Question

How to prevent packet loss of intentionally spoofed packets?

I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).

I have gsm devices sending data over UDP to Server A. To preserve the devices’ source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.

With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.

This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.

Thank you.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hey friend,

This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we’ve taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don’t have a way to allow it for good purposes while excluding the bad ones.

Jarland

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.