Hello, a colleague and I are working to set up NGINX Plus to communicate between a server and an MFP.
Not being familiar with UNIX is a hurdle but also not familiar with Load balancer is biting us in the butt.
After some configuration we think that most of it is working, but the return forwarding might not be, let me explain.
The MFP reaches to the server through the via load balancer on specific ports in the detailed in the config below. The first TCP handshake begins to be established, the server returns the ACK but then the MFP will send a RESET packet. We know that the load balancer is rewriting the source IP Address but what seems to be happening is the the server sending the ACK might not be getting back to the MFP. The MFP then sends a RESET packet.
Im not really sure why, but one question I have is, does a router need to segregate the clients from the upstream servers, can this all function within the same subnet?
Thanks in advance
pauli
---
Config:
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# HTTP
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# TCP Stream
stream {
upstream Port_3348 {
server 10.15.238.52:3348;
# A second server goes here
}
upstream Port_13351 {
server 10.15.238.52:13351;
# A second server goes here
}
upstream Port_13353 {
server 10.15.238.52:13353;
# A second server goes here
}
upstream Port_13391 {
server 10.15.238.52:13391;
# A second server goes here
}
upstream Port_3281 {
server 10.15.238.52:3281;
# A second server goes here
}
server {
listen 3348;
proxy_bind $remote_addr transparent;
proxy_responses 0;
proxy_pass Port_3348;
}
server {
listen 13351;
proxy_bind $remote_addr transparent;
proxy_responses 0;
proxy_pass Port_13351;
}
server {
listen 13353;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_13353;
}
server {
listen 13391;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_13391;
}
server {
listen 3281;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_3281;
}
}
Not being familiar with UNIX is a hurdle but also not familiar with Load balancer is biting us in the butt.
After some configuration we think that most of it is working, but the return forwarding might not be, let me explain.
The MFP reaches to the server through the via load balancer on specific ports in the detailed in the config below. The first TCP handshake begins to be established, the server returns the ACK but then the MFP will send a RESET packet. We know that the load balancer is rewriting the source IP Address but what seems to be happening is the the server sending the ACK might not be getting back to the MFP. The MFP then sends a RESET packet.
Im not really sure why, but one question I have is, does a router need to segregate the clients from the upstream servers, can this all function within the same subnet?
Thanks in advance
pauli
---
Config:
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# HTTP
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# TCP Stream
stream {
upstream Port_3348 {
server 10.15.238.52:3348;
# A second server goes here
}
upstream Port_13351 {
server 10.15.238.52:13351;
# A second server goes here
}
upstream Port_13353 {
server 10.15.238.52:13353;
# A second server goes here
}
upstream Port_13391 {
server 10.15.238.52:13391;
# A second server goes here
}
upstream Port_3281 {
server 10.15.238.52:3281;
# A second server goes here
}
server {
listen 3348;
proxy_bind $remote_addr transparent;
proxy_responses 0;
proxy_pass Port_3348;
}
server {
listen 13351;
proxy_bind $remote_addr transparent;
proxy_responses 0;
proxy_pass Port_13351;
}
server {
listen 13353;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_13353;
}
server {
listen 13391;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_13391;
}
server {
listen 3281;
proxy_bind $remote_addr:$remote_port transparent;
proxy_responses 0;
proxy_pass Port_3281;
}
}