Q. I'm using squid proxy server under CentOS Linux version 5. How to filter a particular MAC address under squid?
A. Not all operating system supports Mac address based filtering. For some operating systems. Squid calls these "ARP ACLs" and they are supported on Linux, Solaris, and BSD variants.
How do I set up ACL's based on MAC address?
Open squid.conf:
# vi /etc/squid/squid.conf
Local acl, section and append ACL as follows:
acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all
Save and close the file. Restart squid server:
# /etc/init.d/squid restart
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 28 comments… read them below or add one }
dear all
i tried to the above but still not able to control using mac
error:
2008/01/09 10:26:32| aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 1882: acl ARP arp
Squid Cache (Version 2.5.STABLE14): Terminated abnormally.
please assist
Use the squid version 3.0
Sir,
you have to download source code for squid and recompile with –enable-arp-acl and use that binary for use with mac address.Many vendors like redhat including cebtos do not compile squid with that option enabled. Suse does compile with the said option. Hence you can use suse linux any version and configure squid in that machine if you have one.
Chary
web site is block but i want to open web site ony one ip address 192.168.3.1
what is acl rule in squid file in linux
you will have to recompile squid and make it before mac based filtering works.
add –enable-arp-acl to your original configure command in squid and run the following
% ./configure –enable-arp-acl …
% make clean
% make
then the above acls in squid.conf will work.
Hello,
First of all i would like to thanks for this site producers,how are doing great work.
I have learnt lot from here. Now I need help regarding MAC Address Filtering I have more then 100 user network i wants give the internet facility to only 30 user how can i do this?
dear i create 4 acl that is lab1, lab2, off, block_site & 1 is block.txt file. how to block 3 acl with 3 different block files in squid so that off access different block file its is possible plz reply me
create another txt files with changes such as block2.txt. Inser in squid.conf file
acl sites dstdomain “/etc/squid/block2″
http_access deny sites aclname
Hi to all user with best wishes:
i using squid 2.6 STABLES18 and found the following error when tying to macaddress :
ERROR
aclParseAClline: invalid ACL type ‘arp’
FATA: Bungled squid.conf line 619: acl macaddress arp “/usr/local/squid/etc/macaddress”
squid cache (version 2.6 STABLE18): Terminated abnormally
kindly help
with best wishes to all
bashir – islamabad pakistan
I am also mac address problem if you find this solution so please get me
use squid 3.0 . In this squid already enable the ‘arp’
hello dear how are you dear i try to add this script but i am faing same error plz tell in some info abut this
thanks
Hello
How would I redirect the block mac address to a webpage ?
regards,
Thaabiet
I want to authenticate user of my network by his username password and MAC address for granting the internet access. Is it possible to do this ????? if yes how???
This is what i’m thinking of. i would like to deny everyone’s access to use my internet facility. The i would like to give them access through IP Addresses and MAC Addresses and these ip addresses and mac addresses bandwirdth rule list want add in one file e.g Allow-ip-mac.txt plz help how to add this file and where to allow only users through this file plz help i shell ever thankful to u
I would like to give them access through IP Addresses and MAC Addresses plz help how to do this.
vi /home/user_mac
enter user mac
control :x save exit
open squid type this line
acl allowmac src ‘/home/user_mac’
or
acl allowmac arp ‘/home/user_mac’
dear how do i use this command in linuix b.c i have already use some commands but facing error message suppose that
FATA: Bungled squid.conf line 619: acl macaddress arp “/usr/local/squid/etc/macaddress”
I have installed RHEL5 server. I am using squid as proxy server.
I want to block the mac address of some computer that is causing problem in the network.
I have used this acl:
acl blockmac arp 00:A7:88:BA:19:OF
http_access deny blockmac.
When i reload the squid service. It gives an error.
aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 613: acl macaddress arp 00:A7:88:BA:19:OF
Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
I have read the different solutions. like
–enable-arp-acl
but i am not able to do this. i have installed rpm verison of squid.
Can any body help me how to reslolve this issue
Hi, its bungled because you put “O” on the mac instead of “0″ (zero) .. mac address is only up to “F”.
thanks
Dear ,
you can do it from firewall option
only this mac_address drop port 80 only simple.
hi
how to use the
–enable-arp-acl
to block the mac address
i’ve already use the 3.1 version but it still give an error:
2011/05/08 09:57:24| aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 33: acl lutfi arp 00:1F:3C:84:14:F3
Squid Cache (Version 3.1.12): Terminated abnormally.
CPU Usage: 0.011 seconds = 0.006 user + 0.006 sys
Maximum Resident Size: 3696 KB
Page faults with physical i/o: 0
kovzone# pkg_info | grep squid
squid-3.1.12 HTTP Caching Proxy
how could i solve this?
i’ve found the answer above.. i should’ve do
./configure –enable-arp-acl
before make install
but what if i’ve already install it?
which is the good tool to get all Squid reports according each user’s.
Very useful and good material…thanks a lot
i want to block mac addresses using acl. I have done it this way:
acl badmac arp (mac address)
http_access deny badmac
but i want to block multiple addresses. plz tell me the method how i can create a separate file of blocked mac addresses and create one acl for the same.
you can copy paste your acl rule like this :
acl badmac arp (mac address1)
acl badmac arp (mac address2)
acl badmac arp (mac address3)
acl badmac arp (mac address4)
so on…
http_access deny badmac