[SOLVED] Problem with Squid 3 reverse proxy (port 80) on 2.2.5



  • Hi,
    i have two pfSense 2.1.5 that act as front firewall with CARP configuration. I have several VIP bind with several service, SQUID publish some HTTP (port 80) site in revers proxy and system work without any problem.
    I tried to upgrade pfSense to 2.2.5, but i have some problems. First, i add in System -> Advandec -> System tunables "net.inet.ip.portrange.reservedhigh=0" for port lower than 1024, install SQUID 3 (o.4.2 beta), and made some test from external WAN on published HTTP site. Here is the problem: some site work, other are not reachable. It doesn't matter if site is published on real pfSense WAN IP or WAN VIP.

    In SQUID i see this error:

    11.11.2015 08:59:30 commBind: Cannot bind socket FD 36 to 213.nnn.nnn.75:80: (49) Can't assign requested address
    11.11.2015 08:59:30 commBind: Cannot bind socket FD 34 to 213.nnn.nnn.107:80: (48) Address already in use
    11.11.2015 08:59:30 commBind: Cannot bind socket FD 32 to 213.nnn.nnn.90:80: (48) Address already in use
    11.11.2015 08:59:30 commBind: Cannot bind socket FD 31 to 213.nnn.nnn.80:80: (48) Address already in use
    11.11.2015 08:59:30 commBind: Cannot bind socket FD 30 to 213.nnn.nnn.74:80: (48) Address already in use

    Can anyone help me to solve the problem?


  • Banned

    What's unclear there? Port 80 is already used (most likely by your WebGUI).



  • Yes, it's clear. But why it works without any problem on 2.1.5 and some site on port 80 still works on 2.2.5?


  • Banned

    Look, run sockstat -4, find what's running there and move it elsewhere. Cannot have multiple things listening on the same port.



  • OK, i'll try. But why the same config works on 2.1.5?



  • In other words, i need to have service HTTP (port 80) bind not with only one IP, but with many VIP, like i can do with pfSense 2.1.5.



  • I have solved in this way: edit /etc/sysctl.conf and add this line:

    net.inet.ip.portrange.reservedlow=0
    net.inet.ip.portrange.reservedhigh=20


Log in to reply