A bit of iptables help
Hey gals and guys,
I have a set of VMs on 10.0.0.0/27 and I give them access to the Internet with this rule:
iptables -t nat -A POSTROUTING -j MASQUERADE
which works fine.
The problem is that I want a specific one (say .4) (static IPs everywhere) to NOT have Internet access but still have LAN access and communicate with the host.
I found that an alternative invokation to the one I have been using would be:
iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -j MASQUERADE
but is there a way to exclude this specific VM?
Or, as another alternative, is the a command to manually allow masquerading for specific IPs only (and thus excluding .4 by simply not adding a rule for it)?
Edit: Host is XenServer, if it makes any difference (e.g. in respect to the RH-Firewall-* rules it has by default).