[SOLVED] Problem with Squid 3 reverse proxy (port 80) on 2.2.5
-
Hi,
i have two pfSense 2.1.5 that act as front firewall with CARP configuration. I have several VIP bind with several service, SQUID publish some HTTP (port 80) site in revers proxy and system work without any problem.
I tried to upgrade pfSense to 2.2.5, but i have some problems. First, i add in System -> Advandec -> System tunables "net.inet.ip.portrange.reservedhigh=0" for port lower than 1024, install SQUID 3 (o.4.2 beta), and made some test from external WAN on published HTTP site. Here is the problem: some site work, other are not reachable. It doesn't matter if site is published on real pfSense WAN IP or WAN VIP.In SQUID i see this error:
11.11.2015 08:59:30 commBind: Cannot bind socket FD 36 to 213.nnn.nnn.75:80: (49) Can't assign requested address
11.11.2015 08:59:30 commBind: Cannot bind socket FD 34 to 213.nnn.nnn.107:80: (48) Address already in use
11.11.2015 08:59:30 commBind: Cannot bind socket FD 32 to 213.nnn.nnn.90:80: (48) Address already in use
11.11.2015 08:59:30 commBind: Cannot bind socket FD 31 to 213.nnn.nnn.80:80: (48) Address already in use
11.11.2015 08:59:30 commBind: Cannot bind socket FD 30 to 213.nnn.nnn.74:80: (48) Address already in useCan anyone help me to solve the problem?
-
What's unclear there? Port 80 is already used (most likely by your WebGUI).
-
Yes, it's clear. But why it works without any problem on 2.1.5 and some site on port 80 still works on 2.2.5?
-
Look, run sockstat -4, find what's running there and move it elsewhere. Cannot have multiple things listening on the same port.
-
OK, i'll try. But why the same config works on 2.1.5?
-
In other words, i need to have service HTTP (port 80) bind not with only one IP, but with many VIP, like i can do with pfSense 2.1.5.
-
I have solved in this way: edit /etc/sysctl.conf and add this line:
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=20