Thanks to all for the great reponses and choices, but I like Ulrich Gebauer's way the best :-) iptables -t nat -A POSTROUTING -s x.x.x.x/x -j ACCEPT iptables -t nat -A POSTROUTING -s y.y.y.y -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE Makes the most sense to me and will be the easiest way for me to teach others. Thanks again, Ted On Mon, 2003-10-13 at 09:24, Ralf Spenneberg wrote: > Am Mon, 2003-10-13 um 11.44 schrieb Ted Kaczmarek: > > I presently exclude 1 ip block in POSTROUTING using > > "! X.X.X.X/24" . Is their a way to specify multiple ranges that are > > excluded? > Only if you can combine them in one network, like: > 10.0.0.0/8 and 11.0.0.0/8 can be written as 10.0.0.0/7 > > > or > > Is their a way to have POSTROUTING only have affect on a certain > > interface? > You can use -o eth0 to specify the interface in you rules. > > Cheers, > > Ralf
