+++ Tathagata Banerjee [2006-03-30 14:56:26]: > i have installed opensuse 10 on the gateway of a medium-sized network. i > want the gateway to be able to do packet forwarding and ip masquerading > for only some hosts of the internal network (172.16.0.0/16). in other > words, i want to share the internet connection with only those clients > that i select. using acl-s in squid in not the answer, because i want to > control *all* traffic, not only http or ftp. can this be done using > free/opensource software? > i am not an advanced net admin, so if the answer involves advanced > topics, please try to provide some tutorial links too. > thanks.
Shorewall (http://shorewall.net/)seems to provide for something like that # SUBNET # Subnet that you wish to masquerade. You can specify # this as a subnet or as an interface. If you give the # name of an interface, you must have iproute installed # and the interface must be up before you start the # firewall. # # In order to exclude a subset of the specified SUBNET, # you may append "!" and a comma-separated list of IP # addresses and/or subnets that you wish to exclude. # # Example: eth1!192.168.1.4,192.168.32.0/27 # # In that example traffic from eth1 would be # masqueraded unless it came from 192.168.1.4 or # 196.168.32.0/27 -- --------------------------------------------------------------------------- Kingsly At Users Dot SourceForge Dot Net -- http://kingsly.org/ --------------------------------------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
