Shorewall users - Oct 2010 - Shorewall help with 3 ISPs - 2 static, 1 dhcp

Hi there,

Quick info: Running Ubuntu 10.04, Shorewall version 4.4.13.3. We have three
ISP''s, eth0, eth1, and eth3. Eth0 and eth1 get their IPs statically and
eth3
gets it via DHCP. eth4 goes out to the local network and dnsmasq acts as the
DHCP server and DNS forwarder on this interface.

Things for the most part run fine, but every week (on Wednesday afternoons)
the internet crawls to a stand still. Some sites still work, but most
don''t.
Interestingly, I can ping all websites from the local zone and the operating
system will show you as connected to the internet, but most sites will not
load. After restarting the computer running shorewall and tinkering with
commands (sudo /etc/init.d/networking restart), things return to normal.

After reading the dhcp.htm support page, I assume the problem lies here:
"In
the event that the subnet address might change while Shorewall is started,
you need to arrange for a “shorewall refresh” command to be executed when a
new dynamic IP address gets assigned to the interface. Check your DHCP
client''s documentation."

I assume this is what is happening and have consulted Ubuntu''s
dhclient''s
documentation but can''t find how to execute a command upon a new
dynamic ip
assignment.

I have attached relevant configuration files in case the problem lies deeper
than a simple tweak of dhclient. If you need more information, let me know.

Thank you greatly for any help.
Matt

/etc/network/interfaces:

auto eth0
iface eth0 inet static
    address 75.101.48.152
    netmask 255.255.255.0

auto eth1
iface eth1 inet static
    address 75.101.48.160
    netmask 255.255.255.0

auto eth3
iface eth3 inet dhcp

auto eth4
iface eth4 inet static
    address 192.168.1.1
    network 192.168.1.0
    netmask 255.255.255.0
    broadcast 192.168.1.255

Shorewall Zones:

fw      firewall
net     ipv4
loc     ipv4

Shorewall Interfaces:

net     eth0            detect
net     eth1            detect
net     eth3            detect          dhcp
loc     eth4            detect          dhcp

Providers:

SON1    1       0x1     main            eth0      75.101.48.1
track,balance   eth4
SON2    2       0x2     main            eth1      75.101.48.1
track,balance   eth4
SON3    3       0x3     main            eth3      detect
track,balance   eth4

Route Rules:

eth0                    -                       SON1            1000
eth1                    -                       SON2            1000
eth3                    -                       SON3            1000

Masq:

eth0   192.168.1.0/24   75.101.48.152
eth1   192.168.1.0/24   75.101.48.160
eth3   192.168.1.0/24   detect

Policy:

loc     net     ACCEPT
fw      all     ACCEPT
net     all     DROP            info
all     all     REJECT

shorewall.conf:

(the settings i changed)

STARTUP_ENABLED=Yes
MARK_IN_FORWARD_CHAIN=Yes
FASTACCEPT=Yes
OPTIMIZE=1


------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev