My set up is this:
- Server 1 (192.168.1.1) – nginx (load balance) – Ubuntu 12.04 LTS
- Server 2 – uwsgi – Debian 7.1
- Server 3 – uwsgi – Debian 7.1
UFW on server 2 and server 3, is blocking certain requests coming from server 1 (nginx) and is showing up in nginx error log as "upstream timed out". Traffic between nginx and uwsgi server is all on a private network.
This is UFW setup on uwsgi servers:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
To Action From
-- ------ ----
Anywhere on eth1 ALLOW IN Anywhere
Anywhere ALLOW IN 192.168.1.1
Anywhere (v6) on eth1 ALLOW IN Anywhere (v6)
Example UFW block in syslog:
Aug 20 13:56:16 kernel: [1028623.806318] [UFW BLOCK] IN=eth1 OUT= MAC=68:05:ca:17:c9:fb:68:05:ca:17:ca:0e:08:00 SRC=192.168.1.1 DST=192.168.1.103 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54877 DF PROTO=TCP SPT=41652 DPT=8000 WINDOW=14600 RES=0x00 SYN URGP=0
If I disable UFW on Uwsgi servers the timeouts in nginx stops. At the moment the timeouts/blocks are mostly frequent AJAX calls (every 2mins), but not exclusively.
Best Answer
Right, I discovered that UFW was blocking INVALID packets (bad checksum I believe) coming from the Nginx server. No idea why that is happening. I solved this by removing the rule from before.rules in UFW which drops invalid packets. Website running fast again.