> I want to implement a masquerading proxy ( I hope I am clear > here ) on a network of 50 machines. Out of this only 25 machines say > 192.168.0.1-192.168.0.25 need to connect to net. Squid will be the > caching proxy. > I just want to know whether I have to put a rule as, Since there's no /xx for your 25 IP's, I'd just REDIRECT everything sent to port 80 (and 443 and maybe others you might need) to 3128, and then use squid's acls to restrict access by IP address range which is quite easy. That is, if you have the whole /24 netblock for yourself. # iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128 Rob
