Sometimes in a more complicated network setups you want to disable rp_filtering.
For a good explanation of what rp_filter is and why it is enabled see this excellent slashroot article here.
I came across a situation where one box had two NICs:
# grep -Ev '^#.*$' /etc/network/interfaces auto lo iface lo inet loopback auto eth1 iface eth1 inet static address 192.168.11.8 netmask 255.255.255.0 gateway 192.168.11.254 dns-nameservers 192.168.11.4 auto eth2 iface eth2 inet static address 192.168.100.41 netmask 255.255.255.0 up route add default gw 192.168.100.254
From another box that was in the same 192.168.11.0/24 range I could only access this machine over its 192.168.11.8 ip address. When I tried a ping, curl, wget, ssh, telnet or whatever to 192.168.100.41 I got nothing.
A tcpdump on this box showed that packets on the 192.168.100.41 interface were received but my machine had trouble sending the return packets causing the above described behaviour. You get; Nothing.
And whenever I tried to access this box from a machine in the 192.168.100.0/24 network I got the same behaviour but with the 192.168.11.8 ip.
The routing table on this box looks like the following:
# ip route 192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.8 192.168.100.0/24 dev eth2 proto kernel scope link src 192.168.100.41 default via 192.168.100.254 dev eth2 default via 192.168.11.254 dev eth1 metric 100
Since you cannot have two default routes the kernel tries to sent packets back over the wrong interface.
I solved this by disabling reverse path filtering.
To get your current kernel configuration run:
sysctl -a | grep \\.rp_filter
To enable rp_filtering (persisted up until the next reboot)
sysctl -w net.ipv4.conf.all.rp_filter=1 sysctl -w net.ipv4.conf.default.rp_filter=1 sysctl -w net.ipv4.conf.lo.rp_filter=1 # Replace eth1 and eth2 with your interface names sysctl -w net.ipv4.conf.eth2.rp_filter=1 sysctl -w net.ipv4.conf.eth1.rp_filter=1
To disable rp_filtering (persisted up until the next reboot)
sysctl -w net.ipv4.conf.all.rp_filter=0 sysctl -w net.ipv4.conf.default.rp_filter=0 sysctl -w net.ipv4.conf.lo.rp_filter=0 # Replace eth1 and eth2 with your interface names sysctl -w net.ipv4.conf.eth2.rp_filter=0 sysctl -w net.ipv4.conf.eth1.rp_filter=0
If you want to disable rp_filtering permanently create a file
/etc/sysctl.d with the following contents:
# cat /etc/sysctl.d/90-disable-rp_filter.conf net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.lo.rp_filter=0 net.ipv4.conf.eth2.rp_filter=0 net.ipv4.conf.eth1.rp_filter=0