On 7/7/05, Junix Gaspar <[EMAIL PROTECTED]> wrote:
> No embedded system here,
>
> its just that u cannot have MAC auth + Login Auth + Network binded together.
>
> I want a tight internet capability where users will only be able to
> use there Internet account on a single PC with specific mac
> address/identd and network
I think that this piece of code from [1] might help:
# Allow only access to the proxy server if IP and MAC address we're matched
if [ -f /etc/http_user_ip ]; then
HTTP_USER_IP=`cat /etc/http_user_ip : awk '{ print $1 }'`
if [ -z "$HTTP_USER_IP" ]; then
echo
echo "access list exist but doesn't contain anything"
echo "or IP and/or MAC address is/are missing"
echo "exiting ..."
echo
sleep 2
exit 1
fi
for IP in $HTTP_USER_IP
do
HTTP_USER_MAC=`grep -w $IP /etc/http_user_ip : awk '{ print $2 }'`
if [ ! -z "$HTTP_USER_MAC" ]; then
$FW -A FORWARD -i $INT_IFACE -o $DMZ_IFACE -p tcp -d $DMZ_PROXY \
-m mac --mac-source $HTTP_USER_MAC -s $IP/32 \
--dport 8080 -j ACCEPT
fi
done
fi
[1] http://jopoy.com/index.php?entry=entry050426-111322
--
Talim Kalayaan
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
