nginx IP 透传报错 504

更新：定位问题：nginx透传建立连接后，server直接和客户都进行通信，而非nginx
环境 Ubuntu 22
openresty/1.19.9.1

资料：https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/#troubleshooting

client（192.168.0.125）-> openresty（192.168.0.230）-> server（192.168.0.180）

在230设置路由规则

# 路由规则
ip rule add fwmark 921 lookup 920
ip route add local 0.0.0.0/0 dev lo table 920

# 将流量打上标记
iptables -t mangle -A PREROUTING -i enp5s0 -p tcp ! -d 192.168.0.230 -s 192.168.0.180 --sport 80 -j MARK --set-mark 921

nginx.config

#加上
proxy_bind $remote_addr transparent;

nginx user

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.0  12756  8560 ?        Ss   17:51   0:00 nginx: master process /usr/local/openresty/bin/openresty -g daemon off;
root           7  0.0  0.0  12760  5104 ?        S    17:51   0:00 nginx: worker process
root           8  0.0  0.0  12760  5228 ?        S    17:51   0:00 nginx: worker process
root           9  0.0  0.0  12760  3140 ?        S    17:51   0:00 nginx: worker process
root          10  0.0  0.0  12760  3140 ?        S    17:51   0:00 nginx: worker process
root          11  0.0  0.0  12760  3140 ?        S    17:51   0:00 nginx: worker process
root          12  0.0  0.0  12760  3140 ?        S    17:51   0:00 nginx: worker process
root          13  0.0  0.0  12760  3140 ?        S    17:51   0:00 nginx: worker process
root          14  0.0  0.0  12760  3144 ?        S    17:51   0:00 nginx: worker process
root          21  0.7  0.0   4624  3564 pts/0    Ss   17:59   0:00 /bin/bash
root          33  0.0  0.0   7060  1588 pts/0    R+   17:59   0:00 ps aux

但是访问的时候 504 Gateway Time-out

180抓包日志

tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
09:58:07.503059 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2068591 ecr 0,nop,wscale 7], length 0
09:58:07.503237 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857063966 ecr 2068591,nop,wscale 7], length 0
09:58:08.524013 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857064987 ecr 2068591,nop,wscale 7], length 0
09:58:08.529435 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2069618 ecr 0,nop,wscale 7], length 0
09:58:08.529509 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857064992 ecr 2068591,nop,wscale 7], length 0
09:58:10.540017 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857067003 ecr 2068591,nop,wscale 7], length 0
09:58:10.545511 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2071634 ecr 0,nop,wscale 7], length 0
09:58:10.545573 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857067008 ecr 2068591,nop,wscale 7], length 0
09:58:14.571995 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857071035 ecr 2068591,nop,wscale 7], length 0
09:58:14.769647 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2075858 ecr 0,nop,wscale 7], length 0
09:58:14.769740 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857071232 ecr 2068591,nop,wscale 7], length 0
09:58:22.961864 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2084050 ecr 0,nop,wscale 7], length 0
09:58:22.961958 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857079425 ecr 2068591,nop,wscale 7], length 0
09:58:31.212024 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857087675 ecr 2068591,nop,wscale 7], length 0
09:58:39.090254 ens160 In  IP 192.168.0.125.45932 > 192.168.0.180.9200: Flags [S], seq 3251489155, win 64240, options [mss 1460,sackOK,TS val 2100178 ecr 0,nop,wscale 7], length 0
09:58:39.090340 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857095553 ecr 2068591,nop,wscale 7], length 0
09:58:55.276026 ens160 Out IP 192.168.0.180.9200 > 192.168.0.125.45932: Flags [S.], seq 2066791693, ack 3251489156, win 65160, options [mss 1460,sackOK,TS val 1857111739 ecr 2068591,nop,wscale 7], length 0

230 openresty 日志（资料说是非root，但是我确实是root）

2024/04/22 18:31:58 [error] 7#7: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client: 192.168.0.125, server: _, request: "GET / HTTP/1.1", upstream: "http://192.168.0.180:9200/", host: "192.168.0.230"