Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Issues with Low Network Ports after 2.2 upgrade

    Installation and Upgrades
    3
    4
    1133
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elbob last edited by

      Hi,

      I've upgraded to 2.2. The upgrade appeared to have gone smoothly however I did have an issue with Squid that I resolved by disabling signature checking.

      I use Squid as a Reverse Proxy. Since the upgrade it no longer accepts any traffic. A port scan on the external interface shows that port 80 isn't available.

      When I try to set the port manually to port 80 I get the following message:

      The field 'reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.first sysctl value(1024).
      To listen on low ports, change portrange.first sysctl value to 0 on system tunable options and restart squid daemon.

      When I change that setting as advised nothing happens even after a reboot and if I attempt to manually change again the same message appears.

      The other issue I had was with the postfix forwarder. I'm getting a crash reports with the following message:

      PHP Errors:
      [25-Jan-2015 15:22:00 Eire] PHP Fatal error:  Call to undefined function sqlite_open() in /usr/local/www/postfix.php on line 457

      The most serious issue that I have is that SSH won't start so I can't access the box other than from the web gui. Nothing reported in any of the logs that I can find.

      It's strange. Particularly the Squid issue with port 80. Effectively any port that I had open on the WAN below port 1024 appears as unavailable.

      However if I NAT port 80 for example it works as intended.

      I appreciate that 2.2 has just been released however these issues on what I would consider mainstream packages are a bit disconcerting.

      Any help would be much appreciated.

      1 Reply Last reply Reply Quote 0
      • E
        elbob last edited by

        Replying to my own post with a solution to my Reverse Proxy issue.

        Apparently it's a FreeBSD 10 security issue.

        I changed the reverse proxy to listen on port 8080 then set up a NAT Rule on the wan interface to redirect WAN port 80 to 127.0.0.1 8080

        Never mind. Didn't work.

        1 Reply Last reply Reply Quote 0
        • J
          jhag last edited by

          Hello

          Same issue here after pfSense 2.2 upgrade with postfix forwarder package

          Any known workaround ?

          [Update]:
          Same issue here https://forum.pfsense.org/index.php?topic=87269.0

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            net.inet.ip.portrange.reservedhigh

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy