-
30
May
In this how to i describe how to bind MAC with IP to restrict users in your network to change their IP’s to bypass filtering. To ease the setup i will create small scripts to simplify our work. Here i will not describe how to config squid and how to run it. I assume you have already configure it.
1) Grep MAC Addresses
Let suppose we have 10 machines with IPs range 192.168.0.1 – 192.168.0.10, you have to get mac address for them using following command.
Besure your machines are up and pingable, else you will get empty lines and you have to remove them manually.
for i in `seq 1 10`; do ping -c 1 192.168.0.$i; arp -n 192.168.0.$i | grep -v Address | grep -v incomplete | awk ‘{print $1 ” “ $3}’ >> ip-mac.txt; done
This command will get required mac address with IP in a file named ip-mac.txt
cat ip-mac.txt
192.168.0.1 00:1D:09:6B:3C:28
192.168.0.2 00:1D:09:6A:EA:02
192.168.0.3 00:1D:09:71:2C:34
192.168.0.4 00:1D:09:6A:CB:85
192.168.0.5 00:1D:09:6A:C3:15
192.168.0.6 00:1D:09:6A:CA:8B
192.168.0.7 00:1D:09:6A:CB:DA
192.168.0.8 00:1D:09:6A:CC:34
192.168.0.9 00:1D:09:6B:11:76
192.168.0.10 00:1D:09:6B:36:6F
2) Create ACL For SQUID.
I will create a small bash script to easy my work.
To get acl for mac
i=1
cat ip-mac.txt | while read a; do b=`echo $a | cut -f 2 -d ” “`; echo “acl mac$i arp $b” >> squid-mac-filter.txt; i=`expr $i + 1`; done
cat squid-mac-filter.txt
acl mac1 arp 00:1D:09:6B:3C:28
acl mac2 arp 00:1D:09:6A:EA:02
acl mac3 arp 00:1D:09:71:2C:34
acl mac4 arp 00:1D:09:6A:CB:85
acl mac5 arp 00:1D:09:6A:C3:15
acl mac6 arp 00:1D:09:6A:CA:8B
acl mac7 arp 00:1D:09:6A:CB:DA
acl mac8 arp 00:1D:09:6A:CC:34
acl mac9 arp 00:1D:09:6B:11:76
acl mac10 arp 00:1D:09:6B:36:6F
To get acl for ip
i=1
cat ip-mac.txt | while read a; do b=`echo $a | cut -f 1 -d ” “`; echo “acl ip$i src $b” >> squid-ip-filter.txt; i=`expr $i + 1`; done
cat squid-ip-filter.txt
acl ip1 arp 192.168.0.1
acl ip2 arp 192.168.0.2
acl ip3 arp 192.168.0.3
acl ip4 arp 192.168.0.4
acl ip5 arp 192.168.0.5
acl ip6 arp 192.168.0.6
acl ip7 arp 192.168.0.7
acl ip8 arp 192.168.0.8
acl ip9 arp 192.168.0.9
acl ip10 arp 192.168.0.10
To generate http_access allow lines, you have to get the max number of your list of IP’s and MAC’s. Here i have is 10, sure both will be the same 
for i in `seq 1 10`; do echo “http_access allow mac$i ip$i” >> http-access-squid.txt; done
cat http-access-squid.txt
http_access allow mac1 ip1
http_access allow mac2 ip2
http_access allow mac3 ip3
http_access allow mac4 ip4
http_access allow mac5 ip5
http_access allow mac6 ip6
http_access allow mac7 ip7
http_access allow mac8 ip8
http_access allow mac9 ip9
http_access allow mac10 ip10
Now concatinate three files i.e squid-ip-filter.txt, squid-mac-filter.txt and http_access_squid.txt
cat squid-mac-filter.txt squid-ip-filter.txt http-access-squid.txt >> acl-final.txt
and copy from acl-final.txt to paste on appropriate location in squid.conf, dont forget to put http_access deny all on the last .
To get more help on it please use comments.
- Submit to:
- Published by Sohail Riaz in: Linux SQUID
- If you like this blog please take a second from your precious time and subscribe to my rss feed!
72 Responses to “How To Bind MAC with IP in SQUID”
@Rashid: If you need books for RHCE, kindly call me for it that we can decide how to give you ?
Sohail bhai: Umrah Mubarik.
I solved that problem that made little amendments in ifcfg-eth0 file and restart and then again put IPs so problem solved.
