Dear Amos, Thanks for your quick reply... I am not talking about a single user actually. There will be around 150 to 200 users. If i config the following (i didnt find any other way from my understanding); acl users_mac arp "/list-of-mac" acl users_ip ip "/list-of-ip" acl target_acl dstdom_regexp *.* http_access allow users_mac users_ip target_acl http_access deny all here users are granted access based on a pool of IP. if user abc who have mac 00:42:4B:3C:50:4B can take any IP address for that 100 or 150 IP list from "/list-of-ip" and use the internet. Rather i want to restrict user abc with his MAC to use ONLY one ip, say 192.168.0..10 to access internet. If he use any other IP, even from the allowed pool, squid should BLOCK his request. Thats why i mentioned like allowing based on MAC+IP pair (if any of the part of this pair is changed, INTERNET IS BLOCKED) Please advice me, if possible, how can i build up the acl. - -- --- Always try to find truth!!! ------------***---------------***--------------***------------ Its always nice to know that people with no understanding of technologies want to evaluate technical professionals based on their own lack of knowledge ------------***---------------***--------------***------------ --- On Mon, 5/25/09, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > Subject: Re: MAC + IP Combined ACL - WIll it work??? > To: "Truth Seeker" <truth_seeker_3535@xxxxxxxxx> > Cc: "Squid maillist" <squid-users@xxxxxxxxxxxxxxx> > Date: Monday, May 25, 2009, 3:28 PM > Truth Seeker wrote: > > > > > > Dear Pro's, > > > > I am implementing a squid proxy based on MAC address > based authetication with squid 3.0 Stable + CentOS 5.2. I > would like to know whether i could configure in such a way > that squid will allow access only if both the MAC address > and IP address pair matches. > > > > For example; if user abc who have mac address of > 00:3F:65:3C:77:2C and have the ip address of 192.168.0.10 > will get internet only with his current MAC+IP combination. > If he change his IP address to 192.168.0.20 or if he change > his Network Interface card, Squid should BLOCK his access. > > > > Is this Possible??? > > > > Yes. > > http://wiki.squid-cache.org/SquidFaq/SquidAcl > http://www.squid-cache.org/Doc/config/acl/ > > > Amos > -- Please be using > Current Stable Squid 2.7..STABLE6 or 3.0.STABLE15 > Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1 >
