adsl and firewall problems when connection drops

RoadRunner

Hi,

Everyday my adsl connection goes down for a few seconds. when it does, it changes the ip. I have configured pppoe.conf to auto-connect and actually that part is working great. When the connection goes down it will auto connect again, set the default route, everything. The problem is, the firewall must be reloaded. And that's the tricky part. I've tried 2 ways:

1- set on pppoe.conf FIREWALL=NONE and put the script on ip-up. This way when the connection is reconnected, the firewall is executed BUT for some reason I can't ping nothing outside my lan. Even pinging the dns's is blocked. If I manually run the script inside ip-up, everything is ok again. I know ip-up is being executed cause I used a > to /tmp/file

2 - set on pppoe.conf FIREWALL=MASQUERADE and put my firewall rules there. This get's the exact same behaviour as the previous one. The firewall script is executed but everything is blocked until I manually execute the script.

The script has flush rules at the begginning, so it flushes everything before starting to add rules. then is starts to load my own rules. Btw, script uses iptables.

For me, what really puzzles me is that if I log in and execute the script, everything is fine. but putting the script on ip-up or firewall-mask (or in ip-up telling it to execute my script) gives no result, although the rules are flushed and loaded.

Any kind of help will be very apreciated.

Thanks in advance

Crg · Guru Joined: 29 May 2002 Posts: 345 Location: London

RoadRunner · Posted: Mon Jul 07, 2003 6:43 pm Post subject:

Actually I don't have. Gonna try it now and will post the result.

Thanks for the reply

[edit] - That didn't worked. I got the exact same problem. have to manually execute the script (the exact same script, actually I execute /etc/ppp/firewall-masq) and it was back to normal. Now, if I can manually execute the file, it runs with no problem and everything works, what can be wrong?

madchaz · Posted: Mon Jul 07, 2003 9:17 pm Post subject:

a temporary work around would be to have a cron job run the script, say ever minute.

btw, in your script, do you use $ppp0 to symbolise the IP adress?
_________________
Someone asked me once if I suffered from mental illness. I told him I enjoyed every second of it.

Crg · Guru Joined: 29 May 2002 Posts: 345 Location: London

RoadRunner · Posted: Mon Jul 07, 2003 11:45 pm Post subject:

yeah, a cron job probably would do it, but that's not a very elegant solution.

Yes, I use a IP based NAT rule, here's the rule:

Crg · Guru Joined: 29 May 2002 Posts: 345 Location: London

RoadRunner · Posted: Tue Jul 08, 2003 1:10 am Post subject:

Guess what! It did work!!! YEAH!!

Thank you so much crg and madchaz! I couldn't have figured this out alone!

Thanks also to Humpback at the portuguese forum who also pointed to this solution.

Really thanks =) I know i'm repeating myself, but this was really a big problem to me and I was trying to solve it for wuite some time now. thanks a million!