nginx listen on IPIP-interface (tun0)
October 20, 2015 11:43AM
Hi,

currently trying to configure nginx behind a keepalived loadbalancer with lb_kind TUN.
The idea behind this setup is, to realize a location based load balancing on layer 4.
Higher layer should processed within final location with ngninx.

Part of this setup is, that nginx must listen on a tun0 IPIP-interface.

config snippet:

server {
listen 10.40.100.150:80;
location / {
proxy_pass http://cdms-g60-02:14002;
}
}


local ip addr output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a1:71:11 brd ff:ff:ff:ff:ff:ff
inet 10.60.0.29/22 brd 10.60.3.255 scope global ens160
valid_lft forever preferred_lft forever
3: tunl0: <NOARP> mtu 0 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
4: tun0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/ipip 10.60.0.29 brd 0.0.0.0
inet 10.40.100.150/32 scope global tun0
valid_lft forever preferred_lft forever

nginx starts without any error message.

# netstat -an | grep 10.40.100.150:80
tcp 0 0 10.40.100.150:80 0.0.0.0:* LISTEN

packets arriving throught tunnel interface: works fine (checked with tcpdump)

but nothing will return to sender.
currently I can't find any request within nginx access_log
no error messages are reported during a http request ...

it looks like that nginx currently not receive any http request

same setup works find with some other java applications (graylog2, elasticsearch) and named, ntp, smtp, ...
currently I'm a little bit perplexed and I have no idea how to fix this problem.

idea's ?
is this a bug or a feature ?



any help is welcome !

Steffen
Re: nginx listen on IPIP-interface (tun0)
October 20, 2015 03:07PM
Problem solved !
forgot to disable kernel RP filter.

echo "" >> /etc/sysctl.conf
echo "# rp_filter" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.tunl0.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.tun0.rp_filter = 0" >> /etc/sysctl.conf


Steffen
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 163
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready