How to prevent packet loss of intentionally spoofed packets?

January 12, 2019 395 views
Nginx DigitalOcean Cloud Firewalls Ubuntu 18.04

I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).

I have gsm devices sending data over UDP to Server A. To preserve the devices' source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.

With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.

This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.

Thank you.

1 Answer
jarland MOD January 14, 2019
Accepted Answer

Hey friend,

This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we've taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don't have a way to allow it for good purposes while excluding the bad ones.

Jarland

Have another answer? Share your knowledge.