Squid con soporte de mac address

Imagen de ccoello

Forums: 

el otro dia lei en internet que hay una version del squid que soporta mac address, con la cual tu puedes mar permisos de navegacion por ip y mac, ya me baje esta version ya actualice el squid pero no me coje el acl para el bloqueo de mac addres:
squid-2.5.STABLE11-3.FC3 ----------- esta es la version de squid que actualice

y esta es mi configuracion del squid:

#squid.conf
#Every option in this file is very well documented in the original squid.conf fi
le
#

#
#The ports our Squid will listen on.
http_port 8080
icp_port 3130
#cgi-bins will not be cached.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#Memory the Squid will use. Well, Squid will use far more than that.
cache_mem 8 MB
#250 means that Squid will use 250 megabytes of disk space.
cache_dir ufs /var/spool/squid 17072 16 256

#Places where Squid's logs will go to.
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
#How many times to rotate the logs before deleting them.
#See the FAQ for more info.
logfile_rotate 10

dns_nameservers 200.32.73.6 200.32.73.4 200.31.30.47
redirect_rewrites_host_header off
cache_replacement_policy GDSF
acl porn url_regex "/etc/squid/pornoweb.txt"
acl localnet src "/etc/squid/permitidos"
acl lab1 arp "/etc/squid/lab1_mac"
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access deny porn
http_access allow localnet
http_access allow lab1 arp
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
maximum_object_size 60096 KB
store_avg_object_size 50 KB

#Set these if you want your proxy to work in a transparent way.
#Transparent proxy means you generally don't have to configure all
#your client's browsers, but hase some drawbacks too.
#Leaving these uncommented won't do any harm.
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

#all our LAN users will be seen by external web servers
#as if they all used Mozilla on Linux. :)
#anonymize_headers deny User-Agent
#fake_user_agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/200111
22

#To make our connection even faster, we put two lines similar
#to the ones below. They will point a parent proxy server our own Squid
#will use. Don't forget to change the server to the one that will
#be fastest for you!
#Measure pings, traceroutes and so on.
#Make sure that http and icp ports are correct.

#Uncomment lines beginning with "cache_peer" if necessary.
#This is the proxy you are going to use for all connections...
#cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default

#...except for the connections to addresses and IPs beginning with "!".
#It's a good idea not to use a higher
#cache_peer_domain w3cache.icm.edu.pl !.pl !7thguard.net !192.168.1.1

#This is useful when we want to use the Cache Manager.
#Copy cachemgr.cgi to cgi-bin of your www server.
#You can reach it then via a web browser typing
#the address http://your-web-server/cgi-bin/cachemgr.cgi
cache_mgr soporte@techsoftnet.net
cachemgr_passwd gicserver! all

#This is a name of a user our Squid will work as.
cache_effective_user squid
cache_effective_group squid
visible_hostname techsoftnet.net
log_icp_queries off
buffered_logs on

#####DELAY POOLS
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid-cache.
org

#We don't want to limit downloads on our local network.
acl magic_words1 url_regex -i 192.100.100

#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi
.mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov
#We don't block .html, .gif, .jpg and similar files, because they
#generally don't consume much bandwidth

#We want to limit bandwidth during the day, and allow
#full bandwidth during the night
#Caution! with the acl below your downloads are likely to break
#at 23:59. Read the FAQ in this bandwidth if you want to avoid it.
#acl day time 09:00-23:59

#We have two different delay_pools
#View Squid documentation to get familiar
#with delay_pools and delay_class.
delay_pools 2

#First delay pool
#We don't want to delay our local traffic.
#There are three pool classes; here we will deal only with the second.
#First delay class (1) of second type (2).
delay_class 1 2

#-1/-1 mean that there are no limits.
delay_parameters 1 -1/-1 -1/-1

#magic_words1: 192.168 we have set before
delay_access 1 allow magic_words1

#Second delay pool.
#we want to delay downloading files mentioned in magic_words2.
#Second delay class (2) of second type (2).
delay_class 2 2

#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s

delay_parameters 2 5000/150000 5000/120000
#We have set day to 09:00-23:59 before.
#delay_access 2 allow day
#delay_access 2 deny !day
delay_access 2 allow magic_words2

#EOF

Porfa necesito ayuda.
Gracias

El requisito fundamental

Imagen de Root Bit

El requisito fundamental para que squid pueda hacer control por mac es que la version instalada haya sido compilada con soporte para control por mac.

"squid -v" te devuelve las opciones con la que la version que estas ejecutando ha sido compilada, deberias tener algo como esto "-enable-arp-acl ".

Ademas debes crear acl del tipo " acl M1 arp 01:02:03:04:05:06 " en tu configuracion.

La seecion 10.20 del FAQ de squid explica como hacerlo.

http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.20

There are only 10 types people in the world:
Those who understand binary and those who don't

There are only 10 types people in the world:
Those who understand binary and those who don't