Re: [squid-users] bandwidth limiting with mac crosscheck

From: krv <krv@dont-contact.us>
Date: Sun, 25 Apr 2004 08:18:08 +0530

----- Original Message -----
From: "Babar Kazmi" <BabarKazmi@Hotmail.Com>
To: <Jeff@lanchelms.com>; <squid-users@squid-cache.org>
Sent: Saturday, April 24, 2004 3:38 PM
Subject: RE: [squid-users] bandwidth limiting with mac crosscheck

> Dear Jeff
>
> Did u try arp acl. ?
>
> Regards
>
> Babar Kazmi
>
>
>
> >I have iptables running with squid set up as transparent. My DHCP server
> gives
> >out 10.0.1.x and squid is set to bandwidth limit users on that scope. I
> have
> >mac addresses of my servers specified in my dhcp config so that they get
> >10.0.0.x addresses. Squid is set to NOT limit bandwidth at all for the
> >10.0.0.x scope. The problem is a user on the network could manually set
> their
> >IP address to a 10.0.0.x address. Is there some way to have squid check a
> list
> >of allowed mac addresses if a connection comes from 10.0.0.x and deny it
if
> >it's not in the allow list?
> >

You would be better off doing IP/MAC crosscheck using iptables.
You will get better performance than doing ACL's in squid.

KRV
Received on Sat Apr 24 2004 - 20:47:28 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT