How to prevent packet loss of intentionally spoofed packets?

Posted January 12, 2019 2.5k views
NginxDigitalOcean Cloud FirewallsUbuntu 18.04

I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).

I have gsm devices sending data over UDP to Server A. To preserve the devices’ source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.

With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.

This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.

Thank you.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey friend,

This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we’ve taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don’t have a way to allow it for good purposes while excluding the bad ones.