NGINX Transparent TCP Proxy
I have an ELK stack. In front of the Logstash hosts, I configured two NGINX load controllers as transparent proxies. UDP traffic works like a charm. TCP works with configuration:
stream {
upstream syslog {
server sapvmlogstash01.sa.projectplace.com:514;
server sapvmlogstash02.sa.projectplace.com:514;
}
server {
listen 514;
proxy_pass syslog;
}
}
But I am getting both source_ip and source_host LB instead of the input server IP.
Setting up the same add proxy_bind $remote_addr transparent;
doesn't work throwing a timeout.
*1 upstream timed out (110: Connection timed out) while connecting to upstream, client: $SOURCEHOST_IP, server: 0.0.0.0:514, upstream: "$LOGSTASH_IP:514", bytes from/to client:0/0, bytes from/to upstream:0/0
I tried setting up TPROXY from here: https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/
Logstash-host:
route add default gw $NGINX_IP
route del default gw $DEFAULT_GW
NGINX Host:
# Following nginx how-to
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s $LOGSTASH_IP/24 --sport 514 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 0
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
# Enabling Upstream Servers to Reach External Servers
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
But still failing as before with timeout.
What's missing to get a transparent TCP host?
source to share
The official doc said: proxy_bind $ remote_addr is transparent;
For this option to work, you usually need to start nginx worker processes with superuser privileges. On Linux, this is not required (1.13.8) because if a transparent parameter is specified, worker processes inherit the CAP_NET_RAW capability from the main process. You also need to configure the kernel routing table to intercept network traffic from the proxy server .
For your information: https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/
source to share