OT: A Dansguardian package would be so nice! Am Mittwoch, den 04.05.2011, 13:49 +0530 schrieb Shali K.R.: > Dear Sir, > > > Thank you very much for your detailed reply... > > On Wed, May 4, 2011 at 11:05 AM, Adam Thompson <[email protected]> > wrote: > This is a frequently asked question both here and elsewhere, > including squid-specific forums. > > The question arises from an imperfect understanding of IP > networking. One of the cornerstones of IP is the decoupling > of data-link and network layers. There is no inherent > requirement in IP to even have a MAC address - that is a > peculiarity of Ethernet (and several other network types). > The ARP protocol exists to *prevent* administrators from > needing to know MAC addresses! > > Any method for tying squid ACLs to MAC addresses relies on > several unjustifiable assumptions. One, that MAC addresses > are fixed, unique identifiers. They are not - it is trivial > to change MAC addresses. And two, that the squid server can > know the client's MAC address. This is only valid in the case > of a single, unrouted Ethernet LAN. As soon as an IP packet > crosses a router, you lose the MAC data. There are several > scenarios where using a wireless network will produce > untrustable MAC addresses. > > Lastly, this concept attempts to directly couple the top and > bottom layers of the OSI model. The layers of the OSI model > exist precisely so that the Data Link layer is fully > independent from the Session layer. > > The best solution is generally considered to be the use of > proxy authentication, which ties rules to individual users - > this is usually the goal anyway! > > -Adam > > > > "Shali K.R." <[email protected]> wrote: > > >Dear all, > > > >I have a doubt , i am using pfsense with squid and squidguard > and my > >different privilege configurations are based on ip address in > squidguard but > >some of my users chaning their ips and getting unauthorized > access. is there > >any method to trace the mac ids ??? > >-- > >Thanks & Regards > > > >Shali K R > >Server Administrator > >Vidya Academy of Science & Technology > >Thrissur,Kerala. > >Mob:9846303531 > > > > > -- > Thanks & Regards > > Shali K R > Server Administrator > Vidya Academy of Science & Technology > Thrissur,Kerala. > Mob:9846303531 > >
-- Benjamin --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
