Hi all,
Got an interesting problem here.
I'm setting up a firewall to share a dial-up connection onto a LAN. I think I can handle most of the IPTABLES stuff except for one or two issues:

I have two different connections - one when I dial the ISP, and one when they dial me. (long story). When the ISP dials me, I have a fixed IP address. I can quite happily NAT between inside and outside, but when I dial the ISP, using a different connection profile, I get a dynamic IP. How can I set up NAT rules in IPTABLES when I don't know the IP address? Alternatively, how can I find out the IP address on-the-fly? I'd like to use the ppp-up script or similar to set up IPTABLES rules, but i don't know how to set them up for a dynamic IP.
Other thing is: I have the box accepting a dial-in OK, but I've never set up dial-out before. Any pointers/gotchas? (This machine doesn't have a desktop or GUI or anything, so it's all gotta be done with scripts or command-line.)

IPTABLES will accept adapters in it's rules... eg. IPTABLES -A INPUT -ppp0 -j ACCEPT

Where ppp0 can be a dialup adapter etc... the rule will only work when the adapter is up (obviously).

Have a read of the IPTABLES HOWTO at www.tldp.org or www.netfilter.org. The author (Rusty Russell) has written a pretty good HOWTO at www.netfilter.org, so try there first.

Cya round
Jinx

It's not just the ACCEPT and DROP I'm after, its the SNAT for machines on the inside. What do I SNAT them to? I'll check out those docs. Thanks.

It sound's like you want to MASQ (form of SNAT). Basically, you don't need to know the ppp adapter address (ie. dialup), as it works it out based on the adapter:

IPTABLES -A POSTROUTING -i ppp0 -j MASQUERADE

By now you have probably read the docs on www.netfilter.org. They would offer a better explaination than I could. :)

Cya round
Jinx