It is the way routing works. If you have static routes pointing to all
of the IPs in a PM's pool, then *OF COURSE* it will bounce them back to
the ether is the person is not connected. If you use RIP/Proxy-ARP the
packets should never reach the PM in the first place.
User diconnects, ARP entry goes away. Packet from outside world comes
into your network, router can't find any machine claming to be that IP,
dead end route.
Sounds like you have something that doesn't go away that is telling the
routers to send traffic for that IP to the PM even when the IP is not in
use. And if the PM gets it and doesn't know what to do with it, and it
sees another route that may know the way - say the default router, it will
do what it is supposed to do and send it back out to the ether net.
>Now watch customers logging off or even better: losing their carriers
>in the middle of say: an http transaction. instant flood in the log via
>the deny statement. voila.
I do this all the time and don't get this problem. From what you've said
it sounds more like your particular network configuration and not a problem
we should hack around.
-MZ
-- Livingston Enterprises - Chair, Department of Interstitial Affairs Phone: 800-458-9966 510-426-0770 FAX: 510-426-8951 megazone@livingston.com For support requests: support@livingston.com <http://www.livingston.com/> Snail mail: 6920 Koll Center Parkway #220, Pleasanton, CA 94566 See me in person: Internet Expo, Boston, MA, October 16-17, Booth 422 ;-)