Using nginx as proxy

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Using nginx as proxy

Wakkas Rafiq
Hi all

I am trying to setup a simple confit where tcp traffic coming in at specific port - 12000 need to be send to a specific server:3260

In this case source ip will change (which is fine) but we are seeing on tcpdump that source port is changing from 12000 to some way higher value

The server rejecting the call due to that

How do I setup so the source port remain unchanged?

I will send my config once at work - if needed

Thanks

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using nginx as proxy

Wakkas Rafiq

Tried

server {

    listen 169.254.2.2:12000;

    allow 169.254.169.254;

    deny all;

    proxy_pass 10.0.52.151:3260;

}

 

then when saw source port changing from 12000. Tried adding following but no luck:

proxy_bind 169.254.169.254:12000;

proxy_bind 127.0.0.1:12000;

and         proxy_bind $remote_addr:12000;

 

 

From: nginx <[hidden email]> on behalf of Wakkas Rafiq <[hidden email]>
Reply-To: <[hidden email]>
Date: Friday, March 17, 2017 at 8:08 AM
To: <[hidden email]>
Subject: Using nginx as proxy

 

Hi all

 

I am trying to setup a simple config where tcp traffic coming in at specific port - 12000 need to be send to a specific server:3260

 

In this case source ip will change (which is fine) but we are seeing on tcpdump that source port is changing from 12000 to some way higher value

 

The server rejecting the call due to that

 

How do I setup so the source port remain unchanged?

 

I will send my config once at work - if needed

 

Thanks

_______________________________________________ nginx mailing list [hidden email] http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using nginx as proxy

Rainer Duffner
Maybe something like
         if ($host = '') {
             set $relhost $server_addr;
         }


         proxy_set_header Host            $relhost:3260;

         proxy_redirect https://$relhost:3260/ https://$relhost:12000/;


Which is what was at least once needed to proxy the Zimbra admin
interface that insisted on being called on port 7071.



Rainer


Am 2017-03-17 16:54, schrieb Wakkas Rafiq:

> Tried
>
> server {
>
>     listen 169.254.2.2:12000;
>
>     allow 169.254.169.254;
>
>     deny all;
>
>     proxy_pass 10.0.52.151:3260;
>
> }
>
> then when saw source port changing from 12000. Tried adding following
> but no luck:
>
> proxy_bind 169.254.169.254:12000;
>
> proxy_bind 127.0.0.1:12000;
>
> and         proxy_bind $remote_addr:12000;
>
> FROM: nginx <[hidden email]> on behalf of Wakkas Rafiq
> <[hidden email]>
> REPLY-TO: <[hidden email]>
> DATE: Friday, March 17, 2017 at 8:08 AM
> TO: <[hidden email]>
> SUBJECT: Using nginx as proxy
>
> Hi all
>
> I am trying to setup a simple config where tcp traffic coming in at
> specific port - 12000 need to be send to a specific server:3260
>
> In this case source ip will change (which is fine) but we are seeing
> on tcpdump that source port is changing from 12000 to some way higher
> value
>
> The server rejecting the call due to that
>
> How do I setup so the source port remain unchanged?
>
> I will send my config once at work - if needed
>
> Thanks
>
> Get Outlook for iOS [1]
>
> _______________________________________________ nginx mailing list
> [hidden email] http://mailman.nginx.org/mailman/listinfo/nginx
>
> Links:
> ------
> [1] https://aka.ms/o0ukef
> _______________________________________________
> nginx mailing list
> [hidden email]
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using nginx as proxy

Wakkas Rafiq
In reply to this post by Wakkas Rafiq
Thanks Rainer

But trying to direct tcp traffic – so below http/https based will not help

Wonder if nginx can handle proxing non http – tcp traffic

thanks

On 3/17/17, 9:04 AM, "[hidden email]" <[hidden email]> wrote:

    Maybe something like
             if ($host = '') {
                 set $relhost $server_addr;
             }
   
   
             proxy_set_header Host            $relhost:3260;
   
             proxy_redirect https://$relhost:3260/ https://$relhost:12000/;
   
   
    Which is what was at least once needed to proxy the Zimbra admin
    interface that insisted on being called on port 7071.
   
   
   
    Rainer
   
   
    Am 2017-03-17 16:54, schrieb Wakkas Rafiq:
    > Tried
    >
    > server {
    >
    >     listen 169.254.2.2:12000;
    >
    >     allow 169.254.169.254;
    >
    >     deny all;
    >
    >     proxy_pass 10.0.52.151:3260;
    >
    > }
    >
    > then when saw source port changing from 12000. Tried adding following
    > but no luck:
    >
    > proxy_bind 169.254.169.254:12000;
    >
    > proxy_bind 127.0.0.1:12000;
    >
    > and         proxy_bind $remote_addr:12000;
    >
    > FROM: nginx <[hidden email]> on behalf of Wakkas Rafiq
    > <[hidden email]>
    > REPLY-TO: <[hidden email]>
    > DATE: Friday, March 17, 2017 at 8:08 AM
    > TO: <[hidden email]>
    > SUBJECT: Using nginx as proxy
    >
    > Hi all
    >
    > I am trying to setup a simple config where tcp traffic coming in at
    > specific port - 12000 need to be send to a specific server:3260
    >
    > In this case source ip will change (which is fine) but we are seeing
    > on tcpdump that source port is changing from 12000 to some way higher
    > value
    >
    > The server rejecting the call due to that
    >
    > How do I setup so the source port remain unchanged?
    >
    > I will send my config once at work - if needed
    >
    > Thanks
    >
    > Get Outlook for iOS [1]
    >
    > _______________________________________________ nginx mailing list
    > [hidden email] http://mailman.nginx.org/mailman/listinfo/nginx
    >
    > Links:
    > ------
    > [1] https://aka.ms/o0ukef
    > _______________________________________________
    > nginx mailing list
    > [hidden email]
    > http://mailman.nginx.org/mailman/listinfo/nginx
   
   


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Using nginx as proxy

Francis Daly
On Fri, Mar 17, 2017 at 10:13:48AM -0700, Wakkas Rafiq wrote:

Hi there,

> Wonder if nginx can handle proxing non http – tcp traffic

It can; but generally the source port for a tcp connection does not
matter. The nginx stream module has no way (that I know of) to set the
source port of the tcp connection that it makes to its upstream.

(For example: if you had two sessions that both wanted to use source
port 12000 to the same destination server port 3260, I'm pretty sure
that something would go wrong.)

I suspect it may be simpler to find out why the upstream server cares
about the source port of the incoming connection, and see if it can
be changed not to; that to try to configure any generic tcp-forwarder
to use a specific source port for all outgoing connections.

You may have more luck with a dedicated tcp-forwarder that knows it can
only handle a single connection at once.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...