Configuring for a Multi-homed Network

If the appliance is configured to operate in a multi-homed network setting, the Linux kernel parameter of rp_filter must be changed from 1 to 0 for all the NIC interfaces.

Static rules do not work if rp_filter is set to 1 or 2. There are multiple rp_filter settings and all of them should be modified. They are located at /proc/sys/net/ipv4/conf/*/rp_filter.

Note: This operation could make the appliance vulnerable to DDoS attacks. See Red Hat documentation at https://access.redhat.com/solutions/53031.

Procedure

  1. Find all network interfaces on the machine using the following command: 
    $> ls /proc/sys/net/ipv4/conf/ | grep -v all | grep -v lo
  2. With the list of network interfaces, edit the conf file /etc/sysctl.conf by appending the configuration into it, one line per interface: 
    net.ipv4.conf.<interface_name>.rp_filter = 0

    For example: 

    net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0

    Reboot the machine for the settings to take effect.

    Note: If you already have static routes configured, you must configure the multi-home network and additionally change the values in /proc/sys/net/ipv4/conf/*/rp_filter. This is because though both have the same effect, changing the settings in /proc/sys/net/ipv4/conf/*/rp_filter, does not require rebooting the system.