How to configure the DNS and
like active directory can we create users in Linux and authenticate the windows clients through him……..
seconly in squid access.log file he shows only IP address
Is there any way to specifically see that which user is downloading and how much and can username appears in log file………..
1) You have to configure NIS Server for centralized login. You can find good DNS articles from google.com, use one and we will discuss if there is any problem. I have written dynamic dns post, you can find it here.
http://www.sohailriaz.com/how-to-configure-dynamic-dns-fedora-core-4-setup/
#############################
#############################
2)It depends on what access list you have defined. If you defined access list using IP addresses, you will only see IP addresses. To see which user seeing what enable user authentication in squid and it can also be seen by using my another post.
http://www.sohailriaz.com/anonymous-proxy-using-squid-3/
hi sir…how will i configure –enable-arp-acl in squid……i m not getting correct path so please help me…..
hi sir, happy eid mubarik
sir I want to know about disk partition in Linux and also want to install the RHCE enterprise edition 5
have two partitions with one 80 G.B harddisk
/dev/hda1 and /dev/hda2
Device Boot Start end Blocks id system
/dev/hda1 * 1 15 83 linux
/dev/hda2 16 9729 8e linux LVM
DO I HAVE SOME REMAINING SPACE…….?
and If I want to do further partitions in existing then how……?
here their is any concept of primary and secondary(logical) partitions………?
kindly help to understand this concept and if there is any relevant video then its very helpful for me………..
Kind regards,
OOOOppps
I delete the /dev/hda2 partition and again create the extended partition through fdisk……..and then create further logical partitions…….
now after restarting he give me below mentioned error
kernel panic– not syncing: attempted to kill init!
now sir,,
how to resolve this problem
please help me
@Rashid: You have done already. what i see from your partition table i.e
/dev/hda1 was /boot partition and /dev/hda2 is was LVM and which was further divided to hold / and other partition.
Now as you already deleted everything, please reinstall your desired OS.
You need to learn what/when and how to delete partition in linux.
————–
Regards,
sir, /dev/hda1 is my boot partition and i think operating system should reside on that partition….
if I deleted /dev/hds2 then what I do wrong
kindly brief me OR JUST refer me some documentation about LVM …….
and sir where is my books……
best regards,
Rashid
and sir, Can you please provide me the RHCE enterprise edition CD…………
@Rashid, I will give books on saturday for photostate as i went to makkah and didnt get time on return to give it for photostate.
For RedHat CD’s i have them in my computer in office. How can i deliver to you.
———————
Regards,
sir I will ask my friend to collect the CD’s from you on saturday sir if it is possible then plz give the books to photocopier for photocopies by saturday morning so he done his job till evening and then My friend will collect the books along with the CD’s from you in the evening at 7 to p p.m.
sir, I will also call you Saturday early morning……
sir whats about the solution of this problem theory wise
Sir, I start reading the first book……… interesting and not difficult too………..
sir, I need the cd’s for hands on the labs
please upload and forward me the link…
Thanks
Rashid
sir, where r u ………………
how to copy the folder containing files and many other folders with cp command..
any switch
me try but only copy the files not the directories.
Sir, Yesterday I tried to logon through user account
he gives me below error:
GDM could not write to your authorization file. this could mean that you are out of disk space or that your home directory could not be opened for writing. in any case it is not possible to log in. please contact your system administrator.
i think the /usr directory have not enough space..
kindly guide me
thanks
Dear Sohail Bhai
please suggest a good and comprehensive book of Redhat Linux which is covered all things and where can i get it from Karachi?????/
Dear Sohail,
AOA
i have followed you web site and you squid section for MAC to IP bind
but it dont work on my system plz check my squid file and comment plz
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl mac1 arp 00:1C:23:0B:70:8E
acl ip1 src 172.16.0.2
http_access allow ip1 mac1
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 1024 MB
cache_dir ufs /var/spool/squid 10280 16 256
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
visible_hostname testproxy.kust.edu.pk
icp_port 3130
coredump_dir /var/spool/squid
Does my mac adresse change if I upgrade my computer with some other hardware? For example change the graphic card?
@peter: Every Network Card has unique MAC Address and it associate to it only. If you change anything else will not change it. Yes if you changed your Network Card then the MAC address will be change and it will be associate to new Network Card.
————–
Regards,
Leave a Reply