Question

How to prevent packet loss of intentionally spoofed packets?

Posted on January 12, 2019
Ubuntu 18.04 Nginx DigitalOcean Cloud Firewalls
Asked by kilailawrence94

I have 3 nodes setup on digital ocean, one as a load balancer+reverse proxy(Server A) & the other two as my upstream servers(Servers B).

I have gsm devices sending data over UDP to Server A. To preserve the devices’ source IP & Port am running the Nginx reverse proxy in transparent mode to Servers B.

With this configuration, I am unable to receive the packets on Servers B & on removing the configuration the packets are well received.

This has led me to conclude that the packets are being detected as spoofed & dropped, kindly assist.

Thank you.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

jarland

DigitalOcean Employee

• January 14, 2019

Accepted Answer

Hey friend,

This is correct, we do drop all spoofed packets. IP spoofing has a very bad history of abuse on the internet, and we’ve taken a position similar to most network service providers on this issue. While your use case is absolutely fine and not abusive, we just don’t have a way to allow it for good purposes while excluding the bad ones.

Jarland