nanog mailing list archives
Re: BCP38 on public-facing Ubuntu servers
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Thu, 3 Jun 2021 21:44:59 -0600
On 6/3/21 8:44 AM, William Herrin wrote:
rp_filter is great until your network is slightly less than a perfect hierarchy. Then your Linux "router" starts mysteriously dropping packets and, as with allow_local, Linux doesn't have any way to generate logs about it so you end up with these mysteriously unexplained packet discards matching no conceivable rule in iptables... This failure has too often been the bane of my existence when using Linux for advanced networking.
I don't remember the particulars, but I thought that was the domain of log_martians (net.ipv4.conf.*.log_martians).
Without log_martians or explicitly looking for such, no, you won't get any indication of such drops.
-- Grant. . . . unix || die
Current thread:
- BCP38 on public-facing Ubuntu servers Stephen Satchell (Jun 01)
- RE: BCP38 on public-facing Ubuntu servers Jean St-Laurent via NANOG (Jun 02)
- Re: BCP38 on public-facing Ubuntu servers Grant Taylor via NANOG (Jun 02)
- Re: BCP38 on public-facing Ubuntu servers William Herrin (Jun 03)
- Re: BCP38 on public-facing Ubuntu servers Grant Taylor via NANOG (Jun 03)
- Re: BCP38 on public-facing Ubuntu servers Jay Vosburgh (Jun 04)
- Re: BCP38 on public-facing Ubuntu servers Fran via NANOG (Jun 08)
- Re: BCP38 on public-facing Ubuntu servers Stephen Satchell (Jun 08)
- RE: BCP38 on public-facing Ubuntu servers Jean St-Laurent via NANOG (Jun 09)
- Re: BCP38 on public-facing Ubuntu servers Grant Taylor via NANOG (Jun 02)
- RE: BCP38 on public-facing Ubuntu servers Jean St-Laurent via NANOG (Jun 02)