Well, maybe that's why it is called ARP acl, and not MAC acl. My bad:) On Mon, Aug 19, 2013 at 9:06 PM, Attila Gömbös <attila.gombos@xxxxxxxxx> wrote: > Hi guys! > > As far as I see the MAC-address based ACL is not really based on MAC address. > - Squid checks the IP address of the HTTP request. > - Looks up the ARP table, and searches for the allowed MAC address. > - If the IP has got an ARP entry with the allowed MAC address it will > let it through. > > This is a problem in my case, since there is a firewall in transparent > mode between the users workstations and the squid. > I would need to allow connections only from the firewall. I couldn't > do it IP based, since the firewall is set to keep the source IP of the > workstations. > But the source MAC is changed by the firewall, however i am not able > to filter for it, because of the previously mentioned reasons. > > Best regards, > Attila
