Question

How to prevent packet loss of intentionally spoofed packets?

I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).

I have gsm devices sending data over UDP to Server A. To preserve the devices’ source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.

With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.

This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.

Thank you.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hey friend,

This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we’ve taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don’t have a way to allow it for good purposes while excluding the bad ones.

Jarland