Hi, Thanks a lot for the mails. Well, my requirement is simple. I have one Linux box (connected to net) and say 50 Windows clients. On the Linux box I will put squid, qmail, dnscache. Now out of these 50 email clients only some i.e 192.168.0.1-192.168.0.25 need to use net directly i.e. browse sites and ftp outside & use SMTP. The rest just need to use the SMTP for email. Please do not have a picture of a complex setup in mind. In short, 192.168.0.1-192.168.0.25 --> www, ftp and smtp(which is on say 192.168.0.1) 192.168.0.26-192.168.0.50 --> just use SMTP on 192.168.0.1 to send mails outside, but no strict other internet access. Now what rules should I put? I want to use squid as http proxy. I am still unable to get how you figure what 192.168.0.0/27 thing. I can get some help here for this specific problem, but it might cause a problem if I were to increase/decrease the above ip range a bit. So, please tell me how to calculate this. Please also do tell the rules I have to put for masquerading (I need it for ftp atleast, right?) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE This is the box which runs squid and is connected to internet. Any help here please? I think this rule will masquerade for all machines, then I have to use DROP/REJECT for machines 192.168.0.26 onwards. Is there any better and less clumsy way? Thanks a lot and bye. With regards. -Payal
