I had the same problem with a 3.6 firewall. I was load balancing over two WAN connections and needed to force all AIM connections through one of them - apparently aol doesn't like seeing multiple source IP's. Below is the section of my pf.conf that fixed it
# aim bypass rule - needed to go out only one interface pass in on $int_if route-to ($ext_if1 $ext_gw1) \ proto tcp from $lan_net to any port 5190 flags S/SA modulate state Cheers, Brian On Fri, 25 Mar 2005 13:03:38 -0500, florian mosleh <[EMAIL PROTECTED]> wrote: > Hello, > > I have a new firewall in development for the college i work at. I have tried > extensively googling this issue in various ways and have not managed to find > anything that seems pertinent. > > Essentially, the problem I'm having is that a client that connects to the > internet through the new firewall (pf on openbsd 3.6) has problems > establishing > a connection to AIM (login.oscar.aol.com). I have performed severl ethereal > packet sniffing sessions and can confirm that there is a successful connection > established between the server and the client and then it just drops. Usually > after about an hour or two of stubborn retrying and waiting it eventually > works. > > Are there any possible pf configuration snafus that could be at fault? > > The only other factor that I see as possibly contributing to the problem (i'm > not sure how) is that the internet connection is a set of 4 bonded t1s, but > I've > been given the impression that this shouldn't make a difference. > > Thanks. > > -- > Florian Mosleh > Network & Admin. Support Manager > Capitol College > > 301.369.2800 ext.2040 > 800.950.1992 ext.2040 > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. >