I'm using the entire 10.0.0.0/8 subnet on the private side.
I want to allow a certain section of the subnet (say 10.0.0.2 – 10.0.31.254) to access the internet via linux router but not the rest of the network(10.0.32.1 – 10.255.255.254)
I have tried iptables -t nat -A POSTROUTING -s 10.0.0.0/19 -o eth0 -j MASQUERADE
10.0.0.0/19 is 10.0.0.2 – 10.0.31.254
but with that none of the workstations can access the net
I know the entire 10.0.0.0/8 is 16,777,214 ip addresses but I have my reasons
Thankyou
Best Answer
I figured it out via this question How to allow a range of IP's with IPTABLES?
its:
iptables -t nat -A POSTROUTING -m iprange --src-range (start ip)-(end ip) -o eth0 -j MASQUERADE
example: iptables -t nat -A POSTROUTING -m iprange --src-range 10.0.0.2-10.0.31.255 -o eth0 -j MASQUERADE