Issues with Low Network Ports after 2.2 upgrade
I've upgraded to 2.2. The upgrade appeared to have gone smoothly however I did have an issue with Squid that I resolved by disabling signature checking.
I use Squid as a Reverse Proxy. Since the upgrade it no longer accepts any traffic. A port scan on the external interface shows that port 80 isn't available.
When I try to set the port manually to port 80 I get the following message:
The field 'reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.first sysctl value(1024).
To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.
When I change that setting as advised nothing happens even after a reboot and if I attempt to manually change again the same message appears.
The other issue I had was with the postfix forwarder. I'm getting a crash reports with the following message:
[25-Jan-2015 15:22:00 Eire] PHP Fatal error: Call to undefined function sqlite_open() in /usr/local/www/postfix.php on line 457
The most serious issue that I have is that SSH won't start so I can't access the box other than from the web gui. Nothing reported in any of the logs that I can find.
It's strange. Particularly the Squid issue with port 80. Effectively any port that I had open on the WAN below port 1024 appears as unavailable.
However if I NAT port 80 for example it works as intended.
I appreciate that 2.2 has just been released however these issues on what I would consider mainstream packages are a bit disconcerting.
Any help would be much appreciated.
Replying to my own post with a solution to my Reverse Proxy issue.
Apparently it's a FreeBSD 10 security issue.
I changed the reverse proxy to listen on port 8080 then set up a NAT Rule on the wan interface to redirect WAN port 80 to 127.0.0.1 8080
Never mind. Didn't work.
Same issue here after pfSense 2.2 upgrade with postfix forwarder package
Any known workaround ?
Same issue here https://forum.pfsense.org/index.php?topic=87269.0