hmmm, pamilyar yung script ah :-)
I just configure a simple squid authentication and check the IP and
MAC address against /etc/http_user_ip file (which I created manually)
and kung hindi sila match, the packet will be DROP'ped (which is the
default policy).
sa ganitong paraan, makakasiguro ka na ang may may access lang sa
squid mo is yung may match entry sa /etc/http_user_ip and if they
granted access, squid authentication naman :-)
On 7/7/05, Talim Kalayaan <[EMAIL PROTECTED]> wrote:
> On 7/7/05, Junix Gaspar <[EMAIL PROTECTED]> wrote:
> > No embedded system here,
> >
> > its just that u cannot have MAC auth + Login Auth + Network binded together.
> >
> > I want a tight internet capability where users will only be able to
> > use there Internet account on a single PC with specific mac
> > address/identd and network
>
> I think that this piece of code from [1] might help:
>
> # Allow only access to the proxy server if IP and MAC address we're matched
> if [ -f /etc/http_user_ip ]; then
> HTTP_USER_IP=`cat /etc/http_user_ip : awk '{ print $1 }'`
> if [ -z "$HTTP_USER_IP" ]; then
> echo
> echo "access list exist but doesn't contain anything"
> echo "or IP and/or MAC address is/are missing"
> echo "exiting ..."
> echo
> sleep 2
> exit 1
> fi
> for IP in $HTTP_USER_IP
> do
> HTTP_USER_MAC=`grep -w $IP /etc/http_user_ip : awk '{ print $2 }'`
> if [ ! -z "$HTTP_USER_MAC" ]; then
> $FW -A FORWARD -i $INT_IFACE -o $DMZ_IFACE -p tcp -d $DMZ_PROXY \
> -m mac --mac-source $HTTP_USER_MAC -s $IP/32 \
> --dport 8080 -j ACCEPT
> fi
> done
> fi
>
> [1] http://jopoy.com/index.php?entry=entry050426-111322
>
> --
--
jond3rd
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
