Question
How to prevent packet loss of intentionally spoofed packets?
- Posted on January 12, 2019
- NginxDigitalOcean Cloud FirewallsUbuntu 18.04
Asked by kilailawrence94
I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).
I have gsm devices sending data over UDP to Server A. To preserve the devices’ source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.
With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.
This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.
Thank you.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hey friend,
This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we’ve taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don’t have a way to allow it for good purposes while excluding the bad ones.
Jarland