<font color='black' size='2' face='Arial, Helvetica, sans-serif'>
<div>Follow up on FreeBSD's traffic and syndrome looks like :</div>
<div><br>
</div>
<div><br>
</div>
<div>With stunnel's transparent set option traffic looks like :</div>
<div><br>
</div>
<div>19:31:34.162337 IP 192.168.103.69.52671 > 127.0.0.1.80: Flags [S], seq</div>
<div>2050938762, win 65535, options [mss 16344,nop,wscale 3,sackOK,TS val</div>
<div>7437993 ecr 0], length 0</div>
<div>19:31:37.153079 IP 192.168.103.69.52671 > 127.0.0.1.80: Flags [S], <snip>..</div>
<div>19:31:40.351804 IP 192.168.103.69.52671 > 127.0.0.1.80: Flags [S], <snip> ..</div>
<div>19:31:43.550543 IP 192.168.103.69.52671 > 127.0.0.1.80: Flags [S], seq</div>
<div>2050938762, win 65535, options [mss 16344,sackOK,eol], length 0</div>
<div><br>
</div>
<div>...</div>
<div><br>
</div>
<div>
<div>2011.01.07 19:32:55 LOG7[6662:34378629568]: Service ssh_proxy accepted FD=13 from 192.168.103.69:52673</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Service ssh_proxy started</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: FD=13 in non-blocking mode</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Option TCP_NODELAY set on local socket</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Waiting for a libwrap process</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Acquired libwrap process #0</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Releasing libwrap process #0</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Released libwrap process #0</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Service ssh_proxy permitted by libwrap from 192.168.103.69:52673</div>
<div>2011.01.07 19:32:55 LOG5[6662:34379125184]: Service ssh_proxy accepted connection from 192.168.103.69:52673</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): before/accept initialization</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 read client hello A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 write server hello A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 write certificate A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 write server done A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 flush data</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 read client key exchange A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 read finished A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 write change cipher spec A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 write finished A</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: SSL state (accept): SSLv3 flush data</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 1 items in the session cache</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 client connects (SSL_connect())</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 client connects that finished</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 client renegotiations requested</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 1 server connects (SSL_accept())</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 1 server connects that finished</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 server renegotiations requested</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 session cache hits</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 external session cache hits</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 session cache misses</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: 0 session cache timeouts</div>
<div>2011.01.07 19:32:55 LOG6[6662:34379125184]: SSL accepted: new session negotiated</div>
<div>2011.01.07 19:32:55 LOG6[6662:34379125184]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: FD=14 in non-blocking mode</div>
<div>2011.01.07 19:32:55 LOG6[6662:34379125184]: connect_blocking: connecting 127.0.0.1:80</div>
<div>2011.01.07 19:32:55 LOG5[6662:34379125184]: connect_blocking: connected 127.0.0.1:80</div>
<div>2011.01.07 19:32:55 LOG5[6662:34379125184]: Service ssh_proxy connected remote server from 127.0.0.1:30326</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Remote FD=14 initialized</div>
<div>2011.01.07 19:32:55 LOG7[6662:34379125184]: Option TCP_NODELAY set on remote socket</div>
<div>2011.01.07 19:32:58 LOG7[6662:34379125184]: SSL socket closed on SSL_read</div>
<div>2011.01.07 19:32:58 LOG7[6662:34379125184]: Socket write shutdown</div>
<div>2011.01.07 19:32:58 LOG5[6662:34379125184]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket</div>
<div>2011.01.07 19:32:58 LOG7[6662:34379125184]: Service ssh_proxy finished (0 left)</div>
<div><br>
</div>
</div>
<div><font class="Apple-style-span" face="monospace" size="3"><span class="Apple-style-span" style="font-size: 12px; white-space: pre;"><font class="Apple-style-span" face="Arial, Helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px; white-space: normal;">
<div>Without transparent, traffic flows fine, and looks like :</div>
<div><br>
</div>
<div>19:32:55.883404 IP 127.0.0.1.30326 > 127.0.0.1.80: Flags [S], seq</div>
<div>2147354729, win 65535, options [mss 16344,nop,wscale 3,sackOK,TS val</div>
<div>7446169 ecr 0], length 0</div>
<div>19:32:55.883575 IP 127.0.0.1.80 > 127.0.0.1.30326: Flags [S.], seq</div>
<div>2770470513, ack 2147354730, win 65535, options [mss 16344,nop,wscale</div>
<div>3,sackOK,TS val 1229815108 ecr 7446169], length 0</div>
<div>19:32:55.883589 IP 127.0.0.1.30326 > 127.0.0.1.80: Flags [.], ack 1, win</div>
<div>8960, options [nop,nop,TS val 7446169 ecr 1229815108], length 0</div>
<div><br>
</div>
</span></font></span></font></div>
</font>