1

Defining the problem is a little bit complicated. So İ will attempt to draw the case: enter image description here

Number 2 is an ubuntu router(virtual box Vm) with three interfaces. Number 1 is a emulated router, and the number 3 is a remote host behind some routers. When İ ping number-3 from number-1, ping request goes thru 'a' and 'c' path, but reply comes from 'b' path. İn this case number-2 does not route ping reply to number-1, so ping fails. But if ping reply comes from 'c' path, then number-2 routes the reply packet. What is the problem with the first case??

3
  • Does the packet has the correct IP? Is there a NAT in this scenario? Commented Jun 7, 2016 at 19:11
  • Also, are there any firewalls in the way? Commented Jun 7, 2016 at 19:57
  • Yes, when i check the packets in either case with tcpdump, ips were right, no NAT and no firewall.. Commented Jun 7, 2016 at 20:38

1 Answer 1

0

This is due to what Linux calls reverse path filtering (see also wikipedia).

Basically if traffic comes from a host on an interface which traffic to the host would not use, the kernel drops the traffic.

Fixing it is simple

sysctl -w net.ipv4.conf.$iface_b.rp_filter=2
sysctl -w net.ipv4.conf.$iface_c.rp_filter=2

Replace $iface_b and $iface_c with the appropriate interface names.

(on older kernels 2 may be unavailable, so use 0)

1
  • This is exactly what i am looking for. Thanks.. Commented Jun 8, 2016 at 5:11

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.