Thank u for ur reply. In the same server I am using squid for blocking some sites. Using squid it is going fine.But for top people i need around 20 systems without squid.I dont want to block any sites. In my current iptable rule , i gave ip,subnet,gateway i.e server ip and dns in the network settings for above said 20 systems of top level people. They use without restriction.
Others are under squid for them i gave ip , subnet and in the browser setting i mention server ip and port address i.e 3128 in the lan setting of connection and i tick use proxy server .
Using squid we block some sites as well as we allow internet for some ip for some time and some other for other time according to our company rules. It is fine.
Problem here most of persons know the gate way ip i.e server ip and dns. They give in the network setting and untick the use proxy server in the browser and use without our knowledge. Now they can access all the sites in all time. So we can not manage, the speed get slow. I shocked .
We need both squid for restricted users and For top people I want without squid.
These type of network settings we only know but unfortunately most of persons also know.
They should know administrator password of their systems because of their project. we can not restrict them. Thats why they are able to change network settings.
Finally what i want is even if they give gateway and dns in the network settings, they should not able to browse.
What ever ips i permit to browse they can only browse without squid Ex. the above 20 systems of top level people.
How to make rules to allow above 20 systems ips of top people using iptable.