Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: steve on June 27, 2003, 06:53:59 AM

Title: squid & MAC address to block web access
Post by: steve on June 27, 2003, 06:53:59 AM

Hi. I've seen the thread on limiting web access via iptables and MAC address, but does anyone know if the precompiled squid with SME5.5/5.6 was compiled using the --enable-arp-acl option? Thus I can limit web access by MAC address via squid.

I know I could just try it, but if anyone's done it before.....? would save me time!

thanks, -steve.

Title: Re: squid & MAC address to block web access
Post by: Grub on June 29, 2003, 05:46:49 PM

Check from the srpm files

Title: Re: squid & MAC address to block web access
Post by: steve on July 01, 2003, 02:28:42 PM

I'll be happy for someone to prove me wrong, but I think the answer to this is no. arp acl option is not recognised when I try it out.

blocking by IP address and using proxy authentication seem to be only default options with squid on SME5.6 (authentication modules are in /usr/lib/squid)

will try the iptables.

-steve.

Title: Re: squid & MAC address to block web access
Post by: Charlie Hartill on July 10, 2003, 09:34:08 PM

Does anyone have any more news on this?

I'd like users to be able to access the SME box but not outside, preferably on a per ip or ip range.

Charlie

Title: Re: squid & MAC address to block web access
Post by: Cyrus Bharda on July 11, 2003, 03:09:11 AM

Charlie,

I use Vincent's squid proxy rpm with a couple of templates added in to allow me to add in IP's that do not need authentication, so I set it to protected (auth on) and then do not allow any username/passwords access to the proxy, but add in those IP's I wish to have access without username/passwords, but I have not tested the custom addon templates on 5.6, only 5.5 so I dont know if they work for 5.6.

Also I do not have Vincent's 5.6 rpm, only 5.5 in my contribs.org contrib area, but you can try his site:

http://www.e-smith.dyndns.org/
Mirror:
http://linux06.chez.tiscali.fr/

Cyrus Bharda

Title: Re: squid & MAC address to block web access
Post by: Charlie Hartill on July 11, 2003, 05:55:24 PM

Thanks for that Cyrus - it looks like what I want, but I get the errors below.

I already have ProxyPass installed & Content Filtering (which I tried to get rid of but failed).

Could there be an obvious conflict?

Once again my thanks to you good people. I installed Spamassassin & ClamAV on two servers yesterday without a hitch & am shining in reflected glory. It's such a good way to learn Linux.

Charlie




[root@AMHURST squid]# rpm -Uvh sme-squid-1.0-2.i386.rpm
Preparing...                ########################################### [100%]
Stopping squid: .[   OK   ]
   1:sme-squid              ########################################### [100%]
ERROR in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Program fragment delivered error <> at template line 163
ERROR in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Program fragment delivered error <> at template line 180
ERROR in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Program fragment delivered error <> at template line 200
WARNING in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Unquoted string "false" may clash with future reserved word at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 241.
WARNING in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Unquoted string "false" may clash with future reserved word at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 245.
WARNING in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Scalar found where operator expected at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 253, near "//$intNumHiddenFiles"
WARNING in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php:      (Missing operator before $intNumHiddenFiles?)
WARNING in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Unquoted string "break" may clash with future reserved word at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 254.
ERROR in /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php: Program fragment delivered error <syntax error at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 241, near "!=="
syntax error at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 253, near "//$intNumHiddenFiles"
syntax error at /etc/e-smith/templates-custom//etc/squid/squid.conf/index.php line 262, near "}
            }">> at template line 217
ERROR: Template processing failed for //etc/squid/squid.conf: 5 fragments generated warnings, 4 fragments generated errors
 at /sbin/e-smith/expand-template line 64

Title: Re: squid & MAC address to block web access
Post by: Cyrus Bharda on July 14, 2003, 03:38:07 AM

Charlie,

I am sorry but I have absolutly no clue as to what is causing your errors?

Are you using the right rpm for your version of SME, you need different versions for 5.5 and 5.6?

Other than re-downloading again to make sure you got a good copy I cannt think of anything else, and those error messages are greek to me, sorry!

Cyrus Bharda

Title: Re: squid & MAC address to block web access
Post by: Abe Loveless on August 07, 2003, 01:14:59 AM

Unfortunately, I know exactly what those errors are...  They're from an earlier version of the ProxyPass contrib, which accidentally dropped a file called index.php into the /etc/e-smith/templates-custom/squid/squid.conf/ directory.

Just delete that file, and re-expand the template

/sbin/e-smith/expand-template /etc/squid/squid.conf

And you should be all set.