A closer look at Linux LANs: Building a more secure network environment

In today's digital age, the Internet has become an indispensable part of people's daily life and work. However, within a home or business network, the LAN also plays an important role. A LAN is a private network of many computers, devices, and resources. Among them, Linux system has gradually become the operating system of choice for many enterprises and individual users due to its excellent security performance and stability.

In the LAN, there are several extensions running on Linux (different network segments from the host Linux), and the network segments of these hosts have no routes in the entire LAN, and any host in the LAN cannot communicate with them. communication, as shown in the figure above. This can only be done by jumping to the host first and then connecting from the host.

problem solved:

It can be seen that the host's host IP is 10.8.1.84 and can communicate during the test, but the following 172.17.0.1 network segment is unreachable from any node in the LAN. You can only connect to the host on the 172.17.0.1 network segment by first connecting to 10.8.1.84

solve:

Add the network segment to be accessed into the Windows routing table, and the next hop points to the host's IP. Because only the host machine can communicate with the hosts in this network segment

route -p add 172.17.0.0 mask 255.255.0.0 10.8.1.84

verify:

Question: Some tp-link small routers in the LAN will connect to some devices next time, but there will be a strange phenomenon. The device attached to tp-link can communicate with any device in the LAN (ping is reachable), but the device in the LAN cannot communicate with the device attached to the LAN (ping is not reachable)

Analysis: tp-link wireless small router is equivalent to a device with NAT function, because the IP of the wan port of the router is the reachable IP in the LAN, but the lan port under the router includes wireless devices from tp-link The IP obtained is generally the IP of another network segment. This IP segment does not have any routes in the real LAN. Therefore, the device under WiFi can ping any device in the LAN, but any device in the LAN cannot be pinged. Devices under wifi

Because the tp-link small router believes that the devices under the lan port need to access the Internet, and tp-link will convert the NAT of these devices under the lan port into the existing IP of the LAN, that is, the wan IP. When the devices in the local area network need to access the devices under wifi, because tp-link has done NAT, the devices in the local area network cannot access the devices under wifi. You can only create a virtual server (port mapping) in tp-link. Map the port of the device connected to tp-link and use the ip of the wan port (the LAN can identify the ip) to map it out to other devices in the LAN. Access devices connected to wifi

In short, essentially, the advantages of Linux LAN are reflected in its strong security and flexibility. By implementing appropriate cybersecurity measures and management practices, users can better protect their cybersecurity, privacy, and data. In the future, Linux LAN will continue to play an important role in providing reliable infrastructure for team collaboration, data centers and secure network services.

The above is the detailed content of A closer look at Linux LANs: Building a more secure network environment. For more information, please follow other related articles on the PHP Chinese website!