![](https://seccdn.libravatar.org/avatar/5e70f769092f3372f14b4f2df58a17e1.jpg?s=120&d=mm&r=g)
On 30/03/06 10:50, Tathagata Banerjee wrote:
Darryl Gregorash wrote:
These are sufficient to enable masquerading for all systems in your internal network. To restrict which of those systems can actually access the internet, you also need
FW_MASQ_NETS set it equal to the desired net/mask, here 172.16.0.0/16.
so suppose i want to do NAT only for 172.16.0.5 and 172.16.2.10, and block the rest of the network.
do i set the value of the FW_MASQ_NETS field to 172.16.0.5/32 and 172.16.2.10/32 ?
additionally, the gateway also serves the 192.168.0.0/24 network, on which there is no sharing restriction.
so there are 3 network interfaces:
o 1 external and connected to the internet
o 1 internal with restrictions (172.16.0.0/16, on which i want to serve only 172.16.0.5 and 172.16.2.10)
and
o another internal with no restriction (192.168.0.0/24)
could you please give me the syntax of the FW_MASQ_NETS field that would fit the above scenario?
192.168.0.0/24 172.16.0.5 172.16.2.10 You will also enter both internal device ids in FW_DEV_INT, eg "eth-id-00:e0:4c:9f:61:9a eth-id-00:b4:e2:5a:43:81" The descriptions of the variables in /etc/sysconfig/SuSEfirewall2 (which is what you are editing in the sysconfig editor) really are quite descriptive. Read carefully, and they will help you to figure out exactly what you need to do.