The reason is because you have a dynamic IP address and when your Internet connection first comes up, IP Masquerade doesn't know its IP address. There is a solution to this. In your /etc/rc.d/rc.firewall-* ruleset, add the following:
# Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this # following option. This enables dynamic-ip address hacking in IP MASQ, making # the life with Diald and similar programs much easier. # echo "1" > /proc/sys/net/ipv4/ip_dynaddr |