Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi hope yo can help me i need to assign permissions on squid to the pc's that i will give internet access, but i need to use their MAC address? any idea, I've done it with ip restriction but don't know if i can do it by MAC address
Hi hope yo can help me i need to assign permissions on squid to the pc's that i will give internet access, but i need to use their MAC address? any idea, I've done it with ip restriction but don't know if i can do it by MAC address
yes, you can do it... as long as your squid was compiled with this option:
Code:
--enable-arp-acl
here's an example of mac-based ACL usage:
Code:
acl AQGMAC arp 01:02:03:04:05:06
http_access allow AQGMAC
http_access deny all
here's an example of a mixed mac-based and IP-based ACL usage:
i think there's also a way to have the MACs and IPs listed in text files, and then have squid use them from there... that way you don't have to have a squid.conf with 500 MACs and 500 IPs in it... i'm not exactly sure how that would work, though, cuz i've never tried it... but according to this it might be as easy as using a pipe...
Thanks win32sux I'll try that.
originally i've had it with it working with text files since Oct 2005 only using IP.
Hope this is not true: Note
Squid can only determine the MAC address for clients that are on the same subnet. If the client is on a different subnet, then Squid cannot find out its MAC address.
Now things have changed, I need this proxy to work for 30 VLAN's. Might you have an example?.
I'll post what i got as soon as i'm sure that works ok..
Thanks win32sux I'll try that.
originally i've had it with it working with text files since Oct 2005 only using IP.
hehe, cool... BTW, if you can show me how you do that it would be greatly appreciated cuz i've never really done it and i'd like to learn how...
Quote:
Hope this is not true: Note
Squid can only determine the MAC address for clients that are on the same subnet. If the client is on a different subnet, then Squid cannot find out its MAC address.
the thing is that mac addresses don't get routed...
Quote:
Now things have changed, I need this proxy to work for 30 VLAN's. Might you have an example?.
I'll post what i got as soon as i'm sure that works ok..
yeah i had figured that much... i just wasn't sure how that works... after a quick google, it seems VLANs are done at the data link layer (layer 2)... as such, i would expect the MAC addresses to indeed be carried-over, so it should work fine i think... i believe that squid's warning is intended for layers 3 and 4... someone please correct me if i'm wrong...
Quote:
My server is down, i get it running today and i'll send you an example
OK, got it working, but now it gives access to all, it does not respect the mac addresses that i put "macfree" which are supposed to be the only ones to get access to internet.
It's definitlly not respecting the filter by MAC address
please anyone, any ideas?
like i said before it does not respect my MAC address file, is there something else that i need to compile on squid in order for it to take MAC address filtering?
I think my main problem is that i don't know how to compile with "--enable-arp-acl" how or where do i do this!!!!
Thanks!!!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.