On Mon, Jul 15, 2019 at 09:31:49PM +0200, Fernando Fernandez Mancera wrote: > 14:51:00.024418 IP 192.168.122.1.41462 > netfilter.90: Flags [S], seq > 4023580551, > 14:51:00.024454 IP netfilter.90 > 192.168.122.1.41462: Flags [S.], seq > 727560212, ack 4023580552, > 14:51:00.024524 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1, > > Note: here, synproxy will send a SYN to the real server, as the 3whs was > completed sucessfully. Instead of a syn/ack that we can intercept, we instead > received a reset packet from the real backend, that we forward to the original > client. However, we don't use the correct sequence number, so the reset is not > effective in closing the connection coming from the client. > > 14:51:00.024550 IP netfilter.90 > 192.168.122.1.41462: Flags [R.], seq > 3567407084, > 14:51:00.231196 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1, > 14:51:00.647911 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1, > 14:51:01.474395 IP 192.168.122.1.41462 > netfilter.90: Flags [.], ack 1, Applied, thanks Fernando.