Shorewall help needed to send an ip only to a specific address
 

I have set up a firewall on my server/router and would like to send anyone with a specific IP (such as 192.168.1.130) to my firewall (running apache - with IP 192.168.1.1) when they attempt to access the internet (but everyone else with other IPs could continue on to the internet.

I am confused with the terminology. I am using webmin with shorewall. I think under rules, I need my loc zone with the specific IP address to either REDIRECT or DNAT to another IP, but the phrasing is unhelpful in the documentation.

Any and all help is appreciated! Thanks.

FYI: My zones are "loc" for inner network, "net" for internet, and "fw" for firewall.

All traffic is flowing through the firewall - else it would be useless.
The firewalls rules are applied to that traffic.
You want to block specific IP's inside your LAN from making outgoing connections to the internet while allowing all others to do that?

Maybe rephrasing it this way helps?

The more lengthy story is that I have split my network in dhcpd.conf file with specific IP's given to trusted hosts (via MAC addresses), and for all other clients I want to provide a non-encrypted network that goes to one site - On my firewall.

I do not want them to reach the Internet!

So as you said...

Yes.

Thanks for having me clarify - hopefully it helps :)

I still have been unable to solve this - Anyone with any ideas?

Do you want to only redirect port 80/443 (HTTP/HTTPS) traffic? What do you want to occur for all other TCP/IP traffic for the restricted clients?

If someone could direct me in how to redirect ports 80/443 I could figure out how to add/change anything in the future.

For now, just redirecting ports 80 and 443 would be sufficient to help me out - thanks :)