From owner-freebsd-pf@FreeBSD.ORG Fri Feb 6 19:55:31 2015 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9E6F5809 for ; Fri, 6 Feb 2015 19:55:31 +0000 (UTC) Received: from mx2.security.edu.pl (mx2.security.edu.pl [91.197.89.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5205A33F for ; Fri, 6 Feb 2015 19:55:30 +0000 (UTC) Received: from mx2.security.edu.pl (mx2.security.edu.pl [192.168.34.10]) by mx2.security.edu.pl (Postfix) with ESMTP id 37E9542960B for ; Fri, 6 Feb 2015 20:45:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=i-pi.pl; s=dkim; t=1423251948; bh=wwmAdtbJpwCtMBR5Yd0oWSxZKXCZjFiUSKKD154kvmE=; h=Date:From:To:Subject; b=MoeMDBpaDV7vKuIYP7m+WjoqlSwqOw1y6cQT6LSG7tajywWeSSSFQDf/Sdp9NsUD7 BET9YVJ91HNljLF2x0UpJBjp5ZLDrlF2fRNTpv9Yly4+IkgOl56btJJ2jfPcVsewBw aNlrETrjAOMHXuIEXHipH5aqTTKUcEukos9okVII= Received: from pocztav2.i-pi.pl (unknown [192.168.34.11]) by mx2.security.edu.pl (Postfix) with ESMTPA id CE61F429609 for ; Fri, 6 Feb 2015 20:45:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=i-pi.pl; s=dkim; t=1423251947; bh=wwmAdtbJpwCtMBR5Yd0oWSxZKXCZjFiUSKKD154kvmE=; h=Date:From:To:Subject; b=WLxAQhfCl/g8qQ775dKjDA3JfriYhoewdnfL5COB4/Sx0zYINVd1s/H3lu8N2f8Z1 z6i3Fj32W8POiWWghazyN2/eX+vkh2SAjJAmcEZkVC5f+UUa6OFQykQVezc0278J/S g7f0qkGaLP2Uk/0UVGG9uEKmBWESEGtzCeLglS1Y= MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_1ed02fc24531505b1970ef6ca1fcb439" Date: Fri, 06 Feb 2015 20:45:47 +0100 From: Adrian Huryn To: freebsd-pf@freebsd.org Subject: FreeBSD 10 + reverse ftp-proxy Organization: i-Pi sp. z o.o. Message-ID: X-Sender: ahuryn@i-pi.pl User-Agent: Roundcube Webmail/1.0.3 X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2015 19:55:31 -0000 --=_1ed02fc24531505b1970ef6ca1fcb439 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed Hello. I search little @google for this problem but i can't find any good solution for it. I have 2 pureftpd servers in my DMZ. FTP 1 INTERNET > 212.12.12.1:2121 > 192.168.34.12:2121 FTP 2 INTERNET > 212.12.12.2:2121 > 192.168.34.19:2121 And i try to set reverse proxy for it, i add to my pf.conf anchor "ftp-proxy/*" pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port 2121 flags S/SAFR modulate state divert-to lo0 port 9021 pass in log 212.12.12.2 inet proto tcp from any to 212.12.12.2 port 2121 flags S/SAFR modulate state divert-to lo0 port 9022 And i run 2 x ftp-proxy ftp-proxy -p 9021 -R 192.168.34.12 -P 2121 -D7 -v ftp-proxy -p 9022 -R 192.168.34.19 -P 2121 -D7 -v But when i try to check pf.conf syntax i got this error : /etc/pf.conf:106: syntax error 106: pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port 2121 flags S/SAFR modulate state divert-to lo0 port 9021 My uname -a : FreeBSD cerber 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 21:02:49 UTC 2014 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Thanks for help. Best regards. --=_1ed02fc24531505b1970ef6ca1fcb439 Content-Transfer-Encoding: base64 Content-Type: text/plain; name=pubkey.asc Content-Disposition: attachment; filename=pubkey.asc; size=1 IA== --=_1ed02fc24531505b1970ef6ca1fcb439--