Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrade succesfull but squid reverse proxy no longer works

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cjbujold
      last edited by

      Upgraded from 2.1.5 to 2.2 without any issues.  When we started testing the system we noticed that none of our web sites were able to be reached.  Tracked down the issue to the upgrade of Squid 3.1.20 pkg 2.1.2 to 3.4.10_2 pkg 0.2.6

      Do not know what has changed, but the reverse proxy (the only thing we use in squid) is no longer routing request to our web sites properly.

      Tried uninstall and re-install, tried a re-boot same results. the config is relatively simple we have a NAT entry for port 80 that points to 127.0.0.1 which should cause the reverse proxy to pickup the request and route it to the correct web server IP. The reverse proxy has a WEB servers defined with mapping for the names of the web sites pointing to the correct web server.

      In the settings screen there is a check mark for reverse proxy but the comment does not explain the rule we need to create.  Can somebody give us the rule we need to create?

      Enable HTTP reverse mode
                  If this field is checked, the proxy-server will act in HTTP reverse mode.
                  (You have to add a rule with destination "WAN-address")

      Can somebody suggest what has changed between the 2 versions and what we need to modify for the reverse proxy (both http and https) to work again?  Is there some documentation on how to setup reverse proxy in PFSense 2.2?

      Thanks

      cjb

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        It's a freebsd 10/pfsense sysctrl security option that do not allow non root users to use <1024 ports.

        The current workaround is listen squid on ports > 1024 and nat it from 80/443

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          delirium
          last edited by

          @marcelloc:

          It's a freebsd 10/pfsense sysctrl security option that do not allow non root users to use <1024 ports.

          The current workaround is listen squid on ports > 1024 and nat it from 80/443

          I tried this:
          Change reverse proxyport to 8008 > Add rule to allow src:* dest: WAN address port: 8008 > connect to my.domain.com:8008 and my2.domain.com:8008 are OK.
          Add NAT SRC: * Dest: WAN ADDR 80 NAT IP: 192.168.68.1 (pfsense LAN IP) NAT port: 8008
          add rule to allow SRC:* Dest: 192.168.68.1 port: 8008
          still able to access my.domain.com:8008 and my2.domain.com:8008 but no acces to my.domain.com and my2.domain.com on port 80
          No messages in system log
          This used to work w/o a problem in 2.1.5

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            After creating the nat rule,  you do not need a firewall rules to wan on high port.

            You can also listen only on loopback and then nat it from wan 80 .

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.