Page MenuHomeVyOS Platform
Create Task
Maniphest T6502

Load balancer reverse proxy does not allow forwarding SSH port
Closed, InvalidPublicBUG
Actions

Description

On attempting to set a reverse proxy service to TCP port 22:

# set load-balancing reverse-proxy service forgejo port 22

I get the following error message:

# commit

"TCP" port "22" is used by another service
[[load-balancing reverse-proxy]] failed

This behaviour is defined in this part of the code.

# netstat -tulpn | grep :22

Shows that on the IP address specified in the load balancer service, there is no SSH listening.

Seems like either:

  • An issue with the logical check if a port is already used
  • Missing permissions for the check to bind on port 22

Thanks you for resolving this issue. This blocks my current project from moving forward.

Details

Version
VyOS 1.5-rolling-202406190020
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

pr0ton11 created this task.Jun 19 2024, 11:22 AM
Viacheslav triaged this task as Normal priority.Jun 19 2024, 11:38 AM
pasik subscribed.Jun 19 2024, 11:41 AM
Viacheslav closed this task as Invalid.Jun 19 2024, 2:17 PM
Viacheslav subscribed.

Works fine:

set load-balancing reverse-proxy backend bk01 server srv01 address '192.168.122.16'
set load-balancing reverse-proxy backend bk01 server srv01 port '22'
set load-balancing reverse-proxy service ssh backend 'bk01'
set load-balancing reverse-proxy service ssh mode 'tcp'
set load-balancing reverse-proxy service ssh port '22'
set service ssh disable-host-validation
set service ssh port '2222'

Works fine without issues:

vyos@r4# sudo netstat -tulpn | grep :22
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      4079/sshd: /usr/sbi 
tcp6       0      0 :::22                   :::*                    LISTEN      9119/haproxy        
tcp6       0      0 :::2222                 :::*                    LISTEN      4079/sshd: /usr/sbi 
[edit]
vyos@r4#
vyos@r4# ss | grep :22
tcp   ESTAB 0      0                    192.168.122.14:2222  192.168.122.1:38412
[edit]
vyos@r4#
pr0ton11 added a comment.Jun 21 2024, 11:51 AM

This is not resolved on my side.

But it is clear now that this seems to be a logic error, because I am listening to specific IPv4 addresses for sshd. The IP I want HAProxy to listen on is a different IP (which sshd doesn't listen on) but vyos still reports a conflict.
Of course I could change the port of sshd, but this is not my goal, and just works around the issue.

Thanks for your help.

Viacheslav added a comment.Jun 21 2024, 12:23 PM

Provide a minimal example of configuration (set commands) to reproduce.