NGINX: Proby pass problem in local netweork

Question

I'm trying to use nginx as load balacer form my HIDS system (Wazuh). I've some agents that send logs from outside of my network and some from inside, throught port udp 1514.

From the agent outside i've no connection problem, but from inside they are unable to connect to the manager throught the udp port 1514. No firewall are enable on Nginx LB( Centos 7 machine by the way) and Selinux is disabled.

Can someone tell me how can i do to figure out whats wrong?

Here my nginx configuration:

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log;

pid /run/nginx.pid;

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

include /usr/share/nginx/modules/*.conf;

 

events {

    worker_connections 10000;

}

 

stream {

    upstream master {

        server 10.0.0.7:1515;

    }

    upstream mycluster {

    hash $remote_addr consistent;

        server 10.0.0.7:1514;

        server 10.0.0.6:1514;

 

    }

    server {

        listen 1515;

        proxy_pass master;

    }

    server {

        listen 1514 udp;

        proxy_pass mycluster;

    }

#error_log  /var/log/nginx/error.log debug;

}

José Lopez José Lopez · Accepted Answer · 2020-08-24T14:24:35

If you desire to configure an NGINX service to forward the Wazuh agent's events to the Wazuh manager server, I would recommend taking a look at the following documentation page that explains, step by step, how to achieve this using Linux: https://wazuh.com/blog/nginx-load-balancer-in-a-wazuh-cluster/

Your configuration seems to be valid. However, I would recommend making sure that your module is being applied, or applying this configuration directly to the Nginx configuration file. Also, make sure that you apply the configuration by restarting the service.

NGINX: Proby pass problem in local netweork

Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.

1 Answers