Nginx dropping the first client as soon as the second connects

I'm trying to configure Nginx to reverse proxy port 445, but every time client A is connected to the share through Nginx and a client B connects I have the connection of client A dropped by Nginx even though he was actively using the share (downloading a big file, for example). It's like Nginx is reusing the connection for client B before client A finishes using it.

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

stream {

    server {
         listen 445;
         proxy_pass storage:445;
    }
}

What's missing in the config file above to allow both client A and B to use the share simultaneously without dropping one connection to stablish the other?

Some extra context:
Nginx v. 1.17.1 runing on Ubuntu 18.04.2 LTS virtual machine 4 vCPU and 4Gb mem ;

I have already tried making this control using iptables instead of Nginx to forward the connections on port 445 to the share server and the result was similar: client A has its connection dropped when B connects;

The share works fine if the clients A and B connects directly to the storage share without Nginx between them;

I have tried quite a lot of recomended configurations from Nginx documentation (limit_conn, so_keepalive, reuseport....), but I might have misused them;

From Wireshark I see Nginx sends a [FIN, ACK] packet to client A when client B connects;

Log of Nginx when client A has its connection afected: *[error] 32110#32110: 7 recv() failed (104: Connection reset by peer) while proxying and reading from upstream... but I notice this log is related to a [RST, ACK] packet client A sends to Nginx even after that [FIN, ACK] packet it received.

Edit:
Tried with the newer version 1.17.3 and no success.


Solution 1:

I think SMB Server will disconnect you because from its side, the same machine is trying to connect using different users. This is the same using masquerade with iptables and Nginx.

I would continue using iptables, but without masquerading traffic to your SMB server, only allowing forward.

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 445 -j DNAT --to-destination storage:445
iptables -t filter -A FORWARD -d storage/32 -p tcp -m tcp --dport 445 -j ACCEPT

Make the traffic from your SMB server to the networks the clients resides to be routed through the proxy/forwarding server.

Then in the proxy/forwarding server you need to masquerade traffic to your clients networks. Example:

iptables -t nat -A POSTROUTING -d 192.168.0.0/24 -o eth0 -j MASQUERADE

With this, the SMB server will receive traffic from the client's IPs, while the clients communication is with the proxy/forwarding server and should not disconnect when multiple clients connects.