pppoe router and internal network lose internet connection when ppp0 IP is changed

[ionutv202003]

Hi guys,

I'm experiencing an annoying issue with an ADSL connection on FC4.

I connect to the internet via pppoe and I have a router set up on FC4. My ISP is assigning me a dynamic IP periodically. The problem occurs when the IP is changed. At that moment all internal network cannot connect to the internet no more. Pinging from internal network or from the router does not work anymore (normally it does). More, not even the router can access the internet after reassigning the IP. The IP is reassigned at arox each 30-40 minutes.

This is how file ifcfg-ppp0 looks like:

Code:

USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=yes
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=MASQUERADE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth0
PROVIDER=DSLppp0
USER=<username>
PEERDNS=yes
DEMAND=no
PERSIST=no
IPV6INIT=no

Another issue that is not clear to me here is that I have this file (ifcfg-ppp0) in 2 sepparate places: in /etc/sysconfig/network-scripts and in /etc/networking/devices. Both files have the exact content. Is this normal, to have it in 2 places? Does this have anything to do with the problems i'm experiencing? Where should this file be normally?

I also have a firewall on the router which looks like this:

Code:

#! /bin/bash

# chkconfig:  0123456 99 99
# description: Start routing
. /etc/rc.d/init.d/functions

RDS=ppp0
LOCAL=eth1

SERVER=192.168.10.1

B=213.157.165.121

function general()
{
    ifdown ifcfg-ppp0
    flush
}

start()
{
    echo $"Build network: "
    general
    ifup ifcfg-ppp0
    route
}

function forward()
{
    echo $"Route internal network: "

    #ppp0 must be marked for routing for this to work 
	#-> /etc/sysconfig/networking/devices/ifcfg-ppp0 must have FIREWALL=MASQUERADE
	#-> /etc/sysconfig/network-scripts/ifcfg-ppp0 musta have FIREWALL=MASQUERADE
    iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.10.0/24 -j MASQUERADE
    iptables -P FORWARD ACCEPT

    iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
}

function secure()
{
    echo $"Bringing up firewall:"
    echo $"Access rules..."
    iptables -I INPUT -i $RDS -s ! $B -j DROP
    iptables -I INPUT -s $B -j ACCEPT
    
    echo $"Ports..."
    #http
    iptables -I INPUT -p tcp --source-port 80 -j ACCEPT
    #ppoe
    iptables -I INPUT -p udp --source-port 53 -j ACCEPT
    #sendmail
    iptables -I INPUT -p tcp --source-port 25 -j ACCEPT
}

function route()
{
    forward
    
    secure

    echo $?
    return $?
}

reroute()
{
    flush
    route   
}

stop()
{
    general
}

flush()
{
    echo "Flush iptables"
    #flush all rules
    iptables -F
    iptables -F -t nat
}

case "$1" in
    start)
 start
 ;;
    stop)
 stop
 ;;
    restart)
 stop
 start
 ;;
    route)
 route
 ;;
    reroute)
 reroute
 ;;
     forward)
 forward
 ;;
     secure)
 secure
 ;;
     flush)
 flush
 ;;
    *)
 echo $"Usage: $0 {start|stop|restart|route|reroute|forward|secure|flush}"
 echo $"forward - will add rules for routing packages from internal network to the internet"
 echo $"secure - will add rules for restricting access from the internet to the server"
 echo $"flush - flush all rules (including nat table rules)"
 echo $"route - will do forward and secure"
 echo $"reroute - will do flush and route"
 
 exit 1
esac

exit $?

If, after IP is changed and I cannot access the internet no more, I flush the iptables rules and reload them I can normally access the internet again. But this leads to resetting all my internet connections (gaim, torrents, ssh and others). By reseting and reloading iptables rules I mean this:

Code:

    iptables -F
    iptables -F -t nat
    iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.10.0/24 -j MASQUERADE
    iptables -P FORWARD ACCEPT
    iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
    iptables -I INPUT -i $RDS -s ! $B -j DROP
    iptables -I INPUT -s $B -j ACCEPT
    iptables -I INPUT -p tcp --source-port 80 -j ACCEPT
    iptables -I INPUT -p udp --source-port 53 -j ACCEPT
    iptables -I INPUT -p tcp --source-port 25 -j ACCEPT

I have the exact same firewall from another router which uses pppoe to access the internet, but that router behaves normally when IP is reassigned.

Are there any other config files I have to check, any other things to do? Any idea is good. Am I doing something wrong?

Thanks for your help.