Need help regarding DSR with NGINX - not working as expected

Rajen Patel rvambani1991 at gmail.com
Fri Aug 27 20:12:41 UTC 2021


here are my setup details for the k8s cluster:

Nginx running as UDP proxy
  nginx.conf: |
    user root;
    worker_processes  1;
    events {
      worker_connections  10240;
    }
    http {
      server {
          listen       80;
          server_name  localhost;
          location / {
            root   /usr/share/nginx/html; #Change this line
            index  index.html index.htm;
        }
      }
    }
    stream {
      server {
          listen *4729 udp;*
          proxy_pass j_close_stream_backend;
          proxy_responses 0;
          error_log stderr;
          proxy_bind $remote_addr:$remote_port transparent;
      }
      upstream juniper_close_stream_backend {
          server* 10.244.72.169:4729 <http://10.244.72.169:4729>*;
      }
    }
---------------------------------------------------
 nginx-> client service(*10.244.72.169:4729 <http://10.244.72.169:4729>*)


*Nginx running as Kubernetes Daemonset as follows:*

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-daemonset
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:1.14.2
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP
        resources: {}


here nginx works fine and is able to preserve source IP and also forward
spoofed IP. however client service is not able to receive any traffic.

I believe there is some issue with iptables but don't know how to trace
this issue.

Your help is much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210827/5ea3221f/attachment.htm>


More information about the nginx mailing list