How To Bind MAC with IP in SQUID

on May 30 | in Hosting / Servers, Linux | by | with 103 Comments

In this how to i describe how to bind MAC with IP to restrict users in your network to change their IP’s to bypass filtering. To ease the setup i will create small scripts to simplify our work. Here i will not describe how to config squid and how to run it. I assume you have already configure it.

1) Grep MAC Addresses

Let suppose we have 10 machines with IPs range –, you have to get mac address for them using following command.

Besure your machines are up and pingable, else you will get empty lines and you have to remove them manually.

for i in seq 1 10; do ping -c 1 192.168.0.$i; arp -n 192.168.0.$i | grep -v Address | grep -v incomplete | awk ‘{print $1 ” ”  $3}’ >> ip-mac.txt; done

This command will get required mac address with IP in a file named ip-mac.txt

cat ip-mac.txt 00:1D:09:6B:3C:28 00:1D:09:6A:EA:02 00:1D:09:71:2C:34 00:1D:09:6A:CB:85 00:1D:09:6A:C3:15 00:1D:09:6A:CA:8B 00:1D:09:6A:CB:DA 00:1D:09:6A:CC:34 00:1D:09:6B:11:76 00:1D:09:6B:36:6F

2) Create ACL For SQUID.

I will create a small bash script to easy my work.

To get acl for mac

cat ip-mac.txt | while read a; do b=echo $a | cut -f 2 -d " "; echo “acl mac$i arp $b” >> squid-mac-filter.txt; i=expr $i + 1; done

cat squid-mac-filter.txt
acl mac1 arp 00:1D:09:6B:3C:28
acl mac2 arp 00:1D:09:6A:EA:02
acl mac3 arp 00:1D:09:71:2C:34
acl mac4 arp 00:1D:09:6A:CB:85
acl mac5 arp 00:1D:09:6A:C3:15
acl mac6 arp 00:1D:09:6A:CA:8B
acl mac7 arp 00:1D:09:6A:CB:DA
acl mac8 arp 00:1D:09:6A:CC:34
acl mac9 arp 00:1D:09:6B:11:76
acl mac10 arp 00:1D:09:6B:36:6F

To get acl for ip

cat ip-mac.txt | while read a; do b=echo $a | cut -f 1 -d " "; echo “acl ip$i src $b” >> squid-ip-filter.txt; i=expr $i + 1; done

cat squid-ip-filter.txt
acl ip1 src
acl ip2 src
acl ip3 src
acl ip4 src
acl ip5 src
acl ip6 src
acl ip7 src
acl ip8 src
acl ip9 src
acl ip10 src

To generate http_access allow lines, you have to get the max number of your list of IP’s and MAC’s. Here i have is 10, sure both will be the same 🙂

for i in seq 1 10; do echo “http_access allow mac$i ip$i” >> http-access-squid.txt; done

cat http-access-squid.txt
http_access allow mac1 ip1
http_access allow mac2 ip2
http_access allow mac3 ip3
http_access allow mac4 ip4
http_access allow mac5 ip5
http_access allow mac6 ip6
http_access allow mac7 ip7
http_access allow mac8 ip8
http_access allow mac9 ip9
http_access allow mac10 ip10

Now concatinate three files i.e squid-ip-filter.txt, squid-mac-filter.txt and http_access_squid.txt

cat squid-mac-filter.txt squid-ip-filter.txt http-access-squid.txt >> acl-final.txt

and copy from acl-final.txt to paste on appropriate location in squid.conf, dont forget to put http_access deny all on the last :).

To get more help on it please use comments.

Pin It

related posts

103 Responses to How To Bind MAC with IP in SQUID

  1. Shahil says:

    @Sohail SIr,

    I have sent my squid.conf file to you .

  2. shahzad says:

    Dear sohail,
    My question is same as above by Mr. Amir, that how can we authenticate multiple subnets with the presence of L3 switch between users and squied. I can authenticate them with ip+username/password. But i need mac authentication aswell. is there any way so that i can use all ip+mac+username/pass authentication same time.???


  3. Thanks Sohail Riaz
    I got exactly what i needed from your website. Thanks a lot . As i am having around 800 machines i was wondering how to bind the all the mac address and ip manually . Your tutorial works great

    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

« »