![](https://seccdn.libravatar.org/avatar/da97dfa812a91dc773eed335ab447d9c.jpg?s=120&d=mm&r=g)
Darryl Gregorash wrote:
These are sufficient to enable masquerading for all systems in your internal network. To restrict which of those systems can actually access the internet, you also need
FW_MASQ_NETS set it equal to the desired net/mask, here 172.16.0.0/16.
so suppose i want to do NAT only for 172.16.0.5 and 172.16.2.10, and block the rest of the network. do i set the value of the FW_MASQ_NETS field to 172.16.0.5/32 and 172.16.2.10/32 ? additionally, the gateway also serves the 192.168.0.0/24 network, on which there is no sharing restriction. so there are 3 network interfaces: o 1 external and connected to the internet o 1 internal with restrictions (172.16.0.0/16, on which i want to serve only 172.16.0.5 and 172.16.2.10) and o another internal with no restriction (192.168.0.0/24) could you please give me the syntax of the FW_MASQ_NETS field that would fit the above scenario? thanks. - t. -- cogito, ergo es.