Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
adsl and firewall problems when connection drops
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
RoadRunner
Moderator
Moderator


Joined: 12 Jun 2002
Posts: 490
Location: Coimbra, Portugal

PostPosted: Mon Jul 07, 2003 5:52 pm    Post subject: adsl and firewall problems when connection drops Reply with quote

Hi,

Everyday my adsl connection goes down for a few seconds. when it does, it changes the ip. I have configured pppoe.conf to auto-connect and actually that part is working great. When the connection goes down it will auto connect again, set the default route, everything. The problem is, the firewall must be reloaded. And that's the tricky part. I've tried 2 ways:

1- set on pppoe.conf FIREWALL=NONE and put the script on ip-up. This way when the connection is reconnected, the firewall is executed BUT for some reason I can't ping nothing outside my lan. Even pinging the dns's is blocked. If I manually run the script inside ip-up, everything is ok again. I know ip-up is being executed cause I used a > to /tmp/file

2 - set on pppoe.conf FIREWALL=MASQUERADE and put my firewall rules there. This get's the exact same behaviour as the previous one. The firewall script is executed but everything is blocked until I manually execute the script.

The script has flush rules at the begginning, so it flushes everything before starting to add rules. then is starts to load my own rules. Btw, script uses iptables.

For me, what really puzzles me is that if I log in and execute the script, everything is fine. but putting the script on ip-up or firewall-mask (or in ip-up telling it to execute my script) gives no result, although the rules are flushed and loaded.

Any kind of help will be very apreciated.

Thanks in advance
Back to top
View user's profile Send private message
Crg
Guru
Guru


Joined: 29 May 2002
Posts: 345
Location: London

PostPosted: Mon Jul 07, 2003 6:31 pm    Post subject: Re: adsl and firewall problems when connection drops Reply with quote

RoadRunner wrote:

For me, what really puzzles me is that if I log in and execute the script, everything is fine. but putting the script on ip-up or firewall-mask (or in ip-up telling it to execute my script) gives no result, although the rules are flushed and loaded.

Any kind of help will be very apreciated.

Thanks in advance


Do you have

Code:

echo "1" > /proc/sys/net/ipv4/ip_dynaddr


set?
Back to top
View user's profile Send private message
RoadRunner
Moderator
Moderator


Joined: 12 Jun 2002
Posts: 490
Location: Coimbra, Portugal

PostPosted: Mon Jul 07, 2003 6:43 pm    Post subject: Reply with quote

Actually I don't have. Gonna try it now and will post the result.

Thanks for the reply

[edit] - That didn't worked. I got the exact same problem. have to manually execute the script (the exact same script, actually I execute /etc/ppp/firewall-masq) and it was back to normal. Now, if I can manually execute the file, it runs with no problem and everything works, what can be wrong?
Back to top
View user's profile Send private message
madchaz
l33t
l33t


Joined: 01 Jul 2003
Posts: 979
Location: Quebec, Canada

PostPosted: Mon Jul 07, 2003 9:17 pm    Post subject: Reply with quote

a temporary work around would be to have a cron job run the script, say ever minute.

btw, in your script, do you use $ppp0 to symbolise the IP adress?
_________________
Someone asked me once if I suffered from mental illness. I told him I enjoyed every second of it.
www.madchaz.com Under heavy reconstruction. Bring a hardhat.
Back to top
View user's profile Send private message
Crg
Guru
Guru


Joined: 29 May 2002
Posts: 345
Location: London

PostPosted: Mon Jul 07, 2003 10:35 pm    Post subject: Reply with quote

madchaz wrote:
a temporary work around would be to have a cron job run the script, say ever minute.

btw, in your script, do you use $ppp0 to symbolise the IP adress?


That's a good point - do you use rules based on IP address or interface?
Back to top
View user's profile Send private message
RoadRunner
Moderator
Moderator


Joined: 12 Jun 2002
Posts: 490
Location: Coimbra, Portugal

PostPosted: Mon Jul 07, 2003 11:45 pm    Post subject: Reply with quote

yeah, a cron job probably would do it, but that's not a very elegant solution.

Yes, I use a IP based NAT rule, here's the rule:

Code:

/sbin/iptables -t nat -A POSTROUTING -o $PPP -j SNAT --to $IP


where $PPP is the interface and $IP the current ip. They are being "calculated" correctly btw.

thanks for all your help so far =)
Back to top
View user's profile Send private message
Crg
Guru
Guru


Joined: 29 May 2002
Posts: 345
Location: London

PostPosted: Mon Jul 07, 2003 11:59 pm    Post subject: Reply with quote

RoadRunner wrote:

Code:

/sbin/iptables -t nat -A POSTROUTING -o $PPP -j SNAT --to $IP


where $PPP is the interface and $IP the current ip. They are being "calculated" correctly btw.


Ah right - you will have problems. Is there any reason you don't use:
Code:

/sbin/iptables -t nat -A POSTROUTING -o $PPP -j MASQUERADE


RoadRunner wrote:

thanks for all your help so far =)


Hope it does :)
Back to top
View user's profile Send private message
RoadRunner
Moderator
Moderator


Joined: 12 Jun 2002
Posts: 490
Location: Coimbra, Portugal

PostPosted: Tue Jul 08, 2003 1:10 am    Post subject: Reply with quote

Guess what! It did work!!! YEAH!!

Thank you so much crg and madchaz! I couldn't have figured this out alone!

Thanks also to Humpback at the portuguese forum who also pointed to this solution.

Really thanks =) I know i'm repeating myself, but this was really a big problem to me and I was trying to solve it for wuite some time now. thanks a million!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum