FreeBSD 10 + reverse ftp-proxy
Herbert J. Skuhra
herbert at oslo.ath.cx
Sat Feb 7 16:54:25 UTC 2015
On Fri, Feb 06, 2015 at 08:45:47PM +0100, Adrian Huryn wrote:
> Hello.
> I search little @google for this problem but i can't find any good
> solution for it.
>
> I have 2 pureftpd servers in my DMZ.
>
> FTP 1
> INTERNET > 212.12.12.1:2121 > 192.168.34.12:2121
>
> FTP 2
> INTERNET > 212.12.12.2:2121 > 192.168.34.19:2121
>
> And i try to set reverse proxy for it, i add to my pf.conf
> anchor "ftp-proxy/*"
> pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port 2121
> flags S/SAFR modulate state divert-to lo0 port 9021
> pass in log 212.12.12.2 inet proto tcp from any to 212.12.12.2 port 2121
> flags S/SAFR modulate state divert-to lo0 port 9022
>
> And i run 2 x ftp-proxy
>
> ftp-proxy -p 9021 -R 192.168.34.12 -P 2121 -D7 -v
> ftp-proxy -p 9022 -R 192.168.34.19 -P 2121 -D7 -v
>
> But when i try to check pf.conf syntax i got this error :
> /etc/pf.conf:106: syntax error
> 106: pass in log 212.12.12.1 inet proto tcp from any to 212.12.12.1 port
^^^^
> 2121 flags S/SAFR modulate state divert-to lo0 port 9021
To fix syntax error, have you tried to remove the IP address after the
log or replace it with 'on $ext_if'?
--
Herbert
More information about the freebsd-pf
mailing list