-packet-filtering-using-iptables/
0
 

Author Comment

by:edreamers
ID: 39248586
Thanks Mazdajai for reply, I working on the solution you provided. Will comment after testing. Thanx
0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 500 total points
ID: 39255217
I would rather do this:

#/bin/bash
LAN=eth0
MAC=00:02:A5:EC:00:8B
IP=10.0.0.110

# If the mac is arriving with a different ip than authorized, drop it:
 iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s! ${IP} -j DROP
 iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s ${IP} -j ACCEPT
#end of script

you can also have a file pairing ip's and mac addresses.

say you have the file mac_ip.txt (mac address, then a space, then the ip address)
-------------------------------------------------------------------
00:02:A5:EC:00:8B 10.0.0.110
00:12:B5:EC:00:1A 10.0.0.112
...
etc
-------------------------------------------------------------------

then a simple script like this do the job:
-------------------------------------------------------------------
#/bin/bash
LAN=eth0
while read mac ip; do
   iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s! ${IP} -j DROP
   iptables -A INPUT -i ${LAN} -m mac --mac-source ${MAC} -s ${IP} -j ACCEPT
done < mac_ip.txt
-------------------------------------------------------------------

hope this helps
Gabriel
0
 

Author Comment

by:edreamers
ID: 39324305
I've tried all but not able to control things the way I want. So I am migrating to Windows Platform. Thanx every one for their support.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Rate limit for DNS queries 7 83
Oracle 10g standard edition server with 4 processors 3 66
ignore other .htaccess 2 58
Set linux box as ip router 3 35
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question