On Fri, 2005-03-25 at 13:03, florian mosleh wrote:
> The only other factor that I see as possibly contributing to the problem (i'm
> not sure how) is that the internet connection is a set of 4 bonded t1s, but
> I've
> been given the impression that this shouldn't make a difference.
you're pretty light on details--so the quality of help you receive is
going to reflect that.
the only thing that jumps out at me is that awhile back, AOL changed its
login process such that the user actually connects to about 4 different
servers in order to complete the login process. if the user's source IP
changes during this process--the login fails.
if you are performing outbound NAT for your clients and using a pool of
addresses like so:
nat on $outside inet from $inside_nets to any -> $nat_pool round-robin
(where prefix length of $nat_pool < 32)
try adding "sticky-address" for TCP 5190 connections (this obviously
must come before the previous rule):
nat on $outside inet proto tcp from $inside_nets to any port = 5190 \
-> $nat_pool sticky-address
if this doesn't help...well--what did you really expect?
-j
--
"Mr. Simpson, why are you here?
Don't say revenge! Don't say revenge!
Revenge?
That's it! I'm outta here!"
--The Simpsons
