Hi There

I'm looking for software that can do the following.

I have squid with squidGuard running and it's working correctly. I have for example 3 groups with diffrent access to the internet which I can block and creat seperate acls for each group but the problem is that the workstations are not configured with a fix IP. Squid and squidGuard only allows you to configure with an IP or range of IP's.

I was wondering if there is any software that can work with squid or any other independant software (firewall) so that I can set acls for groups of people.

I have also taken a look at Dan's Guardian and IPtables with no success.

Thanking everyone for there input
Tony

Essentially, unless you have semi-fixed IPs you will need to use something like a SSL for security, or see if you can find a way to implement SSL Plus CHAP, unle YOU control the DJCP handouts and can look at something on each machine for a validation of machine ID.

The approach of allowing a TCP port to connect could also be done, but finding an unregistered port could be fun. I would avoid a UDP port, though, and block the UDP equivalent of the TCP port used in this case.

Chatting\IM, for instance, uses ports plus authentication. Each app has its own ports and then the portal servers do the port conversions to existing network ports and pass through the users' IDs. A variation on this might be doable although securing it is complex. Thus a group accees could be a ceratin group ID coming in on a certain TCP port. Part of security is having an unknown-to-public set of individualized requirements that cannot be bypassed.

iana.org has port registration numbers but the printout I did a month ago was 162 pages long.

John.