NGINX Transparent TCP Proxy

I have an ELK stack. In front of the Logstash hosts, I configured two NGINX load controllers as transparent proxies. UDP traffic works like a charm. TCP works with configuration:

stream {
  upstream syslog {
    server sapvmlogstash01.sa.projectplace.com:514;
    server sapvmlogstash02.sa.projectplace.com:514;
  }
  server {
    listen 514;
    proxy_pass syslog;
  }
}

      

        
        
        
      

    

But I am getting both source_ip and source_host LB instead of the input server IP.

Setting up the same add proxy_bind $remote_addr transparent;

doesn't work throwing a timeout.

*1 upstream timed out (110: Connection timed out) while connecting to upstream, client: $SOURCEHOST_IP, server: 0.0.0.0:514, upstream: "$LOGSTASH_IP:514", bytes from/to client:0/0, bytes from/to upstream:0/0

      

        
        
        
      

    

I tried setting up TPROXY from here: https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/

Logstash-host:

route add default gw $NGINX_IP
route del default gw $DEFAULT_GW

      

        
        
        
      

    

NGINX Host:

# Following nginx how-to
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -s $LOGSTASH_IP/24 --sport 514 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 0
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

# Enabling Upstream Servers to Reach External Servers
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

      

        
        
        
      

    

But still failing as before with timeout.

What's missing to get a transparent TCP host?