From owner-freebsd-pf@FreeBSD.ORG  Sat Dec 16 23:25:52 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7707416A403
	for <freebsd-pf@freebsd.org>; Sat, 16 Dec 2006 23:25:52 +0000 (UTC)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 40B2643CC4
	for <freebsd-pf@freebsd.org>; Sat, 16 Dec 2006 23:25:43 +0000 (GMT)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	by insomnia.benzedrine.cx (8.13.4/8.13.4) with ESMTP id kBGNPjcN014865
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Sun, 17 Dec 2006 00:25:45 +0100 (MET)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.13.4/8.12.10/Submit) id kBGNPeBB017443;
	Sun, 17 Dec 2006 00:25:40 +0100 (MET)
Date: Sun, 17 Dec 2006 00:25:40 +0100
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Martijn Broeders - HUB Labs <m.broeders@hublabs.nl>
Message-ID: <20061216232540.GO6704@insomnia.benzedrine.cx>
References: <1DDD0EBB36ACA443BD81C8243F7051CD844B@exchsrvr1.hub.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1DDD0EBB36ACA443BD81C8243F7051CD844B@exchsrvr1.hub.local>
User-Agent: Mutt/1.5.10i
Cc: freebsd-pf@freebsd.org
Subject: Re: ADSL modem in bridged mode
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Dec 2006 23:25:52 -0000

On Sat, Dec 16, 2006 at 02:54:23PM +0100, Martijn Broeders - HUB Labs wrote:

> self tcp 192.168.0.2:80 <- 217.194.110.35:80 <- 213.84.86.15:35452
> PROXY:DST
> 
> Can someone tell me what is means? And why does the redirection fail to
> the internal webserver?

Most likely that 192.168.0.2's default route does not point back
to the pf box (192.168.0.1).

synproxy has completed the handshake with the external client. It is now
replaying the handshake with the server. It has sent the SYN to the
server and is waiting for the SYN+ACK from the server. Which doesn't
arrive.

Daniel