Le mardi 26 mai 2009 14:48:06, Yanier Salazar Sanchez a écrit : > I don't understand what you want to make, allow me to see if I understood. > Do you want?. Does a listing of IP say of 192.168.0.100 until 192.168.0.150 > which provides them a DHCP Server, they can only navigate, provided they > are in a striped allowed MAC? > > acl users_mac arp "/etc/squid/list-of-mac" > acl users_ip ip "/etc/squid/list-of-ip" > > http_access allow users_mac users_ip > http_access deny all > > It works this way exactly for my. > PD: sorry for my bad English I'm a Cuban. > > > Dear Yanier, > > Thanks for your input. But this will not work with a list of IP's and MAC's > (we have more than 100 users). Then there is no need of user > authentication. I already decleared rule to achieve this (but have a > problem where a user can use any of the ip from the pool... look > following.. which i already send mail to the group; > > There will be around 150 to 200 users. If i > > > config the following > > (i didnt find any other way from my understanding); > > > > acl users_mac arp "/list-of-mac" > > acl users_ip ip "/list-of-ip" > > acl target_acl dstdom_regexp *.* > > > > http_access allow users_mac users_ip target_acl > > http_access deny all > > > > here users are granted access based on a pool of IP. if > > user abc who have > > mac 00:42:4B:3C:50:4B can take any IP address for that 100 > > or 150 IP list > > from "/list-of-ip" and use the internet. > > > > Rather i want to restrict user abc with his MAC to use ONLY > > one ip, say > > 192.168.0..10 to access internet. If he use any other IP, > > even from the > > allowed pool, squid should BLOCK his request. > > > > Thats why i mentioned like allowing based on MAC+IP pair > > (if any of the part > > of this pair is changed, INTERNET IS BLOCKED) > > - > -- > --- > Always try to find truth!!! > > ------------***---------------***--------------***------------ > > Its always nice to know that people with no understanding of technologies > want to evaluate technical professionals based on their own lack of > knowledge > > ------------***---------------***--------------***------------ > > > --- On Mon, 5/25/09, Yanier Salazar Sanchez > > <yanier.salazar@xxxxxxxxxxxxxxxxxxxxx> wrote: > > From: Yanier Salazar Sanchez <yanier.salazar@xxxxxxxxxxxxxxxxxxxxx> > > Subject: RE: MAC + IP Combined ACL - WIll it work??? > > To: "'Truth Seeker'" <truth_seeker_3535@xxxxxxxxx> > > Date: Monday, May 25, 2009, 6:42 PM > > (Acl for ip address) > > Acl user1-ip src 192.168.0.100 > > (acl for mac address) > > Acl user1-mac arp "mac-address" > > (acl for user and password login) > > Acl user1-user proxy_auth user1 > > (acl for domains to those that it can navigate.) > > Acl sites-user1 dstdomain -I .com .org (If it is for all > > the places anything > > it is not added, otherwise it is specified.) > > > > http_access allow user1-mac user1-ip user1-user > > sites-user1 > > > > > > sorry for my bad English I'm a Cuban. > > __________ Information from ESET Smart Security, version of virus signature > database 4104 (20090526) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > __________ Information from ESET Smart Security, version of virus signature > database 4104 (20090526) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > Obe Provincial Ciego de Avila > Ave de los Deportes, esq. Circunvalación Norte > Telef: 200708 You have a security issue, you should know that change a MAC is such as easy as change an IP. Use usersname. LD