Le mardi 26 mai 2009 14:48:06, Yanier Salazar Sanchez a écrit :
> I don't understand what you want to make, allow me to see if I understood.
> Do you want?. Does a listing of IP say of 192.168.0.100 until 192.168.0.150
> which provides them a DHCP Server, they can only navigate, provided they
> are in a striped allowed MAC?
>
> acl users_mac arp "/etc/squid/list-of-mac"
> acl users_ip ip "/etc/squid/list-of-ip"
>
> http_access allow users_mac users_ip
> http_access deny all
>
> It works this way exactly for my.
> PD: sorry for my bad English I'm a Cuban.
>
>
> Dear Yanier,
>
> Thanks for your input. But this will not work with a list of IP's and MAC's
> (we have more than 100 users). Then there is no need of user
> authentication. I already decleared rule to achieve this (but have a
> problem where a user can use any of the ip from the pool... look
> following.. which i already send mail to the group;
>
> There will be around 150 to 200 users. If i
>
> > config the following
> > (i didnt find any other way from my understanding);
> >
> > acl users_mac arp "/list-of-mac"
> > acl users_ip ip "/list-of-ip"
> > acl target_acl dstdom_regexp *.*
> >
> > http_access allow users_mac users_ip target_acl
> > http_access deny all
> >
> > here users are granted access based on a pool of IP. if
> > user abc who have
> > mac 00:42:4B:3C:50:4B can take any IP address for that 100
> > or 150 IP list
> > from "/list-of-ip" and use the internet.
> >
> > Rather i want to restrict user abc with his MAC to use ONLY
> > one ip, say
> > 192.168.0..10 to access internet. If he use any other IP,
> > even from the
> > allowed pool, squid should BLOCK his request.
> >
> > Thats why i mentioned like allowing based on MAC+IP pair
> > (if any of the part
> > of this pair is changed, INTERNET IS BLOCKED)
>
> -
> --
> ---
> Always try to find truth!!!
>
> ------------***---------------***--------------***------------
>
> Its always nice to know that people with no understanding of technologies
> want to evaluate technical professionals based on their own lack of
> knowledge
>
> ------------***---------------***--------------***------------
>
>
> --- On Mon, 5/25/09, Yanier Salazar Sanchez
>
> <yanier.salazar_at_eleccav.une.minbas.cu> wrote:
> > From: Yanier Salazar Sanchez <yanier.salazar_at_eleccav.une.minbas.cu>
> > Subject: RE: [squid-users] MAC + IP Combined ACL - WIll it work???
> > To: "'Truth Seeker'" <truth_seeker_3535_at_yahoo.com>
> > Date: Monday, May 25, 2009, 6:42 PM
> > (Acl for ip address)
> > Acl user1-ip src 192.168.0.100
> > (acl for mac address)
> > Acl user1-mac arp "mac-address"
> > (acl for user and password login)
> > Acl user1-user proxy_auth user1
> > (acl for domains to those that it can navigate.)
> > Acl sites-user1 dstdomain -I .com .org (If it is for all
> > the places anything
> > it is not added, otherwise it is specified.)
> >
> > http_access allow user1-mac user1-ip user1-user
> > sites-user1
> >
> >
> > sorry for my bad English I'm a Cuban.
>
> __________ Information from ESET Smart Security, version of virus signature
> database 4104 (20090526) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 4104 (20090526) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
> Obe Provincial Ciego de Avila
> Ave de los Deportes, esq. Circunvalación Norte
> Telef: 200708
You have a security issue, you should know that change a MAC is such as easy
as change an IP.
Use usersname.
LD
Received on Wed May 27 2009 - 22:11:38 MDT
This archive was generated by hypermail 2.2.0 : Thu May 28 2009 - 12:00:01 MDT