A closer look at Linux LANs: Building a more secure network environment
In today's digital age, the Internet has become an indispensable part of people's daily life and work. However, within a home or business network, the LAN also plays an important role. A LAN is a private network of many computers, devices, and resources. Among them, Linux system has gradually become the operating system of choice for many enterprises and individual users due to its excellent security performance and stability.
In the LAN, there are several extensions running on Linux (different network segments from the host Linux), and the network segments of these hosts have no routes in the entire LAN, and any host in the LAN cannot communicate with them. communication, as shown in the figure above. This can only be done by jumping to the host first and then connecting from the host. 
problem solved:
It can be seen that the host's host IP is 10.8.1.84 and can communicate during the test, but the following 172.17.0.1 network segment is unreachable from any node in the LAN. You can only connect to the host on the 172.17.0.1 network segment by first connecting to 10.8.1.84
solve:
Add the network segment to be accessed into the Windows routing table, and the next hop points to the host's IP. Because only the host machine can communicate with the hosts in this network segment
route -p add 172.17.0.0 mask 255.255.0.0 10.8.1.84
verify:
Question: Some tp-link small routers in the LAN will connect to some devices next time, but there will be a strange phenomenon. The device attached to tp-link can communicate with any device in the LAN (ping is reachable), but the device in the LAN cannot communicate with the device attached to the LAN (ping is not reachable)
Analysis: tp-link wireless small router is equivalent to a device with NAT function, because the IP of the wan port of the router is the reachable IP in the LAN, but the lan port under the router includes wireless devices from tp-link The IP obtained is generally the IP of another network segment. This IP segment does not have any routes in the real LAN. Therefore, the device under WiFi can ping any device in the LAN, but any device in the LAN cannot be pinged. Devices under wifi
Because the tp-link small router believes that the devices under the lan port need to access the Internet, and tp-link will convert the NAT of these devices under the lan port into the existing IP of the LAN, that is, the wan IP. When the devices in the local area network need to access the devices under wifi, because tp-link has done NAT, the devices in the local area network cannot access the devices under wifi. You can only create a virtual server (port mapping) in tp-link. Map the port of the device connected to tp-link and use the ip of the wan port (the LAN can identify the ip) to map it out to other devices in the LAN. Access devices connected to wifi
In short, essentially, the advantages of Linux LAN are reflected in its strong security and flexibility. By implementing appropriate cybersecurity measures and management practices, users can better protect their cybersecurity, privacy, and data. In the future, Linux LAN will continue to play an important role in providing reliable infrastructure for team collaboration, data centers and secure network services.
The above is the detailed content of A closer look at Linux LANs: Building a more secure network environment. For more information, please follow other related articles on the PHP Chinese website!
How to Automatically Restart a Failed Service in LinuxApr 28, 2025 am 09:39 AMThis guide details how to configure automatic service restarts in Linux using systemd, enhancing system reliability and minimizing downtime. System administrators often rely on this functionality to ensure critical services, such as web servers (Apa
10 Hidden Linux Commands Every Sysadmin Should KnowApr 28, 2025 am 09:35 AMAs Linux users, we often rely on commonly used commands ls, grep, awk, sed and find to complete the work. But Linux has a large number of lesser-known commands that can save time, automate tasks and simplify workflows. This article will explore some underrated but powerful Linux commands that deserve more attention. rename – efficient batch rename files The rename command is the savior when you need to rename multiple files at once. Without using loops containing mv, rename allows you to easily apply complex renaming patterns. Change all .txt files to .log. rename 's/\.txt$/\.log/' *
How to List All Running Services Under Systemd in LinuxApr 28, 2025 am 09:29 AMLinux systems provide various system services (such as process management, login, syslog, cron, etc.) and network services (such as remote login, email, printer, web hosting, data storage, file transfer, domain name resolution (using DNS), dynamic IP address allocation (using DHCP), and so on). Technically, a service is a process or group of process (usually known as a daemon) that runs continuously in the background, waiting for incoming requests (especially from the client). Linux supports different ways to manage services (start, stop, restart, enable automatic startup at system startup, etc.), usually through a process or service manager. Almost all modern Linux distributions now use the same
CrossOver 25: Run Windows Software and Games on LinuxApr 28, 2025 am 09:27 AMRun Windows Software and Games on Linux with CrossOver 25 Running Windows applications and games on Linux is now easier than ever, thanks to CrossOver 25 from CodeWeavers. This commercial software solution lets Linux users run a wide variety of Wind
![pCloud - The Most Secure Cloud Storage [50% Off Offer]](https://img.php.cn/upload/article/001/242/473/174580357418126.jpg?x-oss-process=image/resize,p_40)
pCloud - The Most Secure Cloud Storage [50% Off Offer]Apr 28, 2025 am 09:26 AMSecure Your Data with pCloud: A Comprehensive Guide to Linux Installation pCloud, a leading secure cloud storage service, provides a robust platform for managing your files and data. This guide details the installation process on Linux systems. About
MangoHud - Monitor FPS, CPU & GPU Usage in Linux GamesApr 28, 2025 am 09:25 AMMangoHud: A powerful tool for real-time monitoring of Linux gaming performance MangoHud is a powerful and lightweight tool designed for gamers, developers, and anyone who wants to monitor system performance in real time. It acts as an overlay for Vulkan and OpenGL applications, displaying important information such as FPS, CPU and GPU usage, temperature, etc. This article will explore the functions, working principles and usage of MangoHud, and provide step-by-step instructions for installing and configuring MangoHud on Linux systems. What is MangoHud? MangoHud is an open source project available on GitHub and aims to provide a simple and customizable way to monitor
5 Must-Know Linux Command Line Archive Tools – Part 1Apr 28, 2025 am 09:23 AMManaging archived files is a common task in Linux. This article, the first of a two-part series, explores five powerful command-line archive tools, detailing their features and usage with examples. 1. The tar Command: A Versatile Archiving Utility t
Top 7 Tools to Compare Files in Linux (with Examples)Apr 28, 2025 am 09:21 AMThis guide explores various methods for comparing text files in Linux, a crucial task for system administrators and developers. We'll cover command-line tools and visual diff tools, highlighting their strengths and appropriate use cases. Let's assum
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Chinese version
Chinese version, very easy to use
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
