MnM
NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 07, 2015 10:59PM
Hi

I am looking at deploying NGINX as a reverse proxy solution in my environment.I am also new to this (Linux and Nginx).
I have a DMZ and a LAN segment defined in my firewall.
The NGINX box will have 2 NICs:

- NIC1 10.0.0.X (DMZ)
- NIC2 192.168.0.X (LAN)

Internet requests will be NAT-ed to the DMZ IP of the Nginx server, then Nginx will transfer the request to it LAN NIC and finally to the back end server.
Well in theory cause when I tested it didn't work.

I know the firewall and DMZ/LAN segments work as I already have other infrastructure that works without any issues (A Netscaler).

The question that I have (and found incredibility hard to find information on the configuration required) is about the routing from DMZ NIC to LAN NIC on the Nginx server.
How can I make this happen (so I don't have to NAT to the LAN NIC of the Nginx server). If it is a Nginx config can someone post an example?

Or does this needs to happen at OS level? Or is easier to create a bridge?

Thanks



Edited 1 time(s). Last edit at 10/07/2015 10:59PM by MnM.
Re: NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 08, 2015 02:39AM
Listen 80, will listen on all lan interfaces, so it will take requests from dmz and answer them on the same interface.
When it comes to passing requests on another lan, you simply need to address this other lan, ea.
proxy_pass http://192.168.123.123;
(Normal) routing will do the rest.

---
nginx for Windows http://nginx-win.ecsds.eu/
MnM
Re: NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 08, 2015 03:13AM
Hi itpp2012 and thank you for the reply.

You did say that normal routing will take care of the rest as long as the new network is defined with the proxy_pass statement.
I will try that.

My CentOS is configured with fully configured NICs (ie. each NIC has IP, mask, DNS and gateway). I assume that there are no issues with that?

Thanks again.
MnM
Re: NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 08, 2015 03:37AM
Just to follow up on my comments above - having 2 gateways defined in the NICs settings might make them both default?
I am thinking on the DMZ NIC to have a default gateway and then on the LAN NIC have no default gateway but add a static route to the LAN network?
Re: NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 08, 2015 04:11AM
Adding a static route will definitely help but the default routing table should take care of this regardless of any gateway.
Unless your running with mask 0.0.0.0 :-)

---
nginx for Windows http://nginx-win.ecsds.eu/
MnM
Re: NGINX - 1 NIC in DMZ and 1 NIC in LAN questions
October 08, 2015 07:31PM
Just a follow up on this issue (perhaps it will help other later on).

I have to disable the Gateway on the LAN NIC.
So default Gateway is enabled and it is on the DMZ side, while the LAN side has no gateway but is dealt with via routing (I did not have to add any static routes as they were there by default).. This on a fresh build of CentOS 6

itpp2012 - thank you for your help it did send me on the right track :)



Edited 1 time(s). Last edit at 10/08/2015 07:32PM by MnM.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 208
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready