I don't understand what you want to make, allow me to see if I understood. Do you want?. Does a listing of IP say of 192.168.0.100 until 192.168.0.150 which provides them a DHCP Server, they can only navigate, provided they are in a striped allowed MAC? acl users_mac arp "/etc/squid/list-of-mac" acl users_ip ip "/etc/squid/list-of-ip" http_access allow users_mac users_ip http_access deny all It works this way exactly for my. PD: sorry for my bad English I'm a Cuban. Dear Yanier, Thanks for your input. But this will not work with a list of IP's and MAC's (we have more than 100 users). Then there is no need of user authentication. I already decleared rule to achieve this (but have a problem where a user can use any of the ip from the pool... look following.. which i already send mail to the group; There will be around 150 to 200 users. If i > config the following > (i didnt find any other way from my understanding); > > acl users_mac arp "/list-of-mac" > acl users_ip ip "/list-of-ip" > acl target_acl dstdom_regexp *.* > > http_access allow users_mac users_ip target_acl > http_access deny all > > here users are granted access based on a pool of IP. if > user abc who have > mac 00:42:4B:3C:50:4B can take any IP address for that 100 > or 150 IP list > from "/list-of-ip" and use the internet. > > Rather i want to restrict user abc with his MAC to use ONLY > one ip, say > 192.168.0..10 to access internet. If he use any other IP, > even from the > allowed pool, squid should BLOCK his request. > > Thats why i mentioned like allowing based on MAC+IP pair > (if any of the part > of this pair is changed, INTERNET IS BLOCKED) > - -- --- Always try to find truth!!! ------------***---------------***--------------***------------ Its always nice to know that people with no understanding of technologies want to evaluate technical professionals based on their own lack of knowledge ------------***---------------***--------------***------------ --- On Mon, 5/25/09, Yanier Salazar Sanchez <yanier.salazar@xxxxxxxxxxxxxxxxxxxxx> wrote: > From: Yanier Salazar Sanchez <yanier.salazar@xxxxxxxxxxxxxxxxxxxxx> > Subject: RE: MAC + IP Combined ACL - WIll it work??? > To: "'Truth Seeker'" <truth_seeker_3535@xxxxxxxxx> > Date: Monday, May 25, 2009, 6:42 PM > (Acl for ip address) > Acl user1-ip src 192.168.0.100 > (acl for mac address) > Acl user1-mac arp "mac-address" > (acl for user and password login) > Acl user1-user proxy_auth user1 > (acl for domains to those that it can navigate.) > Acl sites-user1 dstdomain -I .com .org (If it is for all > the places anything > it is not added, otherwise it is specified.) > > http_access allow user1-mac user1-ip user1-user > sites-user1 > > > sorry for my bad English I'm a Cuban. > __________ Information from ESET Smart Security, version of virus signature database 4104 (20090526) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 4104 (20090526) __________ The message was checked by ESET Smart Security. http://www.eset.com Obe Provincial Ciego de Avila Ave de los Deportes, esq. Circunvalación Norte Telef: 200708