From owner-freebsd-pf@FreeBSD.ORG  Sat Feb  7 16:54:25 2015
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A830F10A
 for <freebsd-pf@freebsd.org>; Sat,  7 Feb 2015 16:54:25 +0000 (UTC)
Received: from oslo.ath.cx (oslo.ath.cx [IPv6:2a01:4f8:200:42e4::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "oslo.ath.cx", Issuer "oslo.ath.cx" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 21DEED14
 for <freebsd-pf@freebsd.org>; Sat,  7 Feb 2015 16:54:24 +0000 (UTC)
Received: by oslo.ath.cx (OpenSMTPD) with ESMTP id e9da0663
 for <freebsd-pf@freebsd.org>; Sat, 7 Feb 2015 17:54:21 +0100 (CET)
Date: Sat, 7 Feb 2015 17:54:21 +0100
From: "Herbert J. Skuhra" <herbert@oslo.ath.cx>
To: freebsd-pf@freebsd.org
Subject: Re: FreeBSD 10 + reverse ftp-proxy
Message-ID: <20150207165421.GA82206@oslo.ath.cx>
References: <fd101d25e5407d1c6cc7f4212a774ec7@i-pi.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <fd101d25e5407d1c6cc7f4212a774ec7@i-pi.pl>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Feb 2015 16:54:25 -0000

On Fri, Feb 06, 2015 at 08:45:47PM +0100, Adrian Huryn wrote:
> Hello.
> I search little @google for this problem but i can't find any good 
> solution for it.
> 
> I have 2 pureftpd servers in my DMZ.
> 
> FTP 1
> INTERNET > 212.12.12.1:2121 > 192.168.34.12:2121
> 
> FTP 2
> INTERNET > 212.12.12.2:2121 > 192.168.34.19:2121
> 
> And i try to set reverse proxy for it, i add to my pf.conf
> anchor "ftp-proxy/*"
> pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port 2121 
> flags S/SAFR modulate state divert-to lo0 port 9021
> pass in log 212.12.12.2 inet proto tcp from any to 212.12.12.2 port 2121 
> flags S/SAFR modulate state divert-to lo0 port 9022
> 
> And i run 2 x ftp-proxy
> 
> ftp-proxy -p 9021 -R 192.168.34.12 -P 2121 -D7 -v
> ftp-proxy -p 9022 -R 192.168.34.19 -P 2121 -D7 -v
> 
> But when i try to check pf.conf syntax i got this error :
> /etc/pf.conf:106: syntax error
> 106: pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port 
                 ^^^^ 
> 2121 flags S/SAFR modulate state divert-to lo0 port 9021

To fix syntax error, have you tried to remove the IP address after the
log or replace it with 'on $ext_if'? 

-- 
Herbert