Varnish only working with ports 80, 8080 and 9080

Wed Apr 17 13:24:56 CEST 2013

SElinux or similar?

On Wed, Apr 17, 2013 at 11:49 AM, Werner Randelshofer <
werner.randelshofer at fibermail.ch> wrote:

> Hi Paul,
>
> I have stopped the iptables service, so there is no firewall running.
>
> When I start the varnish service, say with port 9000, then the service
> will not launch, and thus the port is not bound.
>
> I have tried now starting the varnish service with port 80, and setting
> the port to 9000 with varnishadm.
> I get an error 300 "Could not open sockets" as shown below. Port 80 works
> fine though.
>
>
> $ varnishadm
>
> param.set listen_address :9000
> 200
>
> start
> 300
> Could not open sockets
>
> param.set listen_address :80
> 200
>
> start
> 200
>
>
> My backends work fine. I can access them with Konqueror with any port
> number that I want.
> Telnet also works fine.
>
> I am stuck.
>
> Thanks,
> Werner
>
>
> On 16.04.2013, at 15:33, Paul A. Procacci <pprocacci at datapipe.com> wrote:
>
> >> When I use a different port number in VARNISH_LISTEN_PORT, then
> varnishd does not start.
> >> I made sure that the port number is not taken using the command netstat
> -nltp
> >
> > Do you have a firewall that is preventing tcp syn's from
> > making it to the ports that you specify in your config?
> > (Either a hardware or software firewall)
> >
> > If you don't, when you change the VARNISH_LISTEN_PORT and
> > start varnish, does the service show as bound via the
> > netstat command that you ran?
> >
> > If it is bound, can you telnet to the port and issue
> > http requests?
> >
> > If it isn't bound, they'll be logs in your system log
> > detailing why it couldn't be bound.  What do those logs say?
> >
> >
> >> Also when I use a different port number as backend, then Varnish tells
> me that the service is unavailable, and tells me that probing fails.
> However the backend is fully functional, when I connect to its port number.
> >
> > Are you sure your attempting to connect to the right backend?
> > Specifically, 127.0.0.1:8080 is not <ip>:8080 where <ip> is
> > the primary ip address of the machine.
> >
> > Is there a software/hardware firewall preventing the tcp syn's
> > from making it to their destination?
> >
> > Can you telent to the port from the varnish machine and induce
> > an http conversation?
> >
> > ~Paul
> >
> > ________________________________
> >
> > This message may contain confidential or privileged information. If you
> are not the intended recipient, please advise us immediately and delete
> this message. See http://www.datapipe.com/legal/email_disclaimer/ for
> further information on confidentiality and the risks of non-secure
> electronic communication. If you cannot access these links, please notify
> us by reply message and we will send the contents to you.
> >
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

-- 
 <http://www.varnish-software.com/> *Per Buer*
CEO | Varnish Software AS
Phone: +47 958 39 117 | Skype: per.buer
We Make Websites Fly!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130417/6858e697/attachment.html>