Ping loopback IPs via Private IP
Running into an issue where I am trying to ping a loopback IP on server2 via private IP on server1.
Server1:
- eth0:192.168.X.X/17
- lo:10.0.0.1/32
Server2:
- eth0:192.168.y.y/17
- lo:10.0.0.2/32
I can ping server1 -> server2 using the private IP and flushed all IPTABLES rules. When pinging 10.0.0.2 from server1, TCPDUMP shows the packet leaving correctly with the MAC of server2 eth0 as the ether destination, however it never arrives.
Is there any filtering that could be taking place that would be blocking the IP since it wasn't assigned to the server via Linode? Any other thoughts?
2 Replies
In order to prevent Linodes from spoofing traffic and seeing traffic that is not destined for them, Linode has rules on the host which drop traffic inbound to the Linode that does not have an address assigned to the Linode as the destination, as well as traffic originating from the Linode that does not have an address assigned to the Linode as the source. Two types of addresses apply here: layer 2 addresses (MAC addresses) and layer 3 addresses (IPv4/IPv6 addresses). Certain very narrow exceptions apply so that ARP and NDP (Neighbor Discovery Protocol, IPv6 equivalent of ARP) can work.
You can work around this by encapsulating traffic in a tunnel or VPN, but that will reduce throughput due to overhead.
Addendum: The Linode private network is private in that it is only accessible by Linodes in the same datacenter, but it is not private to your account, meaning that any Linode in the same datacenter (including Linodes owned by other customers) has access to it. This is why the anti-spoofing rules still apply.