Shorewall users - Sep 2002 - how to do nat only for certain hosts on 192.168.x.x internal subnet?

Hello all,

i have a 3 nic system, ext,loc,dmz.

i have 192.168.1.x addresses on the loc side. there is no nat from the loc to
the inet side so far, everything is going through squid proxy and mailservers.

now i would need nat access to the internet for certain hosts on my 192.168.1.x
net. i have a dhcp range from 192.168.1.1 to 192.168.1.100
and i would like to give some boxes static 192.168.1.101-110 addresses, so that
these 10 boxes would be allowed to access the inet through nat, the others in
the dhcp range will only need squid access...

whats the best way to do this?

actually how could i differentiate for certain services on the internet. the 10
boxes would need ftp/domain access to the outside at first, but maybe there will
be some more requirements.

Thanks,
Andy

On Mon, 9 Sep 2002, Andreas Bittner wrote:
> Hello all,
>
> i have a 3 nic system, ext,loc,dmz.
>
> i have 192.168.1.x addresses on the loc side. there is no nat from the loc
to the inet side so far, everything is going through squid proxy and
mailservers.
>
> now i would need nat access to the internet for certain hosts on my
192.168.1.x net. i have a dhcp range from 192.168.1.1 to 192.168.1.100
> and i would like to give some boxes static 192.168.1.101-110 addresses, so
that these 10 boxes would be allowed to access the inet through nat, the others
in the dhcp range will only need squid access...
>
> whats the best way to do this?
>
> actually how could i differentiate for certain services on the internet.
the 10 boxes would need ftp/domain access to the outside at first, but maybe
there will be some more requirements.
>
Please check the archives -- seems like this issue has been discussed
several times before.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net