Being I cannot get ftp-proxy to work for active connections. I thought (hopefully for a short time to write rules to allow just those clients to use ftp to just those servers where I had problems. So I wrote up
rdr pass proto tcp from <Clients> to $Server1 port ftp -> $Server1 port ftp rdr pass proto tcp from <Clients> to $Server2 port ftp -> $Server2 port ftp rdr pass proto tcp from <Clients> to $Server3 port ftp -> $Server3 port ftp rdr pass on $Inside_ifs proto tcp from any to any port ftp -> 127.0.0.1 port 8021 and further down pass quick proto tcp from <Clients> to <Servers> keep state pass quick proto tcp from <Servers> port ftp-data to <Clients> port > 999 keep state I expected this to work but it didn't. I expected the pass on the rdr, to skip the following rdr. PS: I did find a method that works and it is probably better rdr pass proto tcp from <Clients> to !<Servers> port ftp -> 127.0.0.1 port 8021 rdr pass proto tcp from !<Clients> to any port ftp -> 127.0.0.1 port 8021
