Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Upgrade succesfull but squid reverse proxy no longer works

    Installation and Upgrades
    3
    4
    1218
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold last edited by

      Upgraded from 2.1.5 to 2.2 without any issues.  When we started testing the system we noticed that none of our web sites were able to be reached.  Tracked down the issue to the upgrade of Squid 3.1.20 pkg 2.1.2 to 3.4.10_2 pkg 0.2.6

      Do not know what has changed, but the reverse proxy (the only thing we use in squid) is no longer routing request to our web sites properly.

      Tried uninstall and re-install, tried a re-boot same results. the config is relatively simple we have a NAT entry for port 80 that points to 127.0.0.1 which should cause the reverse proxy to pickup the request and route it to the correct web server IP. The reverse proxy has a WEB servers defined with mapping for the names of the web sites pointing to the correct web server.

      In the settings screen there is a check mark for reverse proxy but the comment does not explain the rule we need to create.  Can somebody give us the rule we need to create?

      Enable HTTP reverse mode
                  If this field is checked, the proxy-server will act in HTTP reverse mode.
                  (You have to add a rule with destination "WAN-address")

      Can somebody suggest what has changed between the 2 versions and what we need to modify for the reverse proxy (both http and https) to work again?  Is there some documentation on how to setup reverse proxy in PFSense 2.2?

      Thanks

      cjb

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        It's a freebsd 10/pfsense sysctrl security option that do not allow non root users to use <1024 ports.

        The current workaround is listen squid on ports > 1024 and nat it from 80/443

        1 Reply Last reply Reply Quote 0
        • D
          delirium last edited by

          @marcelloc:

          It's a freebsd 10/pfsense sysctrl security option that do not allow non root users to use <1024 ports.

          The current workaround is listen squid on ports > 1024 and nat it from 80/443

          I tried this:
          Change reverse proxyport to 8008 > Add rule to allow src:* dest: WAN address port: 8008 > connect to my.domain.com:8008 and my2.domain.com:8008 are OK.
          Add NAT SRC: * Dest: WAN ADDR 80 NAT IP: 192.168.68.1 (pfsense LAN IP) NAT port: 8008
          add rule to allow SRC:* Dest: 192.168.68.1 port: 8008
          still able to access my.domain.com:8008 and my2.domain.com:8008 but no acces to my.domain.com and my2.domain.com on port 80
          No messages in system log
          This used to work w/o a problem in 2.1.5

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            After creating the nat rule,  you do not need a firewall rules to wan on high port.

            You can also listen only on loopback and then nat it from wan 80 .

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy