Ola amigos ... Tenho um servidor de rede aqui com duas placas de rede, coloque nele um controle de mac junto com ip, o par mac ip, quando o usuario tracava o ip mesmo estando com o seu mac antigo ele n�o navegava e nem fazia FTP, emfim nada usava internet de maneira alguma, mais ai coloquei um servidor cache nesse servidor, squid na porta 3128 OK Da a associa��o MAC + IP n�o funciona com o squid, se o usuario mudar o ip ele consegue navegar normal, porem as outras atividades s�o bloqueadas, ,fa�o isso por meu de um scrip que peguei na internet: IPT=/usr/sbin/iptables PROGRAMA=/etc/rc.d/fw/mac_ip NET_IFACE=eth0 LAN_IFACE=eth1 MACLIST=/etc/rc.d/fw/maclist echo 1 > /proc/sys/net/ipv4/ip_forward case $1 in start) $IPT -F $IPT -t nat -F $IPT -t filter -P FORWARD DROP for i in `cat $MACLIST`; do STATUS=`echo $i | cut -d ';' -f 1` IPSOURCE=`echo $i | cut -d ';' -f 3` MACSOURCE=`echo $i | cut -d ';' -f 2` #Se status = a ent��o eu libera a conexao if [ $STATUS = "a" ]; then $IPT -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j ACCEPT $IPT -t filter -A FORWARD -d $IPSOURCE -s 0/0 -j ACCEPT $IPT -t nat -A POSTROUTING -s $IPSOURCE -o $NET_IFACE -j MASQUERADE $IPT -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j ACCEPT $IPT -t filter -A OUTPUT -s $IPSOURCE -d 0/0 -j ACCEPT
# Se for = b ent��o bloqueia o MAC else $IPT -t filter -A FORWARD -m mac --mac-source $MACSOURCE -j DROP $IPT -t filter -A INPUT -m mac --mac-source $MACSOURCE -j DROP $IPT -t filter -A OUTPUT -m mac --mac-source $MACSOURCE -j DROP #aqui minhas tentaivas para usar o par mac ip na porta 3128!!! ################################################################################### #$IPT -t filter -A FORWARD -p tcp --dport 3128 -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A INPUT -p tcp --dport 3128 -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A OUTPUT -p tcp --dport 3128 -m mac --mac-source $MACSOURCE -j DROP # #$IPT -t filter -A FORWARD -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A INPUT -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A OUTPUT -d 0/0 -s $IPSOURCE -m mac --mac-source $MACSOURCE -j DROP # #$IPT -t filter -A FORWARD -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A INPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j DROP #$IPT -t filter -A OUTPUT -s $IPSOURCE -d 0/0 -m mac --mac-source $MACSOURCE -j DROP #################################################################################### $IPT -t filter -A FORWARD -p tcp --dport 3128 $IPSOURCE -m mac --mac-source $MACSOURCE -j DROP $IPT -t filter -A FORWARD -d $IPSOURCE -p tcp --dport 3128 -j DROP # $IPT -t filter -A INPUT -s $IPSOURCE -p tcp --dport 3128 -m mac --mac-source $MACSOURCE -j DROP $IPT -t filter -A OUTPUT -s $IPSOURCE -p tcp --dport 3128 -j DROP # #aqui fim das minhas tentativas fracassadas!!! fi done echo "PAR MAC IP ATIVADO, SISTEMA PREPARADO !!!" ;; stop) $IPT -F $IPT -Z $IPT -t nat -F $IPT -t filter -P FORWARD ACCEPT echo "FIREWALL DESATIVADO !!!" ;; restart) $PROGRAMA stop $PROGRAMA start ;; esac ###################### esse � o arquivo de configura��o: a;00:20:E0:10:3E:38;192.168.0.10;note a;00:80:AD:8F:7D:8A;192.168.0.2;sinauto a;00:e0:7d:86:2e:71;192.168.0.3;pedro a;00:d0:09:81:d5:68;192.168.0.4;unipecas ############################ Alguem poderia me dizer se existe uma forma de fazer esse associa��o usando squid ?? Ate mais Ronildo Marques ________________________________________________ Message sent using REDE SIVnet - Wireless entre nessa onda voc� tamb�m 2.7.2 -- GUS-BR - Grupo de Usuarios Slackware - BR http://www.slackwarebrasil.org/ http://www.linuxmag.com.br/mailman/listinfo/slack-users
