re-directing through squid using MAC

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

re-directing through squid using MAC

Wolfgang Paul Rauchholz
I got two questions actualy. I want to re-direct all traffic certain users (parental control...) through squid.

(1)  What i the best possibility to do so independently of whether they are on the LAN or are outside home?
(2) If I only want to re-direct when they are on the LAN; can I do this by capturing the MAC address of their devices?

Thank you! 


Wolfgang Rauchholz
+34 627 994 977


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: re-directing through squid using MAC

Amos Jeffries
Administrator
On 30/01/21 8:19 pm, Wolfgang Paul Rauchholz wrote:
> I got two questions actualy. I want to re-direct all traffic certain
> users (parental control...) through squid.
>
> (1)  What i the best possibility to do so independently of whether they
> are on the LAN or are outside home?

There is no single way which can do it for both of those environments.


> (2) If I only want to re-direct when they are on the LAN; can I do this
> by capturing the MAC address of their devices?
>

Moving traffic around is a feature of the network routing system. The
answer to that depends on which OS you have within yoru network and what
they can do.

That is also why there is no single solution to (1). You have little or
no control over router settings beyond your own network - so a very
different setup is needed for non-LAN traffic.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: re-directing through squid using MAC

Eliezer Croitoru-3
In reply to this post by Wolfgang Paul Rauchholz

Hey,

 

There are many solutions for these however it depends on couple things.

The first thing is the parental and kids/children/others cooperation.

Ie if the kids know and want to use the solution.

 

I believe that parenting starts based on understanding that there is a Threat out there.

Today it’s the  same thing like fire and other hazards awareness.

If the kids/children/others in the house doesn’t believe that there is a threat it is the obligation of the parents and
the community to teach and educate them about the subject(To my believe A demo is always a last resort solution).

( I have seen many adults which doesn’t believe even after they have been hit..

Ie they have a virus on their PC or Mobile and they still believe that there is not issue.

Even after these are being given a demo of what is being leaked from their PC and Mobile they don’t care. )

 

Lately I have seen couple new WIFI solutions(The old doesn’t work anymore..) which offers some parental control
in the house bundled in the product that has a management and control app for the parents.

I don’t know if these can be compared to squid.

 

I can just say that IDS and AV with squid would require some kind of customization and I believe that it’s worth
to try some ready to use solutions as a part of the kids/children and adults education.

It’s like riding a bicycle, if you will try to create one yourself… it depends on your “blacksmith” or “iron man” skills.

 

 

To force the PC or the mobile would be different solution but they both require some application these days.

 

On your LAN it will also depend on the cooperation.

When you want to capture traffic on LAN it would probably be by the combination of MAC and IP.

These two are both tied to one another…

There are many devices these day who tries to dynamically assign mac address to avoid what you are trying to achieve.

To overcome this you are probably better use one of these below (or more..):

  • 802x authentication for WIFI
  • Redirect all traffic except the identified devices by their MAC+IP(FROM DHCP)
  • HotSpot authentication

 

I have implemented the above solutions on both a Linux device and Mikrotik.

Currently I am using Mikrotik Router which does all of the above else then the filtering itself which I am using
an external service which does better tls/ssl inspection and categorizing then I can provide with Squid and a subscription.

(…No hard feelings with the Squid project)

 

All The Bests,

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

Zoom: Coming soon

 

 

From: squid-users <[hidden email]> On Behalf Of Wolfgang Paul Rauchholz
Sent: Saturday, January 30, 2021 9:19 AM
To: [hidden email]
Subject: [squid-users] re-directing through squid using MAC

 

I got two questions actualy. I want to re-direct all traffic certain users (parental control...) through squid.

 

(1)  What i the best possibility to do so independently of whether they are on the LAN or are outside home?

(2) If I only want to re-direct when they are on the LAN; can I do this by capturing the MAC address of their devices?

 

Thank you! 

 


Wolfgang Rauchholz

+34 627 994 977

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: re-directing through squid using MAC

Majed Zouhairy

wifi ? so you would rather get up at nights just so not to expose to some sites?

30.01.21 20:12, Eliezer Croitoru пишет:

Hey,

 

There are many solutions for these however it depends on couple things.

The first thing is the parental and kids/children/others cooperation.

Ie if the kids know and want to use the solution.

 

I believe that parenting starts based on understanding that there is a Threat out there.

Today it’s the  same thing like fire and other hazards awareness.

If the kids/children/others in the house doesn’t believe that there is a threat it is the obligation of the parents and
the community to teach and educate them about the subject(To my believe A demo is always a last resort solution).

( I have seen many adults which doesn’t believe even after they have been hit..

Ie they have a virus on their PC or Mobile and they still believe that there is not issue.

Even after these are being given a demo of what is being leaked from their PC and Mobile they don’t care. )

 

Lately I have seen couple new WIFI solutions(The old doesn’t work anymore..) which offers some parental control
in the house bundled in the product that has a management and control app for the parents.

I don’t know if these can be compared to squid.

 

I can just say that IDS and AV with squid would require some kind of customization and I believe that it’s worth
to try some ready to use solutions as a part of the kids/children and adults education.

