Amos Jeffries wrote:
Quick question for you all. Would it be possible to use squid, in part,
as a Terms of Service portal? In other words, using an external_acl
helper, return OK if IP/MAC has accepted, or redirect if not? I would
love to use the wccpv2/gre tunnel and the fault tolerance built in to
eliminate a failure point by using a bridged or router acl solution.
I've played around with PFSense and M0n0wall and they don't really work
with our network/dhcp structure. We serve two different wireless
technologies and vlaning kills any of these options. We want only new
customers to get caught, but all customers to pass through in the event
of hardware failure. I looked at a solution FrontPorch offers and it's
pretty slick. They have both an inline and passive solution. The
inline uses a proprietary NIC that has a solenoid that trips in the
event of a hardware failure creating a hardwire connection. The passive
solution somehow uses communication with the router to redirect. They
mirror tcp traffic and I don't know what else. Anyway, I got a little
long winded there. Any thoughts? Thanks guys..
Tony
Theoretically yes. You will need to test and see if it works for you in
practice.
The problem is that the tcp_outgoing_tos selection ACL in Squid can only
work from cached external_acl results. (It would require a small re-code
of the outbound connection pathway to alter that).
BUT, the external ACL can be used in http_access to permit access into
squid at the point of receiving. So the result can be cached by that
lookup.
For src-IP its just peachy. For MAC the machines need to be directly on
the same switch or arp-relay enable across the network, for ARP lookups to
work.
Amos
I think what the requester is looking for (not so much prioritization of
traffic, but getting each user to acknowledge an Acceptable Use Policy,
or the like) is better provided by the session helper .
The session helper is included with the Squid source.
Chris
