Page MenuHomeVyOS Platform
Create Task
Maniphest T5601

TCP reverse-Roxy based on FQDN
Closed, WontfixPublicBUG
Actions

Description

We have installed a VyOS instance in our infrastructure and added the main firewall rule to accept all traffic but is not working. (Firewall is disabled)
Trying to implement the reverse proxy as per the online guide: https://docs.vyos.io/en/latest/configuration/loadbalancing/reverse-proxy.html

we are encountering malfunction -> no package received on destination servers.

Below the configuration:

firewall {
    ipv4 {
        input {
            filter {
                default-action accept
            }
        }
        name def_00 {
            default-action accept
        }
    }
}
load-balancing {
    reverse-proxy {
        backend server1_451 {
            mode tcp
            server server1 {
                address 10.1.1.101
                port 451
            }
        }
        backend server2_451 {
            mode tcp
            server server2 {
                address 10.1.1.102
                port 451
            }
        }
        backend server3_451 {
            server server3 {
                address 10.1.1.103
                port 451
            }
        }
        backend server4_451 {
            server server4 {
                address 10.1.1.104
                port 451
            }
        }
        backend server1_456 {
            mode tcp
            server server1 {
                address 10.1.1.101
                port 456
            }
        }
        backend server2_456 {
            server server2 {
                address 10.1.1.102
                port 456
            }
        }
        backend server3_456 {
            server server3 {
                address 10.1.1.103
                port 456
            }
        }
        backend server4_456 {
            server server4 {
                address 10.1.1.104
                port 456
            }
        }
        service LB_port_451 {
            listen-address 10.1.1.1
            mode tcp
            port 451
            rule 1 {
                domain-name server1.service.vvlab.it
                set {
                    backend server1_451
                }
            }
            rule 2 {
                domain-name server2.service.vvlab.it
                set {
                    backend server2_451
                }
            }
            rule 3 {
                domain-name server3.service.vvlab.it
                set {
                    backend server3_451
                }
            }
            rule 4 {
				domain-name server4.service.vvlab.it
                set {
                    backend server4_451
                }
            }
        }
        service LB_port_456 {
            listen-address 10.1.1.1
            mode tcp
            port 456
            rule 1 {
                domain-name server1.service.vvlab.it
                set {
                    backend server1_456
                }
            }
            rule 2 {
                domain-name server2.service.vvlab.it
                set {
                    backend server2_456
                }
            }
            rule 3 {
                domain-name server3.service.vvlab.it
                set {
                    backend server3_456
                }
            }
            rule 4 {
				domain-name server4.service.vvlab.it
                set {
                    backend server4_456
                }
            }
        }
    }
}

Details

Difficulty level
Unknown (require assessment)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

vvinci00 created this task.Sep 19 2023, 7:15 PM
rea13 added a subscriber: rea13.Sep 19 2023, 8:09 PM
Viacheslav added a subscriber: Viacheslav.Sep 20 2023, 6:40 AM

You do not use port 80/443, so it does not have HTTP-HEADER (in theory).

service LB_port_451 {
    listen-address 10.1.1.1
    mode tcp
    port 451

Try to change to port 80 and check if it works.
You need another solution/configuration

pasik added a subscriber: pasik.Sep 20 2023, 8:02 AM
vvinci00 added a comment.Sep 20 2023, 3:33 PM

Hello,

I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS

Viacheslav added a comment.Sep 20 2023, 3:41 PM
In T5601#160566, @vvinci00 wrote:

Hello,

I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS

It doesn't work this way. You need another solution/configuration.

vvinci00 added a comment.Sep 20 2023, 3:43 PM

It's possible to use VyOS as reverse proxy on TCP traffic (not HTTP)?
if yes, what configuration it's necessary?
if not, do you know any solutions that can help me?

Thanks

Viacheslav closed this task as Wontfix.Sep 20 2023, 3:45 PM
Viacheslav claimed this task.

Contact our sales or ask forum

Apachez added a subscriber: Apachez.Sep 20 2023, 4:04 PM
In T5601#160566, @vvinci00 wrote:

Hello,

I need to reverse proxy TCP traffic.
the traffic is not HTTP/HTTPS

Wont this work?

https://docs.vyos.io/en/latest/configuration/highavailability/index.html#virtual-server

vvinci00 added a comment.Sep 20 2023, 4:06 PM

Should I ask this to you.

is this configuration working in case of reverseproxy/loadbalancing FQDN based and TCP protocol?

Viacheslav added a comment.Sep 20 2023, 4:15 PM

@Apachez It is not FQDN based

Apachez added a comment.Sep 20 2023, 4:20 PM

Oops, sorry about that!