Welcome! Log In Create A New Profile

Advanced

Using nginx as proxy

Posted by Wakkas Rafiq 
Wakkas Rafiq
Using nginx as proxy
March 17, 2017 04:10PM
Hi all
I am trying to setup a simple confit where tcp traffic coming in at specific port - 12000 need to be send to a specific server:3260
In this case source ip will change (which is fine) but we are seeing on tcpdump that source port is changing from 12000 to some way higher value
The server rejecting the call due to that
How do I setup so the source port remain unchanged?
I will send my config once at work - if needed
Thanks

Get Outlook for iOS
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Wakkas Rafiq
Re: Using nginx as proxy
March 17, 2017 05:00PM
Tried

server {

    listen 169.254.2.2:12000;

    allow 169.254.169.254;

    deny all;

    proxy_pass 10.0.52.151:3260;

}



then when saw source port changing from 12000. Tried adding following but no luck:

proxy_bind 169.254.169.254:12000;

proxy_bind 127.0.0.1:12000;

and         proxy_bind $remote_addr:12000;





From: nginx <[email protected]> on behalf of Wakkas Rafiq <[email protected]>
Reply-To: <[email protected]>
Date: Friday, March 17, 2017 at 8:08 AM
To: <[email protected]>
Subject: Using nginx as proxy



Hi all



I am trying to setup a simple config where tcp traffic coming in at specific port - 12000 need to be send to a specific server:3260



In this case source ip will change (which is fine) but we are seeing on tcpdump that source port is changing from 12000 to some way higher value



The server rejecting the call due to that



How do I setup so the source port remain unchanged?



I will send my config once at work - if needed



Thanks



Get Outlook for iOS



_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Anonymous User
Re: Using nginx as proxy
March 17, 2017 05:10PM
Maybe something like
if ($host = '') {
set $relhost $server_addr;
}


proxy_set_header Host $relhost:3260;

proxy_redirect https://$relhost:3260/ https://$relhost:12000/;


Which is what was at least once needed to proxy the Zimbra admin
interface that insisted on being called on port 7071.



Rainer


Am 2017-03-17 16:54, schrieb Wakkas Rafiq:
> Tried
>
> server {
>
> listen 169.254.2.2:12000;
>
> allow 169.254.169.254;
>
> deny all;
>
> proxy_pass 10.0.52.151:3260;
>
> }
>
> then when saw source port changing from 12000. Tried adding following
> but no luck:
>
> proxy_bind 169.254.169.254:12000;
>
> proxy_bind 127.0.0.1:12000;
>
> and proxy_bind $remote_addr:12000;
>
> FROM: nginx <[email protected]> on behalf of Wakkas Rafiq
> <[email protected]>
> REPLY-TO: <[email protected]>
> DATE: Friday, March 17, 2017 at 8:08 AM
> TO: <[email protected]>
> SUBJECT: Using nginx as proxy
>
> Hi all
>
> I am trying to setup a simple config where tcp traffic coming in at
> specific port - 12000 need to be send to a specific server:3260
>
> In this case source ip will change (which is fine) but we are seeing
> on tcpdump that source port is changing from 12000 to some way higher
> value
>
> The server rejecting the call due to that
>
> How do I setup so the source port remain unchanged?
>
> I will send my config once at work - if needed
>
> Thanks
>
> Get Outlook for iOS [1]
>
> _______________________________________________ nginx mailing list
> nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
>
> Links:
> ------
> [1] https://aka.ms/o0ukef
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Wakkas Rafiq
Re: Using nginx as proxy
March 17, 2017 06:20PM
Thanks Rainer

But trying to direct tcp traffic – so below http/https based will not help

Wonder if nginx can handle proxing non http – tcp traffic

thanks

On 3/17/17, 9:04 AM, "[email protected]" <[email protected]> wrote:

Maybe something like
if ($host = '') {
set $relhost $server_addr;
}


proxy_set_header Host $relhost:3260;

proxy_redirect https://$relhost:3260/ https://$relhost:12000/;


Which is what was at least once needed to proxy the Zimbra admin
interface that insisted on being called on port 7071.



Rainer


Am 2017-03-17 16:54, schrieb Wakkas Rafiq:
> Tried
>
> server {
>
> listen 169.254.2.2:12000;
>
> allow 169.254.169.254;
>
> deny all;
>
> proxy_pass 10.0.52.151:3260;
>
> }
>
> then when saw source port changing from 12000. Tried adding following
> but no luck:
>
> proxy_bind 169.254.169.254:12000;
>
> proxy_bind 127.0.0.1:12000;
>
> and proxy_bind $remote_addr:12000;
>
> FROM: nginx <[email protected]> on behalf of Wakkas Rafiq
> <[email protected]>
> REPLY-TO: <[email protected]>
> DATE: Friday, March 17, 2017 at 8:08 AM
> TO: <[email protected]>
> SUBJECT: Using nginx as proxy
>
> Hi all
>
> I am trying to setup a simple config where tcp traffic coming in at
> specific port - 12000 need to be send to a specific server:3260
>
> In this case source ip will change (which is fine) but we are seeing
> on tcpdump that source port is changing from 12000 to some way higher
> value
>
> The server rejecting the call due to that
>
> How do I setup so the source port remain unchanged?
>
> I will send my config once at work - if needed
>
> Thanks
>
> Get Outlook for iOS [1]
>
> _______________________________________________ nginx mailing list
> nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
>
> Links:
> ------
> [1] https://aka.ms/o0ukef
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Using nginx as proxy
March 17, 2017 06:30PM
On Fri, Mar 17, 2017 at 10:13:48AM -0700, Wakkas Rafiq wrote:

Hi there,

> Wonder if nginx can handle proxing non http – tcp traffic

It can; but generally the source port for a tcp connection does not
matter. The nginx stream module has no way (that I know of) to set the
source port of the tcp connection that it makes to its upstream.

(For example: if you had two sessions that both wanted to use source
port 12000 to the same destination server port 3260, I'm pretty sure
that something would go wrong.)

I suspect it may be simpler to find out why the upstream server cares
about the source port of the incoming connection, and see if it can
be changed not to; that to try to configure any generic tcp-forwarder
to use a specific source port for all outgoing connections.

You may have more luck with a dedicated tcp-forwarder that knows it can
only handle a single connection at once.

Cheers,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login