On a Linux server with multiple network interfaces configured on different subnets,
you will often find that the interface(s) which do not have the default route pointing
toward them will not handle incoming connections properly due to the asymmetrical
From my remote workstation I can ping 220.127.116.11 just fine.
However, I can’t access 10.13.96.161.
Why not? Let’s check the incoming packet.
The packet comes in to the private interface, but since the system has net.ipv4.conf.all.rp_filter
enabled by default, the packet is simply dropped since the outgoing path (ens3, public,
where the default gateway points) is not the receiving interface.
To solve this problem of asymmetrical routing, we need to add a source-based
routing rule to the system so it will route all return traffic sourced from the
ens4 private subnet 10.13.96.161/19 back out the correct interface.
First, create a routing table for your secondary interface
Then drop the following script in /opt/if-post-up-source-route:
Make the script executable:
Then edit your /etc/network/interfaces file containing the ens4 configuration.
Add a post-up /opt/if-post-up-source-route line to the interface configuration.
Mine looks like:
Restart the interface:
As always when restarting network interfaces, make sure you have a working out of band management method such as IPMI in case the interface fails to restart
Test the result
Check the ens4 routing table:
Check the ip rule output for the ens4 source-based rule:
Test the source route:
This configuration is persistent across reboots. Simply repeat the steps above
if you have multiple interfaces that require source routing.