No ping with rp_filter (reverse path filter) = 1

U

upnort

Member
Proxmox Subscriber
Apr 26, 2018
111
8
23
The default sysctl rp_filter configuration is 2 (loose) set in /usr/lib/sysctl.d/pve-firewall.conf. Changing the setting to 1 (strict) in /etc/sysctl.conf results in not being able to ping one Proxmox system. Changing to 1 did not affect other Proxmox systems.

Where do I start poking and looking to find why that one system blocks pings?

Thank you. :)
 
Hm - in principle rp_filter blocking requests would point to asymmetric routing (i.e. the packets arriving on another interface than the one the PVE node would send the return packets out on)

check on both the client you ping from (if it's a linux and has the `ip` executable) and the PVE node:
* `ip route`
* `ip route get X.Y.Z.V` (replace X.Y.Z.V by the PVE-node's address on your client, and by the clients sending IP on the PVE node)

That should give you a first hint at what's off

Else - try to use tcpdump to see on which interface the ping enters the node

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back