Well, maybe that's why it is called ARP acl, and not MAC acl.
My bad:)
On Mon, Aug 19, 2013 at 9:06 PM, Attila Gömbös <attila.gombos_at_gmail.com> wrote:
> Hi guys!
>
> As far as I see the MAC-address based ACL is not really based on MAC address.
> - Squid checks the IP address of the HTTP request.
> - Looks up the ARP table, and searches for the allowed MAC address.
> - If the IP has got an ARP entry with the allowed MAC address it will
> let it through.
>
> This is a problem in my case, since there is a firewall in transparent
> mode between the users workstations and the squid.
> I would need to allow connections only from the firewall. I couldn't
> do it IP based, since the firewall is set to keep the source IP of the
> workstations.
> But the source MAC is changed by the firewall, however i am not able
> to filter for it, because of the previously mentioned reasons.
>
> Best regards,
> Attila
Received on Mon Aug 19 2013 - 19:07:41 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 20 2013 - 12:00:05 MDT