Reporting back on this: The opinion there seems to be that the problem is down to the sys net.ipv4.conf.*.rp_filter values being set to 1 instead of defaulting to 0. This is done in the procps package, and I'm guessing is the way it is as a protection against IP spoofing. kernel doc page I was pointed to says:
Current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended. The max value from conf/{all,interface}/rp_filter is used when doing source validation on the {interface}. Default value is 0. Note that some distributions enable it in startup scripts. Presumably Ubuntu enables by default (I can see it does, in a file in the procps package) and Red Hat, where it seems the NetworkManager maintainers sit, does not. This is going to have to be argued out between procps and network- manager maintainers I guess. You can have IP spoofing protection or you can have connectivity checking. Choose one, or argue who should fix it. :-) Personally, at least for now, my solution is to remove the connectivity-check package, which was presumably brought in by something, and keep the procps defaults. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1814262 Title: Wired interface gets impossibly high metric 20100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1814262/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs