Use of Linux Internet proxy squid

(1)Guide to configuring the physical address and time of the squid Nic

From: http://www.linuxforum.net/forum/printthread.php? Cat = & board = proxy & main = 293724 & type = thread

During this period, I asked a lot of questions about how to restrict the access time and MAC address of a customer by using a proxy. I will briefly introduce the method implemented by squid.
Due to the weakness of DHCP, we need to control the customer's access to the Internet and cannot limit the IP address. Therefore, it is a good way to control the IP address based on the customer's Nic physical address (MAC.
As far as I know, there are at least four ways to match the customer's MAC address: Switch Port, Mac extension of iptables, static ARP and squid ARP match.
However, most people use Squid proxy servers, so it is best to be one-step.
1. Use squid for Mac matching:

1. To match squid with the MAC address, you must compile Squid by yourself. You can download it here. The latest stable version is 2.4.stable4.

2) Open the tar.gz file, access the corresponding directory (usually the squid-2.4.STABLE4 subdirectory of the directory where the tar.gz file is located), execute

./Configure -- prefix =/APP/squid // This Is My squid directory
-- Enable-ARP-ACL // allow ARP control, that is, match the MAC address
-- Enable-err-Language = simplify_chinese // the error message is in simplified Chinese.
-- Enable-Linux-netfilter // allow transparent proxy

You can use./configure -- help | more to view details.

3. Make; make install

4. Modify/squid_path/etc/squid. conf, which is the default configuration file and can be specified when squid is started, for example, Squid-F/etc/squid. conf.

5. You can use the default values for other options. Let's take a look at the Mac and time control options. The following is a simple example.
# Define two customers whose physical addresses are 00: 02: 01: 50: BB: 53 and 00: 02: 01: 50: BB: 5C.

ACL accept_group ARP 00: 02: 01: 50: BB: 53 00: 02: 01: 50: BB: 5C...
ACL all SRC 0/0
# Allow access to the accept_group Group
Http_access allow accept_group
# Prohibit other unauthorized access
Http_access deny all

Ii. Access time control
For more information about time period settings, see squid. description in Conf, specifically, S-Sunday, M-Monday, T-Tuesday, W-Wednesday, H-Thursday, F-Friday a-Saturday, you can also leave it empty. The time format is H1: M1-H2: m2, the request is earlier than the following.

# Define a common access period from eight o'clock A.M. to five o'clock P.M. every Monday to Friday
ACL accept_time time mtwhf-
# Define the access time of the accept_group group. The access time is not allowed.
Http_access deny accept_group! Accept_time
# Otherwise, access is allowed.
Http_access allow accept_group
# Note: The second allow statement cannot be prefixed; otherwise, the time will be invalid.

In this version, the visible_hostname option must be entered. You can use your own IP address or host name, as if it was not in the previous version.

(2) squid authoritative guide

Http://blog.s135.com/book/squid/

(3) LINUXGenerationManagementServerServicesToolRealNowTotalEnjoyUpperNetwork

Http://wenku.baidu.com/view/664d603043323968011c92b8.html