iptables problem

[VeeDubb]

Okay, usingmy mandrake box a an internet gateway. Here's the results of ifconfig

eth0      Link encap:Ethernet  HWaddr 00:20:78:14:F1:19
         inet addr:24.0.0.1  Bcast:24.0.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:739 errors:0 dropped:0 overruns:0 frame:0
         TX packets:335 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:378368 (369.5 Kb)  TX bytes:48930 (47.7 Kb)
         Interrupt:11 Base address:0xd000

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:175 errors:0 dropped:0 overruns:0 frame:0
         TX packets:175 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:11529 (11.2 Kb)  TX bytes:11529 (11.2 Kb)

ppp0      Link encap:Point-to-Point Protocol
         inet addr:67.227.219.158  P-t-P:67.227.128.69  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1524  Metric:1
         RX packets:147 errors:0 dropped:0 overruns:0 frame:0
         TX packets:129 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:3
         RX bytes:175004 (170.9 Kb)  TX bytes:9504 (9.2 Kb)

usb0      Link encap:Ethernet  HWaddr FE:65:4E:EF:E2:75
         inet addr:192.168.129.1  Bcast:192.168.129.255  Mask:255.255.255.255
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:0 (0.0 b)  TX bytes:3528 (3.4 Kb)

 

my internet is on ppp0, and I'm tryng to let usb0 conect through me.

 

I have a script set up to make the connection as follows

#!/bin/bash

ifconfig usb0 192.168.129.1 netmask 255.255.255.255 up
route add -host 192.168.129.201 usb0
iptables -t nat -F
iptables -t nat -A POSTROUTING -j SNAT -o ppp0
echo 1 > /proc/sys/net/ipv4/ip_forward

 

When I run this script, I get the following error

[root@penpen stephen]# sh Zconnect.sh
SIOCADDRT: File exists
iptables v1.2.8: You must specify --to-source
Try `iptables -h' or 'iptables --help' for more information.

 

I have looked at iptables -h and it apears that I am supposed to add --to 'some ip-address' Problem is that ppp0 is a dynamic IP connection, so the IP changes at every connect.

 

Any help greatly appreciated.

[VeeDubb]

I almost forgot one iportant bit of info.

 

Here is an excertp from mnap iptables that explains snat, but it is 100% over my head, maybe one of you can decipher and tell me how to change my connect script. Thanks.

 

   SNAT
      This target is only valid in the nat table, in the  POSTROUTING  chain.
      It  specifies  that the source address of the packet should be modified
      (and all future packets in this connection will also be  mangled),  and
      rules should cease being examined.  It takes one type of option:

      --to-source  ipaddr[-ipaddr][:port-port]
             which  can  specify a single new source IP address, an inclusive
             range of IP addresses, and optionally, a port  range  (which  is
             only  valid if the rule also specifies -p tcp or -p udp).  If no
             port range is specified, then source ports  below  512  will  be
             mapped  to  other  ports  below  512: those between 512 and 1023
             inclusive will be mapped to ports below 1024,  and  other  ports
             will  be mapped to 1024 or above. Where possible, no port alter-
             ation will occur.

      You can add several --to-source options.  If you specify more
             than one source address, either via an address range or multiple
             --to-source  options, a simple round-robin (one after another in
             cycle) takes place between these adresses.

 

It's also possible that snat is the wrong protocal for a dynamic ip connection. I got my script from a "How-to" and did my best to fix it for me.

 

Also, I do not want any for of security at all between the internet and usb0. I want every available port open and don't care what some idiot hacker can see. usb0 is just my pda.

[VeeDubb]

Bump?