Hi, I want to implement a masquerading proxy ( I hope I am clear here ) on a network of 50 machines. Out of this only 25 machines say 192.168.0.1-192.168.0.25 need to connect to net. Squid will be the caching proxy. I just want to know whether I have to put a rule as, 1. #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Then I redirect all request to port 80 to port 3128 of squid Then I make necessary acl changes in squid.conf to allow only 192.168.0.1-192.168.0.25. And then for ftp I put iptables ACCEPT rules for these ips in iptables ruleset and block rest. OR 2. #iptables -t nat -A POSTROUTING -s 192.168.0.1/xx -j MASQUERADE Will this rule do? Also what to put in place of xx for allowing 192.168.0.1-192.168.0.25. I also I will have to put port redirection of 80 to 3128 and use squid access list. Can someone tell me which of the solution should I implement and if they are right. Thanks a lot in advance and bye. -Payal
