# adsl and firewall problems when connection drops

## RoadRunner

Hi,

Everyday my adsl connection goes down for a few seconds. when it does, it changes the ip. I have configured pppoe.conf to auto-connect and actually that part is working great. When the connection goes down it will auto connect again, set the default route, everything. The problem is, the firewall must be reloaded. And that's the tricky part. I've tried 2 ways:

1- set on pppoe.conf FIREWALL=NONE and put the script on ip-up. This way when the connection is reconnected, the firewall is executed BUT for some reason I can't ping nothing outside my lan. Even pinging the dns's is blocked. If I manually run the script inside ip-up, everything is ok again. I know ip-up is being executed cause I used a > to /tmp/file

2 - set on pppoe.conf FIREWALL=MASQUERADE and put my firewall rules there. This get's the exact same behaviour as the previous one. The firewall script is executed but everything is blocked until I manually execute the script. 

The script has flush rules at the begginning, so it flushes everything before starting to add rules. then is starts to load my own rules. Btw, script uses iptables.

For me, what really puzzles me is that if I log in and execute the script, everything is fine. but putting the script on ip-up or firewall-mask (or in ip-up telling it to execute my script) gives no result, although the rules are flushed and loaded.

Any kind of help will be very apreciated.

Thanks in advance

----------

## Crg

 *RoadRunner wrote:*   

> 
> 
> For me, what really puzzles me is that if I log in and execute the script, everything is fine. but putting the script on ip-up or firewall-mask (or in ip-up telling it to execute my script) gives no result, although the rules are flushed and loaded.
> 
> Any kind of help will be very apreciated.
> ...

 

Do you have 

```

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

```

set?

----------

## RoadRunner

Actually I don't have. Gonna try it now and will post the result.

Thanks for the reply

[edit] - That didn't worked. I got the exact same problem. have to manually execute the script (the exact same script, actually I execute /etc/ppp/firewall-masq) and it was back to normal. Now, if I can manually execute the file, it runs with no problem and everything works, what can be wrong?

----------

## madchaz

a temporary work around would be to have a cron job run the script, say ever minute. 

btw, in your script, do you use $ppp0 to symbolise the IP adress?

----------

## Crg

 *madchaz wrote:*   

> a temporary work around would be to have a cron job run the script, say ever minute. 
> 
> btw, in your script, do you use $ppp0 to symbolise the IP adress?

 

That's a good point - do you use rules based on IP address or interface?

----------

## RoadRunner

yeah, a cron job probably would do it, but that's not a very elegant solution.

Yes, I use a IP based NAT rule, here's the rule:

```

/sbin/iptables -t nat -A POSTROUTING -o $PPP -j SNAT --to $IP

```

where $PPP is the interface and $IP the current ip. They are being "calculated" correctly btw.

thanks for all your help so far =)

----------

## Crg

 *RoadRunner wrote:*   

> 
> 
> ```
> 
> /sbin/iptables -t nat -A POSTROUTING -o $PPP -j SNAT --to $IP
> ...

 

Ah right - you will have problems.  Is there any reason you don't use:

```

/sbin/iptables -t nat -A POSTROUTING -o $PPP -j MASQUERADE

```

 *RoadRunner wrote:*   

> 
> 
> thanks for all your help so far =)
> 
> 

 

Hope it does  :Smile: 

----------

## RoadRunner

Guess what! It did work!!! YEAH!!

Thank you so much crg and madchaz! I couldn't have figured this out alone!

Thanks also to Humpback at the portuguese forum who also pointed to this solution. 

Really thanks =) I know i'm repeating myself, but this was really a big problem to me and I was trying to solve it for wuite some time now. thanks a million!

----------

