Dear Sir, Thank you very much for your detailed reply...
On Wed, May 4, 2011 at 11:05 AM, Adam Thompson <[email protected]>wrote: > This is a frequently asked question both here and elsewhere, including > squid-specific forums. > > The question arises from an imperfect understanding of IP networking. One > of the cornerstones of IP is the decoupling of data-link and network layers. > There is no inherent requirement in IP to even have a MAC address - that is > a peculiarity of Ethernet (and several other network types). The ARP > protocol exists to *prevent* administrators from needing to know MAC > addresses! > > Any method for tying squid ACLs to MAC addresses relies on several > unjustifiable assumptions. One, that MAC addresses are fixed, unique > identifiers. They are not - it is trivial to change MAC addresses. And > two, that the squid server can know the client's MAC address. This is only > valid in the case of a single, unrouted Ethernet LAN. As soon as an IP > packet crosses a router, you lose the MAC data. There are several scenarios > where using a wireless network will produce untrustable MAC addresses. > > Lastly, this concept attempts to directly couple the top and bottom layers > of the OSI model. The layers of the OSI model exist precisely so that the > Data Link layer is fully independent from the Session layer. > > The best solution is generally considered to be the use of proxy > authentication, which ties rules to individual users - this is usually the > goal anyway! > > -Adam > > > "Shali K.R." <[email protected]> wrote: > > >Dear all, > > > >I have a doubt , i am using pfsense with squid and squidguard and my > >different privilege configurations are based on ip address in squidguard > but > >some of my users chaning their ips and getting unauthorized access. is > there > >any method to trace the mac ids ??? > >-- > >Thanks & Regards > > > >Shali K R > >Server Administrator > >Vidya Academy of Science & Technology > >Thrissur,Kerala. > >Mob:9846303531 > -- Thanks & Regards Shali K R Server Administrator Vidya Academy of Science & Technology Thrissur,Kerala. Mob:9846303531
