Kafka behind NAT

[周正虎 <yz...@126.com>]

We have kafka behind NAT with *only one broker*.
Let say we have internal (A) and external (B) network.

When we try to reach the broker from external network (we use
bootstrap.servers parameter set to B address) then what is obvious the
broker responds with internal network's address (A) which is not resolvable
in external network. We cannot set advertised.listeners to external
network's address because the broker is also used from internal network.

I hope that somebody dealt with simillar problem.
Thanks for any help.

Re: Kafka behind NAT

[Thomas Aley <Th...@ibm.com>]

Try setting:

advertised.listeners=EXTERNAL://<networkB>:9093,INTERNAL://<networkA>:9092
inter.broker.listener.name=INTERNAL
listener.security.protocol.map=EXTERNAL:PLAINTEXT,INTERNAL:PLAINTEXT

Then you should be able to use <networkB>:9093 as your bootstrap.servers 
from outside the network or <networkA>:9092 from inside.

Obviously the EXTERNAL listener should be EXTERNAL:SSL in production.

Hope this helps, 

Tom Aley
thomas.aley@ibm.com



From:   "周正虎" <yz...@126.com>
To:     users@kafka.apache.org
Date:   21/05/2018 23:59
Subject:        Kafka behind NAT



We have kafka behind NAT with *only one broker*.
Let say we have internal (A) and external (B) network.

When we try to reach the broker from external network (we use
bootstrap.servers parameter set to B address) then what is obvious the
broker responds with internal network's address (A) which is not 
resolvable
in external network. We cannot set advertised.listeners to external
network's address because the broker is also used from internal network.

I hope that somebody dealt with simillar problem.
Thanks for any help.


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU