Search squid archive

RE: MAC + IP Combined ACL - WIll it work???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I don't understand what you want to make, allow me to see if I understood.  
Do you want?. Does a listing of IP say of 192.168.0.100 until 192.168.0.150
which provides them a DHCP Server, they can only navigate, provided they are
in a striped allowed MAC?

acl users_mac arp "/etc/squid/list-of-mac"
acl users_ip ip "/etc/squid/list-of-ip"

http_access allow users_mac users_ip
http_access deny all

It works this way exactly for my.
PD: sorry for my bad English I'm a Cuban.


Dear Yanier,

Thanks for your input. But this will not work with a list of IP's and MAC's
(we have more than 100 users). Then there is no need of user authentication.
I already decleared rule to achieve this (but have a problem where a user
can use any of the ip from the pool... look following.. which i already send
mail to the group;

There will be around 150 to 200 users. If i
> config the following
> (i didnt find any other way from my understanding);
> 
> acl users_mac arp "/list-of-mac"
> acl users_ip ip "/list-of-ip"
> acl target_acl dstdom_regexp *.*
> 
> http_access allow users_mac users_ip target_acl
> http_access deny all
> 
> here users are granted access based on a pool of IP. if
> user abc who have
> mac 00:42:4B:3C:50:4B can take any IP address for that 100
> or 150 IP list
> from "/list-of-ip" and use the internet.
> 
> Rather i want to restrict user abc with his MAC to use ONLY
> one ip, say
> 192.168.0..10 to access internet. If he use any other IP,
> even from the
> allowed pool, squid should BLOCK his request.
> 
> Thats why i mentioned like allowing based on MAC+IP pair
> (if any of the part
> of this pair is changed, INTERNET IS BLOCKED)
> 



-
--
---
Always try to find truth!!!

------------***---------------***--------------***------------

Its always nice to know that people with no understanding of technologies
want to evaluate technical professionals based on their own lack of
knowledge

------------***---------------***--------------***------------


--- On Mon, 5/25/09, Yanier Salazar Sanchez
<yanier.salazar@xxxxxxxxxxxxxxxxxxxxx> wrote:

> From: Yanier Salazar Sanchez <yanier.salazar@xxxxxxxxxxxxxxxxxxxxx>
> Subject: RE:  MAC + IP Combined ACL - WIll it work???
> To: "'Truth Seeker'" <truth_seeker_3535@xxxxxxxxx>
> Date: Monday, May 25, 2009, 6:42 PM
> (Acl for ip address)
> Acl user1-ip src 192.168.0.100   
> (acl for mac address)
> Acl user1-mac arp "mac-address"
> (acl for user and password login)
> Acl user1-user proxy_auth user1
> (acl for domains to those that it can navigate.)
> Acl sites-user1 dstdomain -I .com .org (If it is for all
> the places anything
> it is not added, otherwise it is specified.)
> 
> http_access allow user1-mac user1-ip user1-user
> sites-user1
> 
> 
> sorry for my bad English I'm a Cuban.
> 



      

 

__________ Information from ESET Smart Security, version of virus signature
database 4104 (20090526) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 
 

__________ Information from ESET Smart Security, version of virus signature
database 4104 (20090526) __________

The message was checked by ESET Smart Security.

http://www.eset.com
 


Obe Provincial Ciego de Avila
Ave de los Deportes, esq. Circunvalación Norte
Telef: 200708




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux