Squid Proxy Server Mac Address based filtering

by Vivek Gite on November 1, 2007 · 28 comments

Q. I'm using squid proxy server under CentOS Linux version 5. How to filter a particular MAC address under squid?

A. Not all operating system supports Mac address based filtering. For some operating systems. Squid calls these "ARP ACLs" and they are supported on Linux, Solaris, and BSD variants.

How do I set up ACL's based on MAC address?

Open squid.conf:
# vi /etc/squid/squid.conf
Local acl, section and append ACL as follows:
acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:
# /etc/init.d/squid restart

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

{ 28 comments… read them below or add one }

1 Justus January 9, 2008

dear all
i tried to the above but still not able to control using mac
error:
2008/01/09 10:26:32| aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 1882: acl ARP arp
Squid Cache (Version 2.5.STABLE14): Terminated abnormally.

please assist

Reply

2 gurpreet March 3, 2011

Use the squid version 3.0

Reply

3 c v k chary June 28, 2011

Sir,
you have to download source code for squid and recompile with –enable-arp-acl and use that binary for use with mac address.Many vendors like redhat including cebtos do not compile squid with that option enabled. Suse does compile with the said option. Hence you can use suse linux any version and configure squid in that machine if you have one.

Chary

Reply

4 pradeep March 12, 2008

web site is block but i want to open web site ony one ip address 192.168.3.1
what is acl rule in squid file in linux

Reply

5 vikas kashikar June 18, 2008

you will have to recompile squid and make it before mac based filtering works.

add –enable-arp-acl to your original configure command in squid and run the following

% ./configure –enable-arp-acl …
% make clean
% make

then the above acls in squid.conf will work.

Reply

6 Kamran Rashid July 12, 2008

Hello,
First of all i would like to thanks for this site producers,how are doing great work.

I have learnt lot from here. Now I need help regarding MAC Address Filtering I have more then 100 user network i wants give the internet facility to only 30 user how can i do this?

Reply

7 Gurpreet October 14, 2008

dear i create 4 acl that is lab1, lab2, off, block_site & 1 is block.txt file. how to block 3 acl with 3 different block files in squid so that off access different block file its is possible plz reply me

Reply

8 Gurpreet February 19, 2011

create another txt files with changes such as block2.txt. Inser in squid.conf file
acl sites dstdomain “/etc/squid/block2″

http_access deny sites aclname

Reply

9 bashir December 24, 2008

Hi to all user with best wishes:
i using squid 2.6 STABLES18 and found the following error when tying to macaddress :

ERROR
aclParseAClline: invalid ACL type ‘arp’
FATA: Bungled squid.conf line 619: acl macaddress arp “/usr/local/squid/etc/macaddress”
squid cache (version 2.6 STABLE18): Terminated abnormally

kindly help

with best wishes to all

bashir – islamabad pakistan

Reply

10 Gurpreet February 19, 2011

I am also mac address problem if you find this solution so please get me

Reply

11 gurpreet March 3, 2011

use squid 3.0 . In this squid already enable the ‘arp’

Reply

12 adil July 14, 2011

hello dear how are you dear i try to add this script but i am faing same error plz tell in some info abut this
thanks

Reply

13 thaabiet February 1, 2009

Hello

How would I redirect the block mac address to a webpage ?

regards,
Thaabiet

Reply

14 sameer kale April 5, 2009

I want to authenticate user of my network by his username password and MAC address for granting the internet access. Is it possible to do this ????? if yes how???

Reply

15 Syed Mushtaq Ahmed January 22, 2010

This is what i’m thinking of. i would like to deny everyone’s access to use my internet facility. The i would like to give them access through IP Addresses and MAC Addresses and these ip addresses and mac addresses bandwirdth rule list want add in one file e.g Allow-ip-mac.txt plz help how to add this file and where to allow only users through this file plz help i shell ever thankful to u

Reply

16 roshankumarr February 26, 2010

I would like to give them access through IP Addresses and MAC Addresses plz help how to do this.

Reply

17 KAWISH September 25, 2010

vi /home/user_mac
enter user mac
control :x save exit
open squid type this line
acl allowmac src ‘/home/user_mac’
or
acl allowmac arp ‘/home/user_mac’

Reply

18 adil July 14, 2011

dear how do i use this command in linuix b.c i have already use some commands but facing error message suppose that
FATA: Bungled squid.conf line 619: acl macaddress arp “/usr/local/squid/etc/macaddress”

Reply

19 Adnan October 8, 2010

I have installed RHEL5 server. I am using squid as proxy server.
I want to block the mac address of some computer that is causing problem in the network.

I have used this acl:

acl blockmac arp 00:A7:88:BA:19:OF
http_access deny blockmac.

When i reload the squid service. It gives an error.
aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 613: acl macaddress arp 00:A7:88:BA:19:OF
Squid Cache (Version 2.6.STABLE21): Terminated abnormally.

I have read the different solutions. like
–enable-arp-acl
but i am not able to do this. i have installed rpm verison of squid.
Can any body help me how to reslolve this issue

Reply

20 rootlurker December 7, 2010

Hi, its bungled because you put “O” on the mac instead of “0″ (zero) .. mac address is only up to “F”.

thanks

Reply

21 Rizwan Admani October 10, 2010

Dear ,
you can do it from firewall option
only this mac_address drop port 80 only simple.

Reply

22 javed December 29, 2010

hi
how to use the
–enable-arp-acl
to block the mac address

Reply

23 lutfi May 8, 2011

i’ve already use the 3.1 version but it still give an error:
2011/05/08 09:57:24| aclParseAclLine: Invalid ACL type ‘arp’
FATAL: Bungled squid.conf line 33: acl lutfi arp 00:1F:3C:84:14:F3
Squid Cache (Version 3.1.12): Terminated abnormally.
CPU Usage: 0.011 seconds = 0.006 user + 0.006 sys
Maximum Resident Size: 3696 KB
Page faults with physical i/o: 0
kovzone# pkg_info | grep squid
squid-3.1.12 HTTP Caching Proxy

how could i solve this?

Reply

24 lutfi May 8, 2011

i’ve found the answer above.. i should’ve do
./configure –enable-arp-acl
before make install
but what if i’ve already install it?

Reply

25 Hussain May 28, 2011

which is the good tool to get all Squid reports according each user’s.

Reply

26 jalal hajigholamali June 27, 2011

Very useful and good material…thanks a lot

Reply

27 Ali Zaheer November 5, 2011

i want to block mac addresses using acl. I have done it this way:
acl badmac arp (mac address)
http_access deny badmac

but i want to block multiple addresses. plz tell me the method how i can create a separate file of blocked mac addresses and create one acl for the same.

Reply

28 Agung D Fire fist November 21, 2011

you can copy paste your acl rule like this :
acl badmac arp (mac address1)
acl badmac arp (mac address2)
acl badmac arp (mac address3)
acl badmac arp (mac address4)
so on…

http_access deny badmac

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 3 + 14 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Previous post:

Next post: