![](https://seccdn.libravatar.org/avatar/da97dfa812a91dc773eed335ab447d9c.jpg?s=120&d=mm&r=g)
James Knott wrote:
i have installed opensuse 10 on the gateway of a medium-sized network. i want the gateway to be able to do packet forwarding and ip masquerading for only some hosts of the internal network (172.16.0.0/16). in other words, i want to share the internet connection with only those clients that i select. using acl-s in squid in not the answer, because i want to control *all* traffic, not only http or ftp. can this be done using free/opensource software? i am not an advanced net admin, so if the answer involves advanced topics, please try to provide some tutorial links too. thanks.
You could filter on IP address. Set up your DHCP server, so that it reserves specific addresses for those computers and block the rest.
You could also give those computers a static alias address, which is permitted to pass through the firewall.
thanks for your answer. dhcp isn't involved in this case - all hosts have static ip-s. but dhcp or static, the problem remains the same. you have talked about permitting certain ip-s to pass through the firewall. but how exactly do i implement this filtering scheme? what iptables options do i need? what parameters do i add to the SuSEfirewall script? suppose i want to share the connection with 172.16.0.5 and 172.16.0.10, but not with any other machine on the network. what do i do to implement this? thanks. - t. -- cogito, ergo es.