I'm using the entire 10.0.0.0/8 subnet on the private side.
I want to allow a certain section of the subnet (say 10.0.0.2 - 10.0.31.254) to access the internet via linux router but not the rest of the network(10.0.32.1 - 10.255.255.254)
I have tried iptables -t nat -A POSTROUTING -s 10.0.0.0/19 -o eth0 -j MASQUERADE 10.0.0.0/19 is 10.0.0.2 - 10.0.31.254 but with that none of the workstations can access the net
I know the entire 10.0.0.0/8 is 16,777,214 ip addresses but I have my reasons
Thankyou
I figured it out via this question How to allow a range of IP's with IPTABLES?
its:
iptables -t nat -A POSTROUTING -m iprange --src-range (start ip)-(end ip) -o eth0 -j MASQUERADE
example: iptables -t nat -A POSTROUTING -m iprange --src-range 10.0.0.2-10.0.31.255 -o eth0 -j MASQUERADE
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
You can write ACL in squid and allow/disallow on the basis of your requirement.