[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: perceived strange behavior



On Thu, 2004-09-09 at 19:49, Nick Buraglio wrote:
> I built an openbsd firewall for a group of people that I do some 
> consulting for from time to time to go in an apartment building that 
> serves about 150 - 175 college students. Overall the machine is doing a 
> stellar job doing NAT as well as some basic priq QoS.  The box is 
> running vanilla 3.5, no custom kernel yet, no over the top hardware.  
> Specs are p4 2.4ghz(I believe) intel mobo, rl chipset ethernet card and 
> onboard fxp chipset card.
> I'm seeing some strange behavior in one service though and I cannot 
> seem to figure out why.  Everything is working, as I said, except some 
> users are unable to use AIM.  Unfortunately I was unable to get any 
> tcpdump information before they took the box offline, but from 
> descriptions of the helpdesk people it only affects some people and I 
> can find no pattern as to who.  Has anyone seen similar behavior or am 
> I looking in the wrong place.  I saw no one else having similar issues 
> when checking through the archives, and I know that probably the only 
> way to tell is to get some traces from a user having issues, but I 
> figured I'd ask.
> I can provide as much information as needed if anyone wants it.  If 
> not, thanks for reading.
there was just a discussion about this on another mailing list.  by
chance are you using multiple IP's for outbound NAT?
it seems that AOL has changed it's login process such that the client
makes multiple connections, and if the IP the client is coming from
changes during this process--the "connection" fails.  i just tcpdumped a
login and i saw three connections:
1)  AIM sign-on server (64.12.161.185)
2)  AIM Generic Service server (64.12.24.65)
3)  AOL Instant Messenger server (205.188.176.90)
all use TCP Port 5190.  all three connections appear to stay open once
connected.  the simple solution appears to be to set a NAT rule that
only uses 1 translation IP for connections on TCP Port 5190.
-j
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
There are two problems with a major hangover. You feel like you are
going to die and you're afraid that you won't.
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~