It’s like riding a bicycle, if you will try to create one yourself… it depends on your “blacksmith” or “iron man” skills.

 

 

To force the PC or the mobile would be different solution but they both require some application these days.

 

On your LAN it will also depend on the cooperation.

When you want to capture traffic on LAN it would probably be by the combination of MAC and IP.

These two are both tied to one another…

There are many devices these day who tries to dynamically assign mac address to avoid what you are trying to achieve.

To overcome this you are probably better use one of these below (or more..):

  • 802x authentication for WIFI
  • Redirect all traffic except the identified devices by their MAC+IP(FROM DHCP)
  • HotSpot authentication

 

I have implemented the above solutions on both a Linux device and Mikrotik.

Currently I am using Mikrotik Router which does all of the above else then the filtering itself which I am using
an external service which does better tls/ssl inspection and categorizing then I can provide with Squid and a subscription.

(…No hard feelings with the Squid project)

 

All The Bests,

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

Zoom: Coming soon

 

 

From: squid-users [hidden email] On Behalf Of Wolfgang Paul Rauchholz
Sent: Saturday, January 30, 2021 9:19 AM
To: [hidden email]
Subject: [squid-users] re-directing through squid using MAC

 

I got two questions actualy. I want to re-direct all traffic certain users (parental control...) through squid.

 

(1)  What i the best possibility to do so independently of whether they are on the LAN or are outside home?

(2) If I only want to re-direct when they are on the LAN; can I do this by capturing the MAC address of their devices?

 

Thank you! 

 


Wolfgang Rauchholz

+34 627 994 977

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: re-directing through squid using MAC

Eliezer Croitoru-3

Hey,

 

Sorry I didn’t understood the question?

How exactly what I wrote say what have asked? And Also yes,
I would like to wake up at night for my kids rather then grow up into monsters.

 

WIFI? Whats the question?

Kids do not get wifi… on what ages of kids were you asking?

The same goes about Mobile phones, the difference between WIFI and Mobile 4G is only the .. Power of amplification.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

Zoom: Coming soon

 

 

From: squid-users <[hidden email]> On Behalf Of Majed Zouhairy
Sent: Saturday, January 30, 2021 7:19 PM
To: [hidden email]
Subject: Re: [squid-users] re-directing through squid using MAC

 

wifi ? so you would rather get up at nights just so not to expose to some sites?

30.01.21 20:12, Eliezer Croitoru пишет:

Hey,

 

There are many solutions for these however it depends on couple things.

The first thing is the parental and kids/children/others cooperation.

Ie if the kids know and want to use the solution.

 

I believe that parenting starts based on understanding that there is a Threat out there.

Today it’s the  same thing like fire and other hazards awareness.

If the kids/children/others in the house doesn’t believe that there is a threat it is the obligation of the parents and
the community to teach and educate them about the subject(To my believe A demo is always a last resort solution).

( I have seen many adults which doesn’t believe even after they have been hit..

Ie they have a virus on their PC or Mobile and they still believe that there is not issue.

Even after these are being given a demo of what is being leaked from their PC and Mobile they don’t care. )

 

Lately I have seen couple new WIFI solutions(The old doesn’t work anymore..) which offers some parental control
in the house bundled in the product that has a management and control app for the parents.

I don’t know if these can be compared to squid.

 

I can just say that IDS and AV with squid would require some kind of customization and I believe that it’s worth
to try some ready to use solutions as a part of the kids/children and adults education.

It’s like riding a bicycle, if you will try to create one yourself… it depends on your “blacksmith” or “iron man” skills.

 

 

To force the PC or the mobile would be different solution but they both require some application these days.

 

On your LAN it will also depend on the cooperation.

When you want to capture traffic on LAN it would probably be by the combination of MAC and IP.

These two are both tied to one another…

There are many devices these day who tries to dynamically assign mac address to avoid what you are trying to achieve.

To overcome this you are probably better use one of these below (or more..):

  • 802x authentication for WIFI
  • Redirect all traffic except the identified devices by their MAC+IP(FROM DHCP)
  • HotSpot authentication

 

I have implemented the above solutions on both a Linux device and Mikrotik.

Currently I am using Mikrotik Router which does all of the above else then the filtering itself which I am using
an external service which does better tls/ssl inspection and categorizing then I can provide with Squid and a subscription.

(…No hard feelings with the Squid project)

 

All The Bests,

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

Zoom: Coming soon

 

 

From: squid-users [hidden email] On Behalf Of Wolfgang Paul Rauchholz
Sent: Saturday, January 30, 2021 9:19 AM
To: [hidden email]
Subject: [squid-users] re-directing through squid using MAC

 

I got two questions actualy. I want to re-direct all traffic certain users (parental control...) through squid.

 

(1)  What i the best possibility to do so independently of whether they are on the LAN or are outside home?

(2) If I only want to re-direct when they are on the LAN; can I do this by capturing the MAC address of their devices?

 

Thank you! 

 


Wolfgang Rauchholz

+34 627 994 977

 



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users