Gary,

This was interesting to read. There was one thing that wasn’t obvious to me however.

What was the high level problem that you were solving with this specific configuration?

Curiously

Peter

Sent from my iPhone

> On Oct 30, 2020, at 3:16 PM, garycnew@yahoo.com <nginx-forum@forum.nginx.org> wrote:
>
> All:
>
> After reviewing the iptables chains workflow, I discovered that the Nginx
> Worker (100.64.8.236:12345) outside interface was associated with the OUTPUT
> chain.
>
>
> (192.168.0.2:12345) OUTPUT ==>
> (192.168.0.154:$port) PREROUTING ==>
> (100.64.8.236:12345) POSTROUTING ==>
> Windows Client (192.168.0.154:$port) ==> Nginx Master (192.168.0.2:443) |
> Nginx Worker (100.64.8.236:12345) ==> Upstream Desination Server
> (104.27.161.206:443)
> <== POSTROUTING (192.168.0.2:443)
> <== PREROUTING (104.27.161.206:443)
>
> Once adding the appropriate iptables OUTPUT rule, using the correct
> interface (vlan2), the packets leaving the Nginx Worker (100.64.8.236:12345)
> were then appropriately MARKed and routed to the OpenVPN Tunnel.
>
> # iptables -t mangle -I OUTPUT -o vlan2 -p tcp -m multiport --sport 12345 -j
> MARK --set-mark 0x2000/0x2000
> Now, I just need to figure out the Nginx SSL Client CA Trust configuration
> and we should be in business.
>
> Hope this helps someone in the future.
>
> Respectfully,
>
> Gary
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289823,289847#msg-289847
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx