I have an Ubuntu 16.04 Server which is acting as a router with multiple (VLAN) interfaces. By default, rp_filter
(reverse path filtering) is enabled for all interfaces. I want to keep it that way, but make an exception for exactly one interface. (Packets from this interface should be allowed to have a source IP address which does not correspond to any routing destination address of this interface.)
Let's say this interface has the name ens20.4
, its vlan-raw-device is ens20
, and the destination interface (for testing the packet flow) is named ens20.2
(though it should work for any destination interface).
I tried to set the rp_filter
property for ens20.4
only, without success:
echo 0 > /proc/sys/net/ipv4/conf/ens20.4/rp_filter
So, for testing purposes, I also disabled rp_filter
for the vlan-raw-device and the testing destination interface:
echo 0 > /proc/sys/net/ipv4/conf/ens20/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/ens20.2/rp_filter
Still no success, packets with a "spoofed" source IP address are still dropped. Only if I disable rp_filter
for all interfaces, packets get through:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
However, I still want to keep the reverse path filtering for all the other interfaces - what am I missing?