How to Use Virtual LANs (VLANs) to Secure Your CentOS Server Network

How to use virtual LAN (VLAN) to protect the network security of CentOS servers

Abstract: Virtual LAN (VLAN) is a network segmentation technology that divides a physical network into multiple logical networks to Improve network security. This article will introduce how to use VLANs on CentOS servers to protect network security, and provide some code examples to illustrate.

Introduction:
In today's network environment, protecting the network security of the server is crucial. Virtual LAN (VLAN) is a commonly used network security technology that can divide a physical network into multiple logical networks to achieve network isolation and segmentation. This article will introduce how to configure and use VLANs on CentOS servers to enhance network security.

1. Understand the working principle of VLAN
Virtual LAN (VLAN) is implemented through a switch or router. It divides the network into multiple logical subnets by assigning different ports or physical interfaces to different VLANs. Different VLANs are isolated and cannot communicate directly. They can only be interconnected through routers or Layer 3 switches. In this way, even if a malicious user enters a certain VLAN, he or she cannot directly access servers or devices in other VLANs, thereby improving network security.

2. Configuring VLAN on CentOS server
Configuring VLAN on CentOS server requires the following steps:

1. Confirm that the network card supports VLAN: use "ethtool" Use the command to check whether the network card supports the VLAN function.

   ethtool -k eth0 | grep vlan

   If "vlan offload: off" or similar information is displayed, it means that the network card does not support VLAN.

2. Install the VLAN tool: If the network card supports the VLAN function, you need to install the "vlan" tool.

   yum install vconfig

3. Create a VLAN interface: Use the "vconfig" command to create a VLAN interface.

   vconfig add eth0 10

   This command will create a VLAN interface with ID 10 on eth0. You can modify the VLAN ID as needed.

4. Configure VLAN interface: In the /etc/sysconfig/network-scripts/ directory, create a file named "ifcfg-eth0.10" and edit the file to configure the VLAN interface Configuration.

   vi /etc/sysconfig/network-scripts/ifcfg-eth0.10

   Add the following content to the file:

   DEVICE=eth0.10
   BOOTPROTO=none
   ONBOOT=yes
   IPADDR=192.168.10.10
   NETMASK=255.255.255.0

   Modify the IP address and subnet mask according to actual needs.

5. Restart the network service: Restart the network service to make the configuration take effect.

   systemctl restart network

Through the above steps, we successfully created a VLAN interface on the CentOS server and configured it.

3. Configure firewall rules
In order to further enhance network security, we can configure firewall rules on the VLAN interface. Below is an example of a simple firewall rule to restrict inbound and outbound traffic on a VLAN interface.

iptables -I INPUT -i eth0.10 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i eth0.10 -j DROP
iptables -I OUTPUT -o eth0.10 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I OUTPUT -o eth0.10 -j DROP

The above rules will only allow new, established and related connections on the VLAN interface to pass through, and deny all other traffic.

4. Access control and network isolation
Through the use of VLAN, we can achieve access control and network isolation. By configuring the IP address and subnet mask of the VLAN interface, we can divide multiple servers into different logical subnets and control access permissions between different subnets through routers or layer 3 switches.

The following is a simple example that demonstrates how to use VLAN to implement access control and network isolation.

1. Configure VLAN interface 1:

   vconfig add eth0 10
   ifconfig eth0.10 192.168.10.10 netmask 255.255.255.0

2. Configure VLAN interface 2:

   vconfig add eth0 20
   ifconfig eth0.20 192.168.20.10 netmask 255.255.255.0

3. Configure router:
   Configure the router as needed to interconnect the traffic of different VLAN interfaces, and set the access control list (ACL) to control access permissions between different subnets.

Through the above steps, we successfully divided the server into two logical subnets and implemented access control and network isolation through VLANs and routers.

Conclusion:
Using virtual LAN (VLAN) technology can effectively improve the network security of CentOS servers. By dividing the physical network into multiple logical subnets, we can achieve access control and network isolation, and further enhance the security of the network by configuring firewall rules. With the configuration and code examples provided in this article, you will be able to successfully configure and use VLANs on your CentOS server to secure your network.

Reference source:

1. VLANs explained - How to implement VLANs - Practical Networking.
2. VLAN - ArchWiki.
3. CentOS - VLAN with sub interfaces - Server Fault.
4. How to Configure VLANs in Linux with VLAN Command - Lifewire.
5. CentOS - How to configure VLAN Tagging for eth0 - Stack Overflow.

The above is the detailed content of How to Use Virtual LANs (VLANs) to Secure Your CentOS Server Network. For more information, please follow other related articles on the PHP Chinese